Primary

Context

Mozilla Thunderbird Out-of-Bounds Read Vulnerability in IMAP Parsing

Vulnerability

Patched

A vulnerability exists in Mozilla Thunderbird versions prior to 149 and versions prior to 140.9. This issue allows a malicious mail server to send improperly formatted strings with negative lengths, which can cause the email parser to read memory outside of its allocated buffer. Such exploitation could lead to a parser malfunction, potentially crashing Thunderbird or causing a leak of sensitive information.

Impact

Exploitation of this vulnerability could result in a crash of the Thunderbird application or unauthorized disclosure of sensitive data.

Remediation

Users can upgrade to Thunderbird versions 149 or 140.9 to address this vulnerability.

Added: Mar 24, 2026, 9:24 PM

Updated: Mar 24, 2026, 9:24 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

5.0

exploitability

3.8

remediation

7.7

relevance

4.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

5.0

exploitability

3.8

remediation

7.7

relevance

4.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mozilla Thunderbird Out-of-Bounds Read Vulnerability in IMAP Parsing

Vulnerability

Impact

Remediation

Affected Products

Mozilla Thunderbird

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating