CVE-2026-57962
Denial-of-service via malicious LDAP address-book server
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
A malicious LDAP server, which a Thunderbird user is configured to query for address-book autocomplete, can stash arbitrarily large amounts of attacker-supplied data into the Thunderbird LDAP client until it crashes due to memory exhaustion. This vulnerability was fixed in Thunderbird 152.0.1 and Thunderbird 140.12.1.
| Vendor | mozilla |
| Product | thunderbird |
| Ecosystems | |
| Industries | Technology |
| Published | Jul 1, 2026 |
Stay Ahead of the Next One
Get instant alerts for mozilla thunderbird
Be the first to know when new unknown vulnerabilities affecting mozilla thunderbird are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Mozilla / Thunderbird
All versions affected References
Credits
Michael Bommarito