CVE-2026-4371
Buffer Overflow in Thunderbird Mail Parser Causes Crash, Data Leak
Publication date: 2026-03-24
Last updated on: 2026-04-13
Assigner: Mozilla Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mozilla | thunderbird | to 149.0 (exc) |
| mozilla | thunderbird | to 140.9.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-126 | The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves a malicious mail server sending malformed strings with negative lengths to Thunderbird's parser.
These malformed strings cause the parser to read memory outside the intended buffer, which can lead to malfunction.
If a mail server or connection to a mail server is compromised, an attacker could exploit this to crash Thunderbird or leak sensitive data.
The vulnerability affects Thunderbird versions earlier than 149 and earlier than 140.9.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability could cause Thunderbird to crash, disrupting email communication.
More seriously, the attacker could leak sensitive data by causing the parser to read memory outside the buffer.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know