CVE-2026-0818

MEDIUM EPSS 5.4%
Published Jan 28, 20265mo ago · Modified Jun 17, 20262w ago
4.3 CVSS 3.1
Medium
Find Similar
Published Jan 28, 2026 5mo ago
Last Modified Jun 17, 2026 2w ago

Description

When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted contents were rendered in a context in which the CSS styles from the outer messages were active. If the user had additionally allowed loading of the remote content referenced by the outer email message, and the email was crafted by the sender using a combination of CSS rules and fonts and animations, then it was possible to extract the secret contents of the email. This vulnerability was fixed in Thunderbird 147.0.1 and Thunderbird 140.7.1.

CVSS Details

Base Score
4.3
Exploitability
2.8
Impact
1.4
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality Low
Integrity None
Availability None

Threat Intelligence

EPSS Exploit Probability
5.4% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 3

CWE-116
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Information Exposure
CWE-352 Cross-Site Request Forgery (CSRF) Authentication

Affected Products 2

VendorProductVersionRange
mozillathunderbird* <140.7.1
mozillathunderbird* <147.0.1

References 4

  • bugzilla.mozilla.org https://bugzilla.mozilla.org/show_bug.cgi?id=1881530
    Permissions Required
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2026/02/msg00005.html
  • mozilla.org https://www.mozilla.org/security/advisories/mfsa2026-07/
    Vendor Advisory
  • mozilla.org https://www.mozilla.org/security/advisories/mfsa2026-08/
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.