Primary

Context

Mozilla Thunderbird OpenPGP Message Misrepresentation Vulnerability

Vulnerability

Patched

A vulnerability exists in certain versions of Mozilla Thunderbird where crafted MIME email messages were incorrectly displayed as encrypted. This issue arises when a message claims to contain an encrypted OpenPGP message but actually includes an OpenPGP signed message instead. The vulnerability affects Thunderbird versions prior to 136 and prior to 128.8.

Impact

This vulnerability could lead to confusion about the encryption status of OpenPGP messages, potentially allowing sensitive information to be mismanaged or improperly disclosed.

Remediation

Users can upgrade to Thunderbird 136 or Thunderbird 128.8 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mozilla Thunderbird OpenPGP Message Misrepresentation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Mozilla Thunderbird

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating