๐Ÿ” CVE Alert

CVE-2026-57962

UNKNOWN 0.0

Denial-of-service via malicious LDAP address-book server

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

A malicious LDAP server, which a Thunderbird user is configured to query for address-book autocomplete, can stash arbitrarily large amounts of attacker-supplied data into the Thunderbird LDAP client until it crashes due to memory exhaustion. This vulnerability was fixed in Thunderbird 152.0.1 and Thunderbird 140.12.1.

Vendor mozilla
Product thunderbird
Ecosystems
Industries
Technology
Published Jul 1, 2026
Stay Ahead of the Next One

Get instant alerts for mozilla thunderbird

Be the first to know when new unknown vulnerabilities affecting mozilla thunderbird are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Mozilla / Thunderbird
All versions affected

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
bugzilla.mozilla.org: https://bugzilla.mozilla.org/show_bug.cgi?id=2042872 mozilla.org: https://www.mozilla.org/security/advisories/mfsa2026-62/ mozilla.org: https://www.mozilla.org/security/advisories/mfsa2026-63/

Credits

Michael Bommarito