Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/thunderbird@1:140.7.1esr-1~deb12u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:140.7.1esr-1~deb12u1?distro=trixie
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-qcxw-ds31-3ubd When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted contents were rendered in a context in which the CSS styles from the outer messages were active. If the user had additionally allowed loading of the remote content referenced by the outer email message, and the email was crafted by the sender using a combination of CSS rules and fonts and animations, then it was possible to extract the secret contents of the email. CVE-2026-0818

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T09:13:48.216661+00:00 Debian Importer Fixing VCID-qcxw-ds31-3ubd https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-11T18:10:23.668683+00:00 Debian Importer Fixing VCID-qcxw-ds31-3ubd https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-03T07:54:58.137558+00:00 Debian Importer Fixing VCID-qcxw-ds31-3ubd https://security-tracker.debian.org/tracker/data/json 38.1.0