Memory Exhaustion Vulnerability in Thunderbird by Mozilla
CVE-2026-57962

Currently unrated

Key Information:

Vendor

Mozilla

Vendor
CVE Published:
1 July 2026

What is CVE-2026-57962?

A security flaw in Mozilla Thunderbird allows a malicious LDAP server, configured for address-book autocomplete, to send excessive attacker-controlled data. This results in memory exhaustion, potentially causing the Thunderbird client to crash. This vulnerability has been addressed in updates 152.0.1 and 140.12.1.

Affected Version(s)

Thunderbird 140.12.1

Thunderbird 152.0.1

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Michael Bommarito
.