Primary

Context

Mozilla Thunderbird CSS-Based Exfiltration Vulnerability in Partially Encrypted Emails

Vulnerability

Patched

A vulnerability exists in Mozilla Thunderbird versions prior to 147.0.1 and prior to 140.7.1, allowing for CSS-based exfiltration of content from partially encrypted emails when remote content is permitted. This issue could lead to unauthorized access to sensitive information within the emails.

Impact

Exploitation of this vulnerability could result in the unauthorized exfiltration of content from partially encrypted emails, potentially exposing sensitive information.

Remediation

Users can upgrade to Thunderbird version 147.0.1 or 140.7.1 to address this vulnerability.

Added: Jan 28, 2026, 8:22 AM

Updated: Jan 28, 2026, 8:22 AM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

4.4

remediation

7.7

relevance

2.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

4.4

remediation

7.7

relevance

2.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mozilla Thunderbird CSS-Based Exfiltration Vulnerability in Partially Encrypted Emails

Vulnerability

Impact

Remediation

Affected Products

Mozilla Thunderbird

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating