CVE-2026-57963
Chat UI manipulation by injection
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
An attacker who can send HTML chat messages (via Matrix or XMPP) can inject arbitrary styled content, phishing links, and CSS that manipulates the chat UI. This vulnerability was fixed in Thunderbird 152.0.1 and Thunderbird 140.12.1.
| Vendor | mozilla |
| Product | thunderbird |
| Ecosystems | |
| Industries | Technology |
| Published | Jul 1, 2026 |
Stay Ahead of the Next One
Get instant alerts for mozilla thunderbird
Be the first to know when new unknown vulnerabilities affecting mozilla thunderbird are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Mozilla / Thunderbird
All versions affected References
Credits
Michael Bommarito