๐Ÿ” CVE Alert

CVE-2026-57963

UNKNOWN 0.0

Chat UI manipulation by injection

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

An attacker who can send HTML chat messages (via Matrix or XMPP) can inject arbitrary styled content, phishing links, and CSS that manipulates the chat UI. This vulnerability was fixed in Thunderbird 152.0.1 and Thunderbird 140.12.1.

Vendor mozilla
Product thunderbird
Ecosystems
Industries
Technology
Published Jul 1, 2026
Stay Ahead of the Next One

Get instant alerts for mozilla thunderbird

Be the first to know when new unknown vulnerabilities affecting mozilla thunderbird are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Mozilla / Thunderbird
All versions affected

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
bugzilla.mozilla.org: https://bugzilla.mozilla.org/show_bug.cgi?id=2042910 mozilla.org: https://www.mozilla.org/security/advisories/mfsa2026-62/ mozilla.org: https://www.mozilla.org/security/advisories/mfsa2026-63/

Credits

Michael Bommarito