7.4

CVE-2026-4371

EPSS 0.06%
Veröffentlicht 24.03.2026 20:27:15
Zuletzt bearbeitet 13.04.2026 15:17:36
Quelle security@mozilla.org
CVE-Watchlists
Login
Unerledigt
Login

Out of bounds read in IMAP parsing

A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird or leaking sensitive data. This vulnerability was fixed in Thunderbird 149 and Thunderbird 140.9.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

NVD 2 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mozilla ≫ Thunderbird SwEditionesr Version < 140.9.0

Mozilla ≫ Thunderbird SwEdition- Version < 149.0

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.188

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.4	2.2	5.2	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

CWE-126 Buffer Over-read

The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.

https://www.mozilla.org/security/advisories/mfsa2026-23/

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2026-24/

Vendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=2023493

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2026-4371

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-4371

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-4371

EUVD