8.2
CVE-2026-4371
- EPSS 0.36%
- Veröffentlicht 24.03.2026 20:27:15
- Zuletzt bearbeitet 30.06.2026 03:20:32
- Quelle security@mozilla.org
- CVE-Watchlists
- Unerledigt
Out of bounds read in IMAP parsing
A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird or leaking sensitive data. This vulnerability was fixed in Thunderbird 149 and Thunderbird 140.9.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mozilla ≫ Thunderbird SwEditionesr Version < 140.9.0
Mozilla ≫ Thunderbird SwEdition- Version < 149.0
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.36% | 0.279 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.4 | 2.2 | 5.2 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 8.2 | 3.9 | 4.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
|
CWE-126 Buffer Over-read
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
CWE-130 Improper Handling of Length Parameter Inconsistency
The product parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data.
https://www.mozilla.org/security/advisories/mfsa2026-23/
https://www.mozilla.org/security/advisories/mfsa2026-24/
https://bugzilla.mozilla.org/show_bug.cgi?id=2023493
https://access.redhat.com/errata/RHSA-2026:6188
https://access.redhat.com/errata/RHSA-2026:6342
https://access.redhat.com/errata/RHSA-2026:6917
https://access.redhat.com/errata/RHSA-2026:8284
https://access.redhat.com/errata/RHSA-2026:8285
https://access.redhat.com/errata/RHSA-2026:8286
https://access.redhat.com/errata/RHSA-2026:8287
https://access.redhat.com/errata/RHSA-2026:8288
https://access.redhat.com/errata/RHSA-2026:8289
https://access.redhat.com/errata/RHSA-2026:8290
https://access.redhat.com/errata/RHSA-2026:8315
https://access.redhat.com/errata/RHSA-2026:8850
https://access.redhat.com/security/cve/CVE-2026-4371
https://bugzilla.redhat.com/show_bug.cgi?id=2451001
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4371.json