{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3889", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2026-03-10T16:23:43.463Z", "datePublished": "2026-03-24T20:27:14.437Z", "dateUpdated": "2026-03-24T20:27:14.437Z"}, "containers": {"cna": {"affected": [{"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"lessThan": "149", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"lessThan": "140.9", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Spoofing issue in Thunderbird. This vulnerability affects Thunderbird < 149 and Thunderbird < 140.9.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Spoofing issue in Thunderbird. This vulnerability affects Thunderbird < 149 and Thunderbird < 140.9."}]}], "title": "Spoofing issue in Thunderbird", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2020723"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"}], "credits": [{"lang": "en", "value": "Eemeli Aro"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-03-24T20:27:14.437Z"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Spoofing issue in Thunderbird. This vulnerability affects Thunderbird < 149 and Thunderbird < 140.9."}], "id": "CVE-2026-3889", "lastModified": "2026-03-24T21:16:29.330", "metrics": {}, "published": "2026-03-24T21:16:29.330", "references": [{"source": "security@mozilla.org", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2020723"}, {"source": "security@mozilla.org", "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"}, {"source": "security@mozilla.org", "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Received"}

{"bugzilla": {"description": "Thunderbird: Thunderbird: Spoofing vulnerability", "id": "2451006", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451006"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "status": "draft"}, "cwe": "CWE-20", "details": ["A spoofing flaw has been found in Thunderbird."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2026-3889", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-24T20:27:14Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-3889\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-3889\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=2020723\nhttps://www.mozilla.org/security/advisories/mfsa2026-23/\nhttps://www.mozilla.org/security/advisories/mfsa2026-24/"], "threat_severity": "Moderate"}

{}