Nixpkgs Security Tracker

Untriaged

Permalink CVE-2026-0818

created 2 weeks ago

CSS-based exfiltration of the content from partially encrypted emails when allowing remote content

CSS-based exfiltration of the content from partially encrypted emails when allowing remote content. This vulnerability affects Thunderbird < 147.0.1 and Thunderbird < 140.7.1.

Affected products

Thunderbird

<140.7.1
<147.0.1

Matching in nixpkgs

pkgs.thunderbird-unwrapped

Full-featured e-mail client

nixos-unstable -
- nixpkgs-unstable 145.0
nixos-25.05 145.0
- nixos-25.05-small 145.0
- nixpkgs-25.05-darwin 145.0

pkgs.thunderbird-128-unwrapped

Full-featured e-mail client

nixos-25.05 128.14.0esr
- nixos-25.05-small 128.14.0esr
- nixpkgs-25.05-darwin 128.14.0esr

pkgs.thunderbird-140-unwrapped

Full-featured e-mail client

nixos-unstable 140.5.0esr
- nixpkgs-unstable 140.5.0esr
- nixos-unstable-small 140.5.0esr
nixos-25.05 140.5.0esr
- nixos-25.05-small 140.5.0esr
- nixpkgs-25.05-darwin 140.5.0esr

pkgs.thunderbird-esr-unwrapped

Full-featured e-mail client

nixos-unstable -
- nixpkgs-unstable 140.5.0esr
- nixos-unstable-small 140.5.0esr
nixos-25.05 140.5.0esr
- nixos-25.05-small 140.5.0esr
- nixpkgs-25.05-darwin 140.5.0esr

pkgs.pkgsRocm.thunderbird-latest

Full-featured e-mail client

nixos-unstable 145.0
- nixpkgs-unstable 145.0
- nixos-unstable-small 145.0

pkgs.thunderbird-latest-unwrapped

Full-featured e-mail client

nixos-unstable -
- nixpkgs-unstable 145.0
- nixos-unstable-small 145.0
nixos-25.05 145.0
- nixos-25.05-small 145.0
- nixpkgs-25.05-darwin 145.0

pkgs.thunderbirdPackages.thunderbird

Full-featured e-mail client

nixos-unstable -
- nixpkgs-unstable 145.0
nixos-25.05 145.0
- nixos-25.05-small 145.0
- nixpkgs-25.05-darwin 145.0

pkgs.roundcubePlugins.thunderbird_labels

None

nixos-unstable 1.6.0
- nixpkgs-unstable 1.6.0
- nixos-unstable-small 1.6.0
nixos-25.05 1.6.0
- nixos-25.05-small 1.6.0
- nixpkgs-25.05-darwin 1.6.0

pkgs.thunderbirdPackages.thunderbird-128

Full-featured e-mail client

nixos-25.05 128.14.0esr
- nixos-25.05-small 128.14.0esr
- nixpkgs-25.05-darwin 128.14.0esr

pkgs.thunderbirdPackages.thunderbird-140

Full-featured e-mail client

nixos-unstable -
- nixpkgs-unstable 140.5.0esr
nixos-25.05 140.5.0esr
- nixos-25.05-small 140.5.0esr
- nixpkgs-25.05-darwin 140.5.0esr

pkgs.thunderbirdPackages.thunderbird-esr

Full-featured e-mail client

nixos-unstable 140.5.0esr
- nixpkgs-unstable 140.5.0esr
- nixos-unstable-small 140.5.0esr
nixos-25.05 140.5.0esr
- nixos-25.05-small 140.5.0esr
- nixpkgs-25.05-darwin 140.5.0esr

pkgs.thunderbirdPackages.thunderbird-latest

Full-featured e-mail client

nixos-unstable 145.0
- nixpkgs-unstable 145.0
- nixos-unstable-small 145.0
nixos-25.05 145.0
- nixos-25.05-small 145.0
- nixpkgs-25.05-darwin 145.0

pkgs.pkgsRocm.thunderbirdPackages.thunderbird-latest

Full-featured e-mail client

nixos-unstable 145.0
- nixpkgs-unstable 145.0
- nixos-unstable-small 145.0

Package maintainers

@vcunat Vladimír Čunát <v@cunat.cz>
@lovesegfault Bernardo Meurer <meurerbernardo@gmail.com>
@nbp Nicolas B. Pierron <nixos@nbp.name>
@booxter Ihar Hrachyshka <ihar.hrachyshka@gmail.com>

Suggestion detail

Affected products

Matching in nixpkgs

pkgs.thunderbird-unwrapped

pkgs.thunderbird-128-unwrapped

pkgs.thunderbird-140-unwrapped

pkgs.thunderbird-esr-unwrapped

pkgs.pkgsRocm.thunderbird-latest

pkgs.thunderbird-latest-unwrapped

pkgs.thunderbirdPackages.thunderbird

pkgs.roundcubePlugins.thunderbird_labels

pkgs.thunderbirdPackages.thunderbird-128

pkgs.thunderbirdPackages.thunderbird-140

pkgs.thunderbirdPackages.thunderbird-esr

pkgs.thunderbirdPackages.thunderbird-latest

pkgs.pkgsRocm.thunderbirdPackages.thunderbird-latest

Package maintainers