CVE Catalog

CVE-2026-12329

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.31%

23th percentile — higher than 23% of all known CVEs

Summary

A memory safety bug was fixed in Thunderbird ESR 140.12. This vulnerability was also patched in Firefox ESR 140.12 and Thunderbird 140.12.

Risk Assessment

The flaw could allow remote code execution or data leakage via memory corruption.

Recommendation

Immediately update Thunderbird to version 140.12 or later.

Original NVD description (English source)

Memory safety bug fixed in Thunderbird ESR 140.12. This vulnerability was fixed in Firefox ESR 140.12 and Thunderbird 140.12.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS