The CERT-FR has issued an alert on May 4, 2026, detailing several vulnerabilities in Mozilla Thunderbird that could allow attackers to execute arbitrary code remotely, compromise data confidentiality, and bypass security policies. The vulnerabilities affect Thunderbird Extended Support Release (ESR) versions earlier than 140.10.1 and all Thunderbird releases before 150.0.1. The alert references four CVEs—CVE‑2026‑7320 through CVE‑2026‑7324—and points users to Mozilla’s security advisories mfsa2026‑38 and mfsa2026‑39, published on April 30, 2026, for patch information. Users are advised to update to the latest Thunderbird version or apply the fixes detailed in the vendor’s bulletins.
Summary of content from
Made by AI. If you spot anything of concern write us at contact@cybach.com. We’ll promptly correct irregularities.