Description
Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, Firefox ESR 115.35.1, Thunderbird 150.0.1, and Thunderbird 140.10.1.
Published: 2026-04-28
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Memory safety bugs were discovered in Thunderbird ESR 140.10.0 and 150.0.0, exhibiting evidence of memory corruption that could be leveraged to execute arbitrary code. The flaws align with CWE‑119 (Buffer Overflow), CWE‑416 (Use‑After‑Free), and CWE‑787 (Out‑of‑Bounds Write), which can corrupt program memory and allow an attacker to influence control flow. Based on the description, it is inferred that the vulnerability can be triggered by malicious content such as crafted email attachments or messages, and may require user interaction or trust in the affected client to execute.

Affected Systems

The documented affected releases are Mozilla Thunderbird ESR 140.10.0 and 150.0.0. In addition, the patches applied to Firefox 150.0.1, ESR 140.10.1, and ESR 115.35.1 suggest that earlier Firefox 150.0.0, ESR 140.10.0, and ESR 115.35.0 were likely affected, although the baseline description does not explicitly list them.

Risk and Exploitability

The CVSS score of 7.3 indicates a high severity level, while the EPSS score of less than 1% and the absence from CISA KEV imply a low likelihood of current exploitation. The likely attack vector is the delivery of malicious content to a user of the affected client, potentially through phishing or unsolicited attachments, which would need user interaction to be executed. Successful exploitation would grant an attacker arbitrary code execution on the compromised system.

Generated by OpenCVE AI on May 12, 2026 at 01:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the patched releases: upgrade Thunderbird to 140.10.1 or 150.0.1, and upgrade Firefox to 150.0.1, ESR 140.10.1, or ESR 115.35.1.
  • If immediate upgrade is not feasible, disable or remove any legacy add‑ons or extensions that may introduce memory safety issues.
  • Continuously monitor Mozilla’s security advisories and apply subsequent patches promptly to protect against related memory safety vulnerabilities.

Generated by OpenCVE AI on May 12, 2026 at 01:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4555-1 firefox-esr security update
Debian DLA Debian DLA DLA-4562-1 thunderbird security update
Debian DSA Debian DSA DSA-6236-1 firefox-esr security update
Debian DSA Debian DSA DSA-6242-1 thunderbird security update
History

Tue, 12 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787
References
Metrics threat_severity

None

 threat_severity

Important

Thu, 07 May 2026 16:15:00 +0000

Type Values Removed Values Added
Description Memory safety bugs present in Firefox ESR 115.35.0, Firefox ESR 140.10.0 and Firefox 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, Firefox ESR 115.35.1, Thunderbird 150.0.1, and Thunderbird 140.10.1. Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, Firefox ESR 115.35.1, Thunderbird 150.0.1, and Thunderbird 140.10.1.
Title Memory safety bugs fixed in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1 Memory safety bugs fixed in Thunderbird ESR 140.10.1 and Thunderbird 150.0.1

Thu, 07 May 2026 15:30:00 +0000

Type Values Removed Values Added
Description Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, Firefox ESR 115.35.1, Thunderbird 150.0.1, and Thunderbird 140.10.1. Memory safety bugs present in Firefox ESR 115.35.0, Firefox ESR 140.10.0 and Firefox 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, Firefox ESR 115.35.1, Thunderbird 150.0.1, and Thunderbird 140.10.1.
Title Memory safety bugs fixed in Thunderbird ESR 140.10.1 and Thunderbird 150.0.1 Memory safety bugs fixed in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1

Fri, 01 May 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla thunderbird
CPEs cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*
Vendors & Products Mozilla thunderbird

Thu, 30 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
Description Memory safety bugs present in Firefox ESR 115.35.0, Firefox ESR 140.10.0 and Firefox 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, and Firefox ESR 115.35.1. Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, Firefox ESR 115.35.1, Thunderbird 150.0.1, and Thunderbird 140.10.1.
Title Memory safety bugs fixed in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1 Memory safety bugs fixed in Thunderbird ESR 140.10.1 and Thunderbird 150.0.1
References

Thu, 30 Apr 2026 11:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 30 Apr 2026 05:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 28 Apr 2026 22:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
CWE-416
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

Tue, 28 Apr 2026 22:15:00 +0000

Type Values Removed Values Added
Description Memory safety bugs present in Firefox ESR 115.35.0, Firefox ESR 140.10.0, Thunderbird ESR 140.10.0, Firefox 150.0.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, and Firefox ESR 115.35.1. Memory safety bugs present in Firefox ESR 115.35.0, Firefox ESR 140.10.0 and Firefox 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, and Firefox ESR 115.35.1.
Title Memory safety bugs fixed in Firefox ESR 115.35.1, Firefox ESR 140.10.1, Thunderbird ESR 140.10.1, Firefox 150.0.1 and Thunderbird 150.0.1 Memory safety bugs fixed in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1

Tue, 28 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
Vendors & Products Mozilla
Mozilla firefox

Tue, 28 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Description Memory safety bugs present in Firefox ESR 115.35.0, Firefox ESR 140.10.0, Thunderbird ESR 140.10.0, Firefox 150.0.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, and Firefox ESR 115.35.1.
Title Memory safety bugs fixed in Firefox ESR 115.35.1, Firefox ESR 140.10.1, Thunderbird ESR 140.10.1, Firefox 150.0.1 and Thunderbird 150.0.1
References

Subscriptions

Mozilla Firefox Thunderbird
cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-05-07T15:22:40.028Z

Reserved: 2026-04-28T13:42:17.804Z

Link: CVE-2026-7322

cve-icon Vulnrichment

Updated: 2026-04-28T17:45:34.439Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-28T15:16:37.727

Modified: 2026-05-01T12:30:25.960

Link: CVE-2026-7322

cve-icon Redhat

Severity : Important

Publid Date: 2026-04-28T13:49:09Z

Links: CVE-2026-7322 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T01:30:04Z

Weaknesses
  • CWE-119

    Improper Restriction of Operations within the Bounds of a Memory Buffer

  • CWE-416

    Use After Free

  • CWE-787

    Out-of-bounds Write