PT-2026-27515 · Mozilla · Thunderbird

Eemeli Aro

Published

2026-03-24

Updated

2026-04-17

CVE-2026-3889

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 140.9 Thunderbird versions prior to 149

Description A spoofing issue exists in Thunderbird.

Recommendations Update Thunderbird to version 140.9 or later. Update Thunderbird to version 149 or later.

Fix

UI Misrepresentation of Critical Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-451

Related Identifiers

ALSA-2026:6188

ALSA-2026:6342

ALSA-2026:6917

CVE-2026-3889

MGASA-2026-0081

OESA-2026-1993

OESA-2026-1994

OPENSUSE-SU-2026:10447-1

RHSA-2026:6188

RHSA-2026:6342

RHSA-2026:6917

RHSA-2026:8284

RHSA-2026:8285

RHSA-2026:8286

RHSA-2026:8287

RHSA-2026:8288

RHSA-2026:8289

RHSA-2026:8290

RHSA-2026:8315

RHSA-2026:8850

SUSE-SU-2026:1163-1

Affected Products

Thunderbird

PT-2026-27515 · Mozilla · Thunderbird

CVE-2026-3889

Weakness Enumeration

Related Identifiers

Affected Products

References · 193