CVE-2026-7322

high

Description

Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, Firefox ESR 115.35.1, Thunderbird 150.0.1, and Thunderbird 140.10.1.

References

https://www.securityweek.com/chrome-147-firefox-150-security-updates-rolling-out/

https://www.mozilla.org/security/advisories/mfsa2026-39/

https://www.mozilla.org/security/advisories/mfsa2026-38/

https://www.mozilla.org/security/advisories/mfsa2026-37/

https://www.mozilla.org/security/advisories/mfsa2026-36/

https://www.mozilla.org/security/advisories/mfsa2026-35/

https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-7322.json

https://bugzilla.redhat.com/show_bug.cgi?id=2463484

https://bugzilla.mozilla.org/buglist.cgi?bug_id=2021904%2C2022731%2C2027158%2C2027733%2C2027973%2C2027976%2C2028231%2C2028731%2C2028886%2C2029067%2C2029700%2C2029724%2C2029806%2C2029814%2C2030108%2C2030111%2C2031524%2C2031921%2C2032040

https://access.redhat.com/security/cve/CVE-2026-7322

https://access.redhat.com/errata/RHSA-2026:25014

https://access.redhat.com/errata/RHSA-2026:24846

https://access.redhat.com/errata/RHSA-2026:24844

https://access.redhat.com/errata/RHSA-2026:24721

https://access.redhat.com/errata/RHSA-2026:24719

https://access.redhat.com/errata/RHSA-2026:24718

https://access.redhat.com/errata/RHSA-2026:24717

https://access.redhat.com/errata/RHSA-2026:24345

https://access.redhat.com/errata/RHSA-2026:22847

https://access.redhat.com/errata/RHSA-2026:22712

https://access.redhat.com/errata/RHSA-2026:22708

https://access.redhat.com/errata/RHSA-2026:22410

https://access.redhat.com/errata/RHSA-2026:22409

https://access.redhat.com/errata/RHSA-2026:22408

https://access.redhat.com/errata/RHSA-2026:22324

https://access.redhat.com/errata/RHSA-2026:21743

https://access.redhat.com/errata/RHSA-2026:20586

https://access.redhat.com/errata/RHSA-2026:19588

https://access.redhat.com/errata/RHSA-2026:19370

https://access.redhat.com/errata/RHSA-2026:19348

https://access.redhat.com/errata/RHSA-2026:19157

https://access.redhat.com/errata/RHSA-2026:19153

Details

Source: Mitre, NVD

Published: 2026-04-28

Updated: 2026-06-30

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00039