8.2

CVE-2026-4371

Out of bounds read in IMAP parsing

A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird or leaking sensitive data. This vulnerability was fixed in Thunderbird 149 and Thunderbird 140.9.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaThunderbird SwEditionesr Version < 140.9.0
MozillaThunderbird SwEdition- Version < 149.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.36% 0.279
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.4 2.2 5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 8.2 3.9 4.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
CWE-126 Buffer Over-read

The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.

CWE-130 Improper Handling of Length Parameter Inconsistency

The product parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data.

https://www.mozilla.org/security/advisories/mfsa2026-23/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026-24/
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=2023493
Permissions Required
https://access.redhat.com/errata/RHSA-2026:6188
https://access.redhat.com/errata/RHSA-2026:6342
https://access.redhat.com/errata/RHSA-2026:6917
https://access.redhat.com/errata/RHSA-2026:8284
https://access.redhat.com/errata/RHSA-2026:8285
https://access.redhat.com/errata/RHSA-2026:8286
https://access.redhat.com/errata/RHSA-2026:8287
https://access.redhat.com/errata/RHSA-2026:8288
https://access.redhat.com/errata/RHSA-2026:8289
https://access.redhat.com/errata/RHSA-2026:8290
https://access.redhat.com/errata/RHSA-2026:8315
https://access.redhat.com/errata/RHSA-2026:8850
https://access.redhat.com/security/cve/CVE-2026-4371
https://bugzilla.redhat.com/show_bug.cgi?id=2451001
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4371.json