Lucene search
K

382 matches found

OSV
OSV
added 2026/02/05 11:14 a.m.2 views

SUSE-SU-2026:0388-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 140.7.1 MFSA 2026-08 bsc1257397: - CVE-2026-0818: CSS-based exfiltration of the content from partially encrypted emails when allowing remote content...

4.3CVSS5.8AI score0.00159EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/01/30 12:26 a.m.5 views

SUSE CVE-2026-0818

When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted contents were rendered in a context in which the CSS styles from the outer messages were active. If...

3.1CVSS7.5AI score0.00159EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/29 3:26 a.m.7 views

CVE-2026-21569

This High severity XXE XML External Entity Injection vulnerability was introduced in version 7.1.0 of Crowd Data Center and Server. This XXE XML External Entity Injection vulnerability, with a CVSS Score of 7.9, allows an authenticated attacker to access local and remote content which has high...

7.9CVSS5.9AI score0.00297EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/01/29 12:0 a.m.9 views

CVE-2026-0818

When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted contents were rendered in a context in which the CSS styles from the outer messages were active. If...

4.3CVSS7.5AI score0.00159EPSS
Exploits0References6
OSV
OSV
added 2026/01/29 12:0 a.m.4 views

UBUNTU-CVE-2026-0818

When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted contents were rendered in a context in which the CSS styles from the outer messages were active. If...

4.3CVSS6.9AI score0.00159EPSS
Exploits0References7
NVD
NVD
added 2026/01/28 8:16 a.m.9 views

CVE-2026-0818

When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted contents were rendered in a context in which the CSS styles from the outer messages were active. If...

4.3CVSS0.00159EPSS
Exploits0References4
OSV
OSV
added 2026/01/28 8:16 a.m.6 views

CVE-2026-0818

When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted contents were rendered in a context in which the CSS styles from the outer messages were active. If...

4.3CVSS5.8AI score
Exploits0References4
Cvelist
Cvelist
added 2026/01/28 7:39 a.m.21 views

CVE-2026-0818 CSS-based exfiltration of the content from partially encrypted emails when allowing remote content

When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted contents were rendered in a context in which the CSS styles from the outer messages were active. If...

0.00159EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/01/28 7:39 a.m.2 views

CVE-2026-0818

When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted contents were rendered in a context in which the CSS styles from the outer messages were active. If...

4.3CVSS7.5AI score0.00159EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/28 7:39 a.m.3 views

CVE-2026-0818 CSS-based exfiltration of the content from partially encrypted emails when allowing remote content

When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted contents were rendered in a context in which the CSS styles from the outer messages were active. If...

7.5AI score0.00159EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/28 7:39 a.m.6 views

CVE-2026-0818

When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted contents were rendered in a context in which the CSS styles from the outer messages were active. If...

4.3CVSS5.9AI score0.00159EPSS
Exploits0References4
EUVD
EUVD
added 2026/01/28 7:39 a.m.6 views

EUVD-2026-4880

CSS-based exfiltration of the content from partially encrypted emails when allowing remote content. This vulnerability affects Thunderbird 147.0.1 and Thunderbird 140.7.1...

4.3CVSS5.9AI score0.00159EPSS
Exploits0References3
CVE
CVE
added 2026/01/28 7:39 a.m.53 views

CVE-2026-0818

CVE-2026-0818 concerns Thunderbird where decrypting an inline OpenPGP message embedded in HTML/CSS could render in a context with outer email CSS, potentially enabling exfiltration of secret content if remote content is allowed. Affected versions: Thunderbird < 147.0.1 and Thunderbird

4.3CVSS7.5AI score0.00159EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/01/28 1:16 a.m.16 views

CVE-2026-21569

This High severity XXE XML External Entity Injection vulnerability was introduced in version 7.1.0 of Crowd Data Center and Server. This XXE XML External Entity Injection vulnerability, with a CVSS Score of 7.9, allows an authenticated attacker to access local and remote content which has high...

7.9CVSS0.00297EPSS
Exploits0References2
CVE
CVE
added 2026/01/28 12:30 a.m.21 views

CVE-2026-21569

This CVE affects Crowd Data Center and Server (Atlassian) starting from version 7.1.0, with a high-severity XXE (XML External Entity Injection) vulnerability. The issue allows an authenticated attacker to access local and remote content, with high impact to confidentiality and availability, and l...

7.9CVSS5.9AI score0.00297EPSS
Exploits0References2Affected Software1
Mozilla
Mozilla
added 2026/01/27 12:0 a.m.8 views

Security Vulnerabilities fixed in Thunderbird 147.0.1 — Mozilla

When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted contents were rendered in a context in which the CSS styles from the outer messages were active. If...

4.3CVSS5.9AI score0.00159EPSS
Exploits0References1Affected Software1
Mozilla
Mozilla
added 2026/01/27 12:0 a.m.8 views

Security Vulnerabilities fixed in Thunderbird 140.7.1 — Mozilla

When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted contents were rendered in a context in which the CSS styles from the outer messages were active. If...

4.3CVSS5.9AI score0.00159EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 8 : thunderbird-102.6.0-2.el8.ML.1 (AXSA:2023-4885:02)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-4885:02 advisory. Mozilla: Arbitrary file read from a compromised content process CVE-2022-46872 Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbir...

9.8CVSS5.8AI score0.00921EPSS
Exploits0References8
CVE
CVE
added 2026/01/14 5:28 a.m.18 views

CVE-2025-15486

CVE-2025-15486 concerns the WordPress Kunze Law plugin (versions

4.4CVSS4.8AI score0.00237EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.4 views

MiracleLinux 9 : thunderbird-128.10.1-1.el9_6.ML.1 (AXSA:2025-10505:15)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-10505:15 advisory. thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link CVE-2025-3909 thunderbird: Sender Spoofing via Malformed From Header...

8.1CVSS6.9AI score0.00363EPSS
Exploits0References4
Rows per page
Query Builder