{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/388?format=json","vulnerability_id":"VCID-tvnw-j8vm-97he","summary":"When a user explicitly requested Thunderbird to decrypt an inline\nOpenPGP message that was embedded in a text section of an email\nthat was formatted and styled with HTML and CSS, then the\ndecrypted contents were rendered in a context in which the CSS\nstyles from the outer messages were active. If the user had\nadditionally allowed loading of the remote content referenced by\nthe outer email message, and the email was crafted by the sender\nusing a combination of CSS rules and fonts and animations, then\nit was possible to extract the secret contents of the email.","aliases":[{"alias":"CVE-2026-0818"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/392?format=json","purl":"pkg:mozilla/Thunderbird@140.7.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@140.7.1"},{"url":"http://public2.vulnerablecode.io/api/packages/415?format=json","purl":"pkg:mozilla/Thunderbird@147.0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@147.0.1"}],"affected_packages":[],"references":[{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-07","reference_id":"mfsa2026-07","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-08","reference_id":"mfsa2026-08","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-08"}],"weaknesses":[],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tvnw-j8vm-97he"}