CVE-2026-3889: Spoofing issue in Thunderbird
Published Mar 24, 2026
·Updated
Spoofing issue in Thunderbird. This vulnerability affects Thunderbird < 149 and Thunderbird < 140.9.
Other sources
Spoofing issue in Thunderbird. This vulnerability was fixed in Thunderbird 149 and Thunderbird 140.9.
— MITRE
Affected Software
5 affected componentsFixes available
Mozilla Thunderbird<149, <140.9
Mozilla Thunderbird<140.9
140.9
Mozilla Thunderbird<149
149
Mozilla Thunderbird<140.9.0
Mozilla Thunderbird<149.0
Event History
Mar 24, 2026
CVE Published
via Mozilla·12:00 AM
Data Sourced
via Mozilla·12:00 AM
DescriptionSeverityAffected Software
Updated
via Mozilla·12:00 AM
Affected Software
CVE Published
via MITRE·08:27 PM
Data Sourced
via MITRE·08:27 PM
Description
Data Sourced
via Red Hat·09:02 PM
DescriptionSeverityAffected Software
Data Sourced
via NVD·09:16 PM
DescriptionSeverityWeaknessAffected Software
Peer vulnerabilities
Found alongside the following vulnerabilities.
- CVE-2026-3889
- CVE-2026-4371
- CVE-2026-4684
- CVE-2026-4685
- CVE-2026-4686
- CVE-2026-4687
- CVE-2026-4688
- CVE-2026-4689
- CVE-2026-4690
- CVE-2026-4691
- CVE-2026-4692
- CVE-2026-4693
- CVE-2026-4694
- CVE-2026-4695
- CVE-2026-4696
- CVE-2026-4697
- CVE-2026-4698
- CVE-2026-4699
- CVE-2026-4700
- CVE-2026-4701
- CVE-2026-4702
- CVE-2026-4704
- CVE-2026-4705
- CVE-2026-4706
- CVE-2026-4707
- CVE-2026-4708
- CVE-2026-4709
- CVE-2026-4710
- CVE-2026-4711
- CVE-2026-4712
- CVE-2026-4713
- CVE-2026-4714
- CVE-2026-4715
- CVE-2026-4716
- CVE-2026-4717
- CVE-2025-59375
- CVE-2026-4718
- CVE-2026-4719
- CVE-2026-4720
- CVE-2026-4721
- CVE-2026-4722
- CVE-2026-4723
- CVE-2026-4724
- CVE-2026-4725
- CVE-2026-4726
- CVE-2026-4727
- CVE-2026-4728
- CVE-2026-4729
Frequently Asked Questions
1
What is the severity of CVE-2026-3889?
The severity of CVE-2026-3889 is classified as a spoofing vulnerability.
2
How do I fix CVE-2026-3889?
To fix CVE-2026-3889, upgrade Thunderbird to version 149 or later, or to version 140.9 or later.
3
Which versions of Thunderbird are affected by CVE-2026-3889?
CVE-2026-3889 affects Thunderbird versions prior to 149 and prior to 140.9.
4
What kind of attack does CVE-2026-3889 enable?
CVE-2026-3889 enables spoofing attacks that can mislead users within Thunderbird.
5
Who is impacted by CVE-2026-3889?
Users of Thunderbird versions older than 149 and 140.9 are at risk due to CVE-2026-3889.