Memory Exhaustion Vulnerability in Thunderbird by Mozilla
CVE-2026-57962
Currently unrated
What is CVE-2026-57962?
A security flaw in Mozilla Thunderbird allows a malicious LDAP server, configured for address-book autocomplete, to send excessive attacker-controlled data. This results in memory exhaustion, potentially causing the Thunderbird client to crash. This vulnerability has been addressed in updates 152.0.1 and 140.12.1.
Affected Version(s)
Thunderbird 140.12.1
Thunderbird 152.0.1