Lookup for vulnerable packages by Package URL.
| Purl | pkg:mozilla/Thunderbird@140.7.1 |
|---|
| Type | mozilla |
|---|
| Namespace | |
|---|
| Name | Thunderbird |
|---|
| Version | 140.7.1 |
|---|
| Qualifiers |
|
|---|
| Subpath | |
|---|
| Is_vulnerable | false |
|---|
| Next_non_vulnerable_version | 140.7.2 |
|---|
| Latest_non_vulnerable_version | 151.0.0 |
|---|
| Affected_by_vulnerabilities |
|
|---|
| Fixing_vulnerabilities |
| 0 |
| url |
VCID-tvnw-j8vm-97he |
| vulnerability_id |
VCID-tvnw-j8vm-97he |
| summary |
When a user explicitly requested Thunderbird to decrypt an inline
OpenPGP message that was embedded in a text section of an email
that was formatted and styled with HTML and CSS, then the
decrypted contents were rendered in a context in which the CSS
styles from the outer messages were active. If the user had
additionally allowed loading of the remote content referenced by
the outer email message, and the email was crafted by the sender
using a combination of CSS rules and fonts and animations, then
it was possible to extract the secret contents of the email. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-0818
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tvnw-j8vm-97he |
|
|
|---|
| Risk_score | null |
|---|
| Resource_url | http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@140.7.1 |
|---|