PT-2026-5077 · Mozilla+2 · Thunderbird+2

Christian Rossow

Published

2026-01-01

Updated

2026-03-18

CVE-2026-0818

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 147.0.1 Thunderbird versions prior to 140.7.1

Description A flaw exists that could allow for CSS-based exfiltration of content from partially encrypted emails when remote content is permitted. This could potentially compromise the confidentiality of email communications.

Recommendations Update Thunderbird to version 147.0.1 or later. Update Thunderbird to version 140.7.1 or later.

Fix

CSRF

Improper Encoding or Escaping of Output

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352CWE-116CWE-200

Related Identifiers

BDU:2026-06693

CVE-2026-0818

MGASA-2026-0036

OESA-2026-1468

OESA-2026-1539

OPENSUSE-SU-2026:10128-1

OPENSUSE-SU-2026:20391-1

SUSE-SU-2026:0388-1

USN-7991-1

Affected Products

Linuxmint

Thunderbird

Ubuntu

PT-2026-5077 · Mozilla+2 · Thunderbird+2

CVE-2026-0818

Weakness Enumeration

Related Identifiers

Affected Products

References · 239