Back to overview

CVE-2026-57962

Description
A malicious LDAP server, which a Thunderbird user is configured to query for address-book autocomplete, can stash arbitrarily large amounts of attacker-supplied data into the Thunderbird LDAP client until it crashes due to memory exhaustion. This vulnerability was fixed in Thunderbird 152.0.1 and Thunderbird 140.12.1.

Metadata

CVE ID
CVE-2026-57962
State
PUBLISHED
Assigner
mozilla
Reserved
2026-06-26 15:27 UTC
Published
2026-07-01 00:58 UTC
Last updated
2026-07-01 00:58 UTC
Vendor / Product
Mozilla / Thunderbird
Sources
cve.org  ·  NVD

Severity & Metrics

No CVSS data available.

Affected products (1)
VendorProductPlatformVersions
Mozilla Thunderbird 140.12.1 ≤ 140.*, 152.0.1 ≤ *
Back to overview