CVE-2026-3889
Published: 24 March 2026
Description
Spoofing issue in Thunderbird. This vulnerability was fixed in Thunderbird 149 and Thunderbird 140.9.
Security SummaryAI
CVE-2026-3889 is a spoofing vulnerability (CWE-451) affecting Mozilla Thunderbird email client. It enables user interface misrepresentation, allowing attackers to spoof critical information displayed to users. The issue was addressed in Thunderbird version 149 and Thunderbird Extended Support Release (ESR) 140.9, as detailed in Mozilla's security advisories.
Attackers can exploit this vulnerability remotely over the network with low complexity and no required privileges, but it necessitates user interaction, such as clicking a malicious link or opening a crafted email. Successful exploitation results in high integrity impact (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N, score 6.5), potentially tricking users into performing unintended actions, such as divulging sensitive information or executing malicious content, without compromising confidentiality or availability.
Mozilla's security advisories (MFSA 2026-23 and MFSA 2026-24) and the associated Bugzilla entry (bug 2020723) confirm the fix in the specified Thunderbird versions, recommending users update immediately to mitigate the risk. No workarounds are mentioned beyond applying the patches.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
UI spoofing in Thunderbird directly facilitates convincing spearphishing emails/attachments and subsequent user execution of malicious links or files.