Nixpkgs security tracker

Untriaged

Permalink CVE-2026-0818

4.3 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): Required (R)
Scope (S): Unchanged (U)
Confidentiality (C): Low (L)
Integrity (I): None (N)
Availability (A): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): Required (R)
Modified Confidentiality (MC): Low (L)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): None (N)

created 3 months, 3 weeks ago Activity log

Created suggestion 3 months, 3 weeks ago

CSS-based exfiltration of the content from partially encrypted emails when allowing remote content

CSS-based exfiltration of the content from partially encrypted emails when allowing remote content. This vulnerability affects Thunderbird < 147.0.1 and Thunderbird < 140.7.1.

References

Affected products

Thunderbird

<140.7.1
<147.0.1

Matching in nixpkgs

pkgs.thunderbird-unwrapped

Full-featured e-mail client

nixos-unstable -
- nixpkgs-unstable 145.0

pkgs.thunderbird-128-unwrapped

Full-featured e-mail client

pkgs.thunderbird-140-unwrapped

Full-featured e-mail client

nixos-unstable 140.5.0esr
- nixpkgs-unstable 140.5.0esr
- nixos-unstable-small 140.5.0esr

pkgs.thunderbird-esr-unwrapped

Full-featured e-mail client

nixos-unstable -
- nixpkgs-unstable 140.5.0esr
- nixos-unstable-small 140.5.0esr

pkgs.pkgsRocm.thunderbird-latest

Full-featured e-mail client

nixos-unstable 145.0
- nixpkgs-unstable 145.0
- nixos-unstable-small 145.0

pkgs.thunderbird-latest-unwrapped

Full-featured e-mail client

nixos-unstable -
- nixpkgs-unstable 145.0
- nixos-unstable-small 145.0

pkgs.thunderbirdPackages.thunderbird

Full-featured e-mail client

nixos-unstable -
- nixpkgs-unstable 145.0

pkgs.roundcubePlugins.thunderbird_labels

None

nixos-unstable 1.6.0
- nixpkgs-unstable 1.6.0
- nixos-unstable-small 1.6.0

pkgs.thunderbirdPackages.thunderbird-128

Full-featured e-mail client

pkgs.thunderbirdPackages.thunderbird-140

Full-featured e-mail client

nixos-unstable -
- nixpkgs-unstable 140.5.0esr

pkgs.thunderbirdPackages.thunderbird-esr

Full-featured e-mail client

nixos-unstable 140.5.0esr
- nixpkgs-unstable 140.5.0esr
- nixos-unstable-small 140.5.0esr

pkgs.thunderbirdPackages.thunderbird-latest

Full-featured e-mail client

nixos-unstable 145.0
- nixpkgs-unstable 145.0
- nixos-unstable-small 145.0

pkgs.pkgsRocm.thunderbirdPackages.thunderbird-latest

Full-featured e-mail client

nixos-unstable 145.0
- nixpkgs-unstable 145.0
- nixos-unstable-small 145.0

Package maintainers

@lovesegfault Bernardo Meurer <meurerbernardo@gmail.com>
@vcunat Vladimír Čunát <v@cunat.cz>
@nbp Nicolas B. Pierron <nixos@nbp.name>
@booxter Ihar Hrachyshka <ihar.hrachyshka@gmail.com>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.thunderbird-unwrapped

pkgs.thunderbird-128-unwrapped

pkgs.thunderbird-140-unwrapped

pkgs.thunderbird-esr-unwrapped

pkgs.pkgsRocm.thunderbird-latest

pkgs.thunderbird-latest-unwrapped

pkgs.thunderbirdPackages.thunderbird

pkgs.roundcubePlugins.thunderbird_labels

pkgs.thunderbirdPackages.thunderbird-128

pkgs.thunderbirdPackages.thunderbird-140

pkgs.thunderbirdPackages.thunderbird-esr

pkgs.thunderbirdPackages.thunderbird-latest

pkgs.pkgsRocm.thunderbirdPackages.thunderbird-latest

Package maintainers