CVE-2026-12329

MEDIUM5.3JSON export Create alert

Description

Memory safety bug fixed in Thunderbird ESR 140.12. This vulnerability was fixed in Firefox ESR 140.12 and Thunderbird 140.12.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Affected products

Mozilla / Firefox140.12 – *
Mozilla / Thunderbird140.12 – *

References

MISChttps://bugzilla.mozilla.org/show_bug.cgi?id=2044738
VENDOR_ADVISORYhttps://www.mozilla.org/security/advisories/mfsa2026-58/
VENDOR_ADVISORYhttps://www.mozilla.org/security/advisories/mfsa2026-61/