CVE-2026-0818

Name
CVE-2026-0818
Description
When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted contents were rendered in a context in which the CSS styles from the outer messages were active. If the user had additionally allowed loading of the remote content referenced by the outer email message, and the email was crafted by the sender using a combination of CSS rules and fonts and animations, then it was possible to extract the secret contents of the email. This vulnerability affects Thunderbird < 147.0.1 and Thunderbird < 140.7.1.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
security@mozilla.org https://bugzilla.mozilla.org/show_bug.cgi?id=1881530
security@mozilla.org https://www.mozilla.org/security/advisories/mfsa2026-07/
security@mozilla.org https://www.mozilla.org/security/advisories/mfsa2026-08/
af854a3a-2127-422b-91ae-364da2661108 https://lists.debian.org/debian-lts-announce/2026/02/msg00005.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:* thunderbird >= None < 140.7.1
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:* thunderbird >= None < 147.0.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
thunderbird edge-community 145.0-r2 Patrycja Rosa <alpine@ptrcnull.me> possibly vulnerable
thunderbird edge-community 145.0-r1 Patrycja Rosa <alpine@ptrcnull.me> possibly vulnerable
thunderbird edge-community 145.0-r0 Patrycja Rosa <alpine@ptrcnull.me> possibly vulnerable
thunderbird edge-community 144.0-r0 Patrycja Rosa <alpine@ptrcnull.me> possibly vulnerable
thunderbird edge-community 140.0.1-r0 Patrycja Rosa <alpine@ptrcnull.me> possibly vulnerable
thunderbird edge-community 140.0-r0 Patrycja Rosa <alpine@ptrcnull.me> possibly vulnerable
thunderbird edge-community 139.0.2-r0 Patrycja Rosa <alpine@ptrcnull.me> possibly vulnerable
thunderbird edge-community 138.0-r2 Patrycja Rosa <alpine@ptrcnull.me> possibly vulnerable
thunderbird edge-community 138.0-r1 Patrycja Rosa <alpine@ptrcnull.me> possibly vulnerable
thunderbird edge-community 138.0-r0 Patrycja Rosa <alpine@ptrcnull.me> possibly vulnerable
thunderbird edge-community 137.0.1-r0 Patrycja Rosa <alpine@ptrcnull.me> possibly vulnerable
thunderbird edge-community 137.0-r0 Patrycja Rosa <alpine@ptrcnull.me> possibly vulnerable
thunderbird edge-community 128.8.0-r0 Patrycja Rosa <alpine@ptrcnull.me> possibly vulnerable
thunderbird edge-community 128.7.1-r0 Patrycja Rosa <alpine@ptrcnull.me> possibly vulnerable
thunderbird edge-community 128.7.0-r0 Patrycja Rosa <alpine@ptrcnull.me> possibly vulnerable
thunderbird edge-community 128.6.0-r0 Patrycja Rosa <alpine@ptrcnull.me> possibly vulnerable
thunderbird edge-community 128.5.2-r0 Patrycja Rosa <alpine@ptrcnull.me> possibly vulnerable
thunderbird edge-community 128.5.1-r0 Patrycja Rosa <alpine@ptrcnull.me> possibly vulnerable
thunderbird edge-community 128.5.0-r0 Patrycja Rosa <alpine@ptrcnull.me> possibly vulnerable
thunderbird edge-community 128.4.4-r0 Patrycja Rosa <alpine@ptrcnull.me> possibly vulnerable
thunderbird edge-community 128.4.3-r0 Patrycja Rosa <alpine@ptrcnull.me> possibly vulnerable
thunderbird edge-community 128.4.2-r0 Patrycja Rosa <alpine@ptrcnull.me> possibly vulnerable
thunderbird edge-community 128.1.1-r0 Patrycja Rosa <alpine@ptrcnull.me> possibly vulnerable
thunderbird edge-community 115.10.1-r0 Patrycja Rosa <alpine@ptrcnull.me> possibly vulnerable
thunderbird edge-community 115.5.0-r0 Patrycja Rosa <alpine@ptrcnull.me> possibly vulnerable
thunderbird edge-community 115.4.1-r0 Patrycja Rosa <alpine@ptrcnull.me> possibly vulnerable
thunderbird edge-community 115.4.0-r0 Patrycja Rosa <alpine@ptrcnull.me> possibly vulnerable
thunderbird edge-community 102.1.0-r0 psykose <alice@ayaya.dev> possibly vulnerable
thunderbird edge-community 102.0-r0 psykose <alice@ayaya.dev> possibly vulnerable
thunderbird edge-community 91.10.0-r0 psykose <alice@ayaya.dev> possibly vulnerable
thunderbird edge-community 91.9.1-r0 psykose <alice@ayaya.dev> possibly vulnerable
thunderbird edge-community 91.9.0-r0 None possibly vulnerable
thunderbird edge-community 91.8.0-r0 None possibly vulnerable
thunderbird edge-community 91.7.0-r0 None possibly vulnerable
thunderbird edge-community 91.6.2-r0 None possibly vulnerable
thunderbird edge-community 91.6.0-r0 None possibly vulnerable
thunderbird edge-community 91.5.0-r0 None possibly vulnerable
thunderbird edge-community 91.4.1-r0 None possibly vulnerable
thunderbird edge-community 91.4.0-r0 None possibly vulnerable
thunderbird edge-community 91.3.2-r0 None possibly vulnerable
thunderbird edge-community 78.9.0-r0 None possibly vulnerable
thunderbird edge-community 78.7.0-r0 None possibly vulnerable
thunderbird edge-community 78.6.1-r0 None possibly vulnerable
thunderbird edge-community 78.5.1-r0 None possibly vulnerable
thunderbird edge-community 68.10.0-r0 None possibly vulnerable
thunderbird edge-community 68.9.0-r0 None possibly vulnerable
thunderbird edge-community 68.8.0-r0 None possibly vulnerable
thunderbird edge-community 68.7.0-r0 None possibly vulnerable
thunderbird edge-community 68.6.0-r0 None possibly vulnerable
thunderbird edge-community 68.5.0-r0 None possibly vulnerable
thunderbird 3.23-community 145.0-r0 Patrycja Rosa <alpine@ptrcnull.me> possibly vulnerable