382 matches found
SUSE-SU-2026:0388-1 Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 140.7.1 MFSA 2026-08 bsc1257397: - CVE-2026-0818: CSS-based exfiltration of the content from partially encrypted emails when allowing remote content...
SUSE CVE-2026-0818
When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted contents were rendered in a context in which the CSS styles from the outer messages were active. If...
CVE-2026-21569
This High severity XXE XML External Entity Injection vulnerability was introduced in version 7.1.0 of Crowd Data Center and Server. This XXE XML External Entity Injection vulnerability, with a CVSS Score of 7.9, allows an authenticated attacker to access local and remote content which has high...
CVE-2026-0818
When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted contents were rendered in a context in which the CSS styles from the outer messages were active. If...
UBUNTU-CVE-2026-0818
When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted contents were rendered in a context in which the CSS styles from the outer messages were active. If...
CVE-2026-0818
When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted contents were rendered in a context in which the CSS styles from the outer messages were active. If...
CVE-2026-0818
When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted contents were rendered in a context in which the CSS styles from the outer messages were active. If...
CVE-2026-0818 CSS-based exfiltration of the content from partially encrypted emails when allowing remote content
When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted contents were rendered in a context in which the CSS styles from the outer messages were active. If...
CVE-2026-0818
When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted contents were rendered in a context in which the CSS styles from the outer messages were active. If...
CVE-2026-0818 CSS-based exfiltration of the content from partially encrypted emails when allowing remote content
When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted contents were rendered in a context in which the CSS styles from the outer messages were active. If...
CVE-2026-0818
When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted contents were rendered in a context in which the CSS styles from the outer messages were active. If...
EUVD-2026-4880
CSS-based exfiltration of the content from partially encrypted emails when allowing remote content. This vulnerability affects Thunderbird 147.0.1 and Thunderbird 140.7.1...
CVE-2026-0818
CVE-2026-0818 concerns Thunderbird where decrypting an inline OpenPGP message embedded in HTML/CSS could render in a context with outer email CSS, potentially enabling exfiltration of secret content if remote content is allowed. Affected versions: Thunderbird < 147.0.1 and Thunderbird
CVE-2026-21569
This High severity XXE XML External Entity Injection vulnerability was introduced in version 7.1.0 of Crowd Data Center and Server. This XXE XML External Entity Injection vulnerability, with a CVSS Score of 7.9, allows an authenticated attacker to access local and remote content which has high...
CVE-2026-21569
This CVE affects Crowd Data Center and Server (Atlassian) starting from version 7.1.0, with a high-severity XXE (XML External Entity Injection) vulnerability. The issue allows an authenticated attacker to access local and remote content, with high impact to confidentiality and availability, and l...
Security Vulnerabilities fixed in Thunderbird 147.0.1 — Mozilla
When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted contents were rendered in a context in which the CSS styles from the outer messages were active. If...
Security Vulnerabilities fixed in Thunderbird 140.7.1 — Mozilla
When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted contents were rendered in a context in which the CSS styles from the outer messages were active. If...
MiracleLinux 8 : thunderbird-102.6.0-2.el8.ML.1 (AXSA:2023-4885:02)
The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-4885:02 advisory. Mozilla: Arbitrary file read from a compromised content process CVE-2022-46872 Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbir...
CVE-2025-15486
CVE-2025-15486 concerns the WordPress Kunze Law plugin (versions
MiracleLinux 9 : thunderbird-128.10.1-1.el9_6.ML.1 (AXSA:2025-10505:15)
The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-10505:15 advisory. thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link CVE-2025-3909 thunderbird: Sender Spoofing via Malformed From Header...