Security Vulnerability Report
中文
CVE-2026-8974 CVSS 9.8 CRITICAL

CVE-2026-8974

Published: 2026-05-19 14:16:54
Last Modified: 2026-05-19 18:16:37
Source: [email protected]

Description

Memory safety bugs present in Thunderbird 140.10 and Thunderbird 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

CVSS Details

CVSS Score
9.8
Severity
CRITICAL
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

Mozilla Thunderbird < 140.11
Mozilla Thunderbird < 151
Mozilla Firefox < 151
Mozilla Firefox ESR < 140.11

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
<!-- Proof of Concept for CVE-2026-8974 (Conceptual Trigger) --> <!-- This PoC demonstrates a potential trigger for the memory corruption --> <html> <body> <script> // Attempt to trigger memory corruption via crafted object manipulation var buffer = new ArrayBuffer(0x1000); var view = new DataView(buffer); function corrupt() { // Simulate complex memory operations that might hit the bug for (var i = 0; i < 10000; i++) { view.setUint32(i * 4, 0x41414141, true); } // Trigger the vulnerability condition (hypothetical) var exploit_str = "A".repeat(0x100000); var obj = {}; obj[exploit_str] = "data"; } corrupt(); </script> </body> </html>

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-8974", "sourceIdentifier": "[email protected]", "published": "2026-05-19T14:16:53.977", "lastModified": "2026-05-19T18:16:37.480", "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "Memory safety bugs present in Thunderbird 140.10 and Thunderbird 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-119"}]}], "references": [{"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1784128%2C1883230%2C1983677%2C2022390%2C2023116%2C2023657%2C2024255%2C2024418%2C2024441%2C2024447%2C2024966%2C2025412%2C2025467%2C2025940%2C2025950%2C2025956%2C2026284%2C2027247%2C2027255%2C2027288%2C2027306%2C2027322%2C2027332%2C2027333%2C2028266%2C2028292%2C2028319%2C2028526%2C2028870%2C2028876%2C2028882%2C2029062%2C2029309%2C2029414%2C2029422%2C2029428%2C2029447%2C2029732%2C2029785%2C2029793%2C2029813%2C2029899%2C2031028%2C2031457%2C2032039%2C2033610%2C2033854%2C2034498%2C2034628%2C2034978%2C2035966%2C2036668%2C2036905%2C2036930", "source": "[email protected]"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-46/", "source": "[email protected]"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-48/", "source": "[email protected]"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-50/", "source": "[email protected]"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-51/", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.