PT-2026-27517 · Mozilla+1 · Thunderbird+1

Rintaro Kobayashi

Publicado

2026-03-24

Atualizado

2026-04-17

CVE-2026-4371

CVSS v3.1

7.4

Alta

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 149 Thunderbird versions prior to 140.9

Description A specially crafted email could contain malformed strings with negative lengths, leading to a memory read outside of the intended buffer. Successful exploitation of this issue, potentially through a compromised mail server or connection, could cause Thunderbird to crash or leak sensitive data.

Recommendations Update Thunderbird to version 149 or later. Update Thunderbird to version 140.9 or later.

Correção

Buffer Over-read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-126

Identificadores relacionados

ALSA-2026:6188

ALSA-2026:6342

ALSA-2026:6917

CVE-2026-4371

OESA-2026-1993

OESA-2026-1994

OPENSUSE-SU-2026:10447-1

RHSA-2026:6188

RHSA-2026:6342

RHSA-2026:6917

RHSA-2026:8284

RHSA-2026:8285

RHSA-2026:8286

RHSA-2026:8287

RHSA-2026:8288

RHSA-2026:8289

RHSA-2026:8290

RHSA-2026:8315

RHSA-2026:8850

SUSE-SU-2026:1163-1

Produtos afetados

Rocky Linux

Thunderbird

PT-2026-27517 · Mozilla+1 · Thunderbird+1

CVE-2026-4371

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 193