Out of bounds read in IMAP parsing
A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird or leaking sensitive data. This vulnerability affects Thunderbird < 149 and Thunderbird < 140.9.
References
Affected products
- <149
- <140.9
Matching in nixpkgs
pkgs.pkgsRocm.thunderbird
Full-featured e-mail client
pkgs.thunderbird-unwrapped
Full-featured e-mail client
pkgs.thunderbird-128-unwrapped
Full-featured e-mail client
pkgs.thunderbird-140-unwrapped
Full-featured e-mail client
-
nixos-unstable 140.7.2esr
- nixpkgs-unstable 140.7.2esr
- nixos-unstable-small 140.7.2esr
-
nixos-25.11 140.7.2esr
- nixos-25.11-small 140.7.2esr
- nixpkgs-25.11-darwin 140.7.2esr
pkgs.thunderbird-esr-unwrapped
Full-featured e-mail client
-
nixos-unstable 140.7.2esr
- nixpkgs-unstable 140.7.2esr
- nixos-unstable-small 140.7.2esr
-
nixos-25.11 140.7.2esr
- nixos-25.11-small 140.7.2esr
- nixpkgs-25.11-darwin 140.7.2esr
pkgs.pkgsRocm.thunderbird-latest
Full-featured e-mail client
pkgs.thunderbird-latest-unwrapped
Full-featured e-mail client
pkgs.pkgsRocm.thunderbird-unwrapped
Full-featured e-mail client
pkgs.thunderbirdPackages.thunderbird
Full-featured e-mail client
pkgs.roundcubePlugins.thunderbird_labels
None
pkgs.thunderbirdPackages.thunderbird-128
Full-featured e-mail client
pkgs.thunderbirdPackages.thunderbird-140
Full-featured e-mail client
-
nixos-unstable 140.7.2esr
- nixpkgs-unstable 140.7.2esr
- nixos-unstable-small 140.7.2esr
-
nixos-25.11 140.7.2esr
- nixos-25.11-small 140.7.2esr
- nixpkgs-25.11-darwin 140.7.2esr
pkgs.thunderbirdPackages.thunderbird-esr
Full-featured e-mail client
-
nixos-unstable 140.7.2esr
- nixpkgs-unstable 140.7.2esr
- nixos-unstable-small 140.7.2esr
-
nixos-25.11 140.7.2esr
- nixos-25.11-small 140.7.2esr
- nixpkgs-25.11-darwin 140.7.2esr
pkgs.pkgsRocm.thunderbird-latest-unwrapped
Full-featured e-mail client
pkgs.thunderbirdPackages.thunderbird-latest
Full-featured e-mail client
pkgs.pkgsRocm.thunderbirdPackages.thunderbird
Full-featured e-mail client
Package maintainers
-
@lovesegfault Bernardo Meurer <meurerbernardo@gmail.com>
-
@vcunat Vladimír Čunát <v@cunat.cz>
-
@nbp Nicolas B. Pierron <nixos@nbp.name>
-
@booxter Ihar Hrachyshka <ihar.hrachyshka@gmail.com>