Mozilla · Thunderbird · CVE-2025-26695
**Name of the Vulnerable Software and Affected Versions**
Thunderbird versions prior to 136
Thunderbird versions prior to 128.8
**Description**
The issue arises when requesting an OpenPGP key from a WKD server, where an incorrect padding size was used. This could allow a network observer to learn the length of the requested email address.
**Recommendations**
For versions prior to 136, update to version 136 or later.
For versions prior to 128.8, update to version 128.8 or later.