Arbitrary Content Injection in Thunderbird Chat Features
CVE-2026-57963
Currently unrated
What is CVE-2026-57963?
A vulnerability in Thunderbird allows attackers to exploit chat message functionalities via Matrix and XMPP protocols. By sending specially crafted HTML messages, malicious users can inject styled content, including harmful phishing links and CSS that alters the chat user interface. The issue has been addressed in Thunderbird versions 152.0.1 and 140.12.1, making updates essential to protect against potential exploitation.
Affected Version(s)
Thunderbird 140.12.1
Thunderbird 152.0.1