CVE-2026-57962: Vulnerability in Mozilla Thunderbird
A vulnerability in Mozilla Thunderbird allows a malicious LDAP server, configured for address-book autocomplete, to send arbitrarily large amounts of data to the Thunderbird LDAP client, causing it to crash due to memory exhaustion. This issue was fixed in Thunderbird versions 140.12.1 and 152.0.1.
AI Analysis
Technical Summary
CVE-2026-57962 describes a denial-of-service vulnerability in Mozilla Thunderbird's LDAP client. When a Thunderbird user queries a malicious LDAP server for address-book autocomplete, the server can supply excessive data that the client stores until it exhausts memory and crashes. This vulnerability affects Thunderbird versions prior to 140.12.1 and 152.0.1. The vendor has released fixes in these versions to address the issue. No CVSS score is provided, and no known exploits are reported in the wild.
Potential Impact
Successful exploitation results in a denial-of-service condition where Thunderbird crashes due to memory exhaustion caused by processing large amounts of attacker-supplied LDAP data. There is no indication of code execution or data disclosure from the provided information.
Mitigation Recommendations
This vulnerability is fixed in Thunderbird versions 140.12.1 and 152.0.1. Users and administrators should upgrade to at least these versions to remediate the issue. No additional mitigation steps are indicated by the vendor advisories.
CVE-2026-57962: Vulnerability in Mozilla Thunderbird
Description
A vulnerability in Mozilla Thunderbird allows a malicious LDAP server, configured for address-book autocomplete, to send arbitrarily large amounts of data to the Thunderbird LDAP client, causing it to crash due to memory exhaustion. This issue was fixed in Thunderbird versions 140.12.1 and 152.0.1.
Affected software
pkg:github/mozilla/thunderbirdRun on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-57962 describes a denial-of-service vulnerability in Mozilla Thunderbird's LDAP client. When a Thunderbird user queries a malicious LDAP server for address-book autocomplete, the server can supply excessive data that the client stores until it exhausts memory and crashes. This vulnerability affects Thunderbird versions prior to 140.12.1 and 152.0.1. The vendor has released fixes in these versions to address the issue. No CVSS score is provided, and no known exploits are reported in the wild.
Potential Impact
Successful exploitation results in a denial-of-service condition where Thunderbird crashes due to memory exhaustion caused by processing large amounts of attacker-supplied LDAP data. There is no indication of code execution or data disclosure from the provided information.
Mitigation Recommendations
This vulnerability is fixed in Thunderbird versions 140.12.1 and 152.0.1. Users and administrators should upgrade to at least these versions to remediate the issue. No additional mitigation steps are indicated by the vendor advisories.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mozilla
- Date Reserved
- 2026-06-26T15:27:32.831Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://www.mozilla.org/security/advisories/mfsa2026-62/","vendor":"Mozilla"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-63/","vendor":"Mozilla"}]
Threat ID: 6a446bac27e9c79719c2438a
Added to database: 07/01/2026, 01:21:48 UTC
Last enriched: 07/01/2026, 01:37:46 UTC
Last updated: 07/01/2026, 01:44:09 UTC
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.