Chat UI manipulation by injection
Summary
| CVE | CVE-2026-57963 |
|---|---|
| State | PUBLISHED |
| Assigner | mozilla |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-07-01 02:17:00 UTC |
| Updated | 2026-07-01 18:32:29 UTC |
| Description | An attacker who can send HTML chat messages (via Matrix or XMPP) can inject arbitrary styled content, phishing links, and CSS that manipulates the chat UI. This vulnerability was fixed in Thunderbird 152.0.1 and Thunderbird 140.12.1. |
Risk And Classification
Primary CVSS: v3.1 6.5 MEDIUM from ADP
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
EPSS: 0.001930000 probability, percentile 0.091490000 (date 2026-07-03)
Problem Types: CWE-79 | CWE-79 CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | ADP | DECLARED | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
| 3.1 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | Secondary | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
LowIntegrity
LowAvailability
NoneCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Mozilla | Thunderbird | unaffected 140.12.1 140.* rpm | Not specified |
| CNA | Mozilla | Thunderbird | unaffected 152.0.1 * rpm | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| bugzilla.mozilla.org/show_bug.cgi | [email protected] | bugzilla.mozilla.org | |
| www.mozilla.org/security/advisories/mfsa2026-64 | [email protected] | www.mozilla.org | |
| www.mozilla.org/security/advisories/mfsa2026-63 | [email protected] | www.mozilla.org | |
| www.mozilla.org/security/advisories/mfsa2026-62 | MITRE | www.mozilla.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
CNA: Michael Bommarito (en)
There are currently no legacy QID mappings associated with this CVE.