CVE-2026-0818 in Thunderbirdinfo

Zusammenfassung

von MITRE • 28.01.2026

When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted contents were rendered in a context in which the CSS styles from the outer messages were active. If the user had additionally allowed loading of the remote content referenced by the outer email message, and the email was crafted by the sender using a combination of CSS rules and fonts and animations, then it was possible to extract the secret contents of the email. This vulnerability affects Thunderbird < 147.0.1 and Thunderbird < 140.7.1.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

Mozilla

Reservieren

09.01.2026

Veröffentlichung

28.01.2026

Moderieren

akzeptiert

Eintrag

VDB-343188

CPE

bereit

CWE

CWE-200 (bestätigt)

CVSS

4.3 (VulDB)

EPSS

0.00008

KEV

nein

Aktivitäten

very low

Sektor

Transportation, Industry, ...

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-0818
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-0818
CVE Details	https://www.cvedetails.com/cve/CVE-2026-0818/

◂ Zurück Übersicht Weiter ▸

Might our Artificial Intelligence support you?

Check our Alexa App!