CVE-2026-7324

Description

Memory safety bugs present in Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1 and Thunderbird 150.0.1.

CVSS Details

CVSS Score

7.3

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:* - VULNERABLE

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:* - VULNERABLE

Mozilla Firefox < 150.0.1

Mozilla Thunderbird < 150.0.1

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

<!-- PoC for Memory Corruption Concept -->
<html>
<head><title>CVE-2026-7324 PoC</title></head>
<body>
<script>
// Simulate memory pressure to trigger corruption
try {
    var buffer = new ArrayBuffer(0x100000);
    var view = new Uint8Array(buffer);
    // Filling memory to potentially trigger heap overflow condition
    for (var i = 0; i < view.length; i++) {
        view[i] = 0x41; // 'A'
    }
    console.log('Memory allocated. If vulnerable, browser may crash.');
} catch (e) {
    console.log('Error: ' + e.message);
}
</script>
<p>If the browser is vulnerable to CVE-2026-7324, it may crash upon loading.</p>
</body>
</html>

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-7324
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-7324
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-7324/
[4] VulDB https://vuldb.com/cve/CVE-2026-7324
[5] https://bugzilla.mozilla.org/buglist.cgi?bug_id=2029419%2C2029717%2C2029769%2C2029886
[6] https://www.mozilla.org/security/advisories/mfsa2026-35/
[7] https://www.mozilla.org/security/advisories/mfsa2026-38/

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-7324", "sourceIdentifier": "[email protected]", "published": "2026-04-28T15:16:37.950", "lastModified": "2026-05-01T15:27:50.190", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Memory safety bugs present in Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1 and Thunderbird 150.0.1."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-119"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*", "versionEndExcluding": "150.0.1", "matchCriteriaId": "2256A965-6FB9-464D-9A25-F6DA1811686D"}, {"vulnerable": true, "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*", "versionEndExcluding": "150.0.1", "matchCriteriaId": "C52D9F1F-104D-4A17-97C0-E4AA35DEF2AB"}]}]}], "references": [{"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=2029419%2C2029717%2C2029769%2C2029886", "source": "[email protected]", "tags": ["Broken Link"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-35/", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-38/", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}