CVE-2026-0818 in Thunderbird情報

要約

〜によって MITRE • 2026年01月28日

When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted contents were rendered in a context in which the CSS styles from the outer messages were active. If the user had additionally allowed loading of the remote content referenced by the outer email message, and the email was crafted by the sender using a combination of CSS rules and fonts and animations, then it was possible to extract the secret contents of the email. This vulnerability affects Thunderbird < 147.0.1 and Thunderbird < 140.7.1.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

責任者

Mozilla

予約する

2026年01月09日

公開

2026年01月28日

モデレーション

承諾済み

エントリ

VDB-343188

CPE

準備完了

CWE

CWE-200 (確認済み)

CVSS

4.3 (VulDB)

EPSS

0.00008

KEV

いいえ

アクティビティ

非常低い

セクター

Telecommunication, Insurance, ...

ソース

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-0818
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-0818
CVE Details	https://www.cvedetails.com/cve/CVE-2026-0818/

◂ 前概要次 ▸

Might our Artificial Intelligence support you?

Check our Alexa App!