Untriaged
Permalink
CVE-2026-0818
4.3 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): REQUIRED
- Scope (S): UNCHANGED
- Confidentiality impact (C): LOW
- Integrity impact (I): NONE
- Availability impact (A): NONE
CSS-based exfiltration of the content from partially encrypted emails when allowing remote content
CSS-based exfiltration of the content from partially encrypted emails when allowing remote content. This vulnerability affects Thunderbird < 147.0.1 and Thunderbird < 140.7.1.
References
- https://www.mozilla.org/security/advisories/mfsa2026-07/
- https://www.mozilla.org/security/advisories/mfsa2026-08/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1881530
- https://bugzilla.mozilla.org/show_bug.cgi?id=1881530
- https://www.mozilla.org/security/advisories/mfsa2026-07/
- https://www.mozilla.org/security/advisories/mfsa2026-08/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1881530
- https://www.mozilla.org/security/advisories/mfsa2026-07/
- https://www.mozilla.org/security/advisories/mfsa2026-08/
- https://www.mozilla.org/security/advisories/mfsa2026-07/
- https://www.mozilla.org/security/advisories/mfsa2026-08/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1881530
- https://lists.debian.org/debian-lts-announce/2026/02/msg00005.html
Affected products
Thunderbird
- <147.0.1
- <140.7.1
Matching in nixpkgs
pkgs.thunderbird-unwrapped
Full-featured e-mail client
-
nixos-unstable -
- nixpkgs-unstable 145.0
pkgs.thunderbird-128-unwrapped
Full-featured e-mail client
pkgs.thunderbird-140-unwrapped
Full-featured e-mail client
-
nixos-unstable 140.5.0esr
- nixpkgs-unstable 140.5.0esr
- nixos-unstable-small 140.5.0esr
pkgs.thunderbird-esr-unwrapped
Full-featured e-mail client
-
nixos-unstable -
- nixpkgs-unstable 140.5.0esr
- nixos-unstable-small 140.5.0esr
pkgs.pkgsRocm.thunderbird-latest
Full-featured e-mail client
pkgs.thunderbird-latest-unwrapped
Full-featured e-mail client
pkgs.thunderbirdPackages.thunderbird
Full-featured e-mail client
-
nixos-unstable -
- nixpkgs-unstable 145.0
pkgs.roundcubePlugins.thunderbird_labels
None
pkgs.thunderbirdPackages.thunderbird-128
Full-featured e-mail client
pkgs.thunderbirdPackages.thunderbird-140
Full-featured e-mail client
-
nixos-unstable -
- nixpkgs-unstable 140.5.0esr
pkgs.thunderbirdPackages.thunderbird-esr
Full-featured e-mail client
-
nixos-unstable 140.5.0esr
- nixpkgs-unstable 140.5.0esr
- nixos-unstable-small 140.5.0esr
pkgs.thunderbirdPackages.thunderbird-latest
Full-featured e-mail client
pkgs.pkgsRocm.thunderbirdPackages.thunderbird-latest
Full-featured e-mail client
Package maintainers
-
@vcunat Vladimír Čunát <v@cunat.cz>
-
@lovesegfault Bernardo Meurer <meurerbernardo@gmail.com>
-
@nbp Nicolas B. Pierron <nixos@nbp.name>
-
@booxter Ihar Hrachyshka <ihar.hrachyshka@gmail.com>