Viktor Bocz

**Name of the Vulnerable Software and Affected Versions** Thunderbird versions prior to 141 Thunderbird versions prior to 140.1 **Description** Thunderbird cached Cross-Origin Resource Sharing (CORS) preflight responses across IP address changes, which allowed bypassing CORS protections with DNS rebinding. DNS rebinding is a security risk that occurs when a DNS server returns different IP addresses for the same domain name, potentially allowing an attacker to bypass security restrictions. **Recommendations** Update Thunderbird to version 141 or later. Update Thunderbird to version 140.1 or later.