Vulnerability Details CVE-2026-0818
CSS-based exfiltration of the content from partially encrypted emails when allowing remote content. This vulnerability affects Thunderbird < 147.0.1 and Thunderbird < 140.7.1.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 1.9%
CVSS Severity
CVSS v3 Score 4.3
References
Products affected by CVE-2026-0818
-
cpe:2.3:a:mozilla:thunderbird:-
-
cpe:2.3:a:mozilla:thunderbird:115.10.2
-
cpe:2.3:a:mozilla:thunderbird:115.11.0
-
cpe:2.3:a:mozilla:thunderbird:115.11.1
-
cpe:2.3:a:mozilla:thunderbird:115.12.1
-
cpe:2.3:a:mozilla:thunderbird:115.12.2
-
cpe:2.3:a:mozilla:thunderbird:115.13.0
-
cpe:2.3:a:mozilla:thunderbird:115.14.0
-
cpe:2.3:a:mozilla:thunderbird:115.16.0
-
cpe:2.3:a:mozilla:thunderbird:115.16.1
-
cpe:2.3:a:mozilla:thunderbird:115.16.2
-
cpe:2.3:a:mozilla:thunderbird:115.16.3
-
cpe:2.3:a:mozilla:thunderbird:115.18.0
-
cpe:2.3:a:mozilla:thunderbird:128.0.1
-
cpe:2.3:a:mozilla:thunderbird:128.1.0
-
cpe:2.3:a:mozilla:thunderbird:128.1.1
-
cpe:2.3:a:mozilla:thunderbird:128.10.0
-
cpe:2.3:a:mozilla:thunderbird:128.10.1
-
cpe:2.3:a:mozilla:thunderbird:128.10.2
-
cpe:2.3:a:mozilla:thunderbird:128.11.0
-
cpe:2.3:a:mozilla:thunderbird:128.11.1
-
cpe:2.3:a:mozilla:thunderbird:128.12.0
-
cpe:2.3:a:mozilla:thunderbird:128.13.0
-
cpe:2.3:a:mozilla:thunderbird:128.14.0
-
cpe:2.3:a:mozilla:thunderbird:128.2.0
-
cpe:2.3:a:mozilla:thunderbird:128.2.1
-
cpe:2.3:a:mozilla:thunderbird:128.2.2
-
cpe:2.3:a:mozilla:thunderbird:128.2.3
-
cpe:2.3:a:mozilla:thunderbird:128.3.0
-
cpe:2.3:a:mozilla:thunderbird:128.3.1
-
cpe:2.3:a:mozilla:thunderbird:128.3.2
-
cpe:2.3:a:mozilla:thunderbird:128.3.3
-
cpe:2.3:a:mozilla:thunderbird:128.4.0
-
cpe:2.3:a:mozilla:thunderbird:128.4.1
-
cpe:2.3:a:mozilla:thunderbird:128.4.2
-
cpe:2.3:a:mozilla:thunderbird:128.4.3
-
cpe:2.3:a:mozilla:thunderbird:128.4.4
-
cpe:2.3:a:mozilla:thunderbird:128.5.0
-
cpe:2.3:a:mozilla:thunderbird:128.5.1
-
cpe:2.3:a:mozilla:thunderbird:128.5.2
-
cpe:2.3:a:mozilla:thunderbird:128.6.0
-
cpe:2.3:a:mozilla:thunderbird:128.7.0
-
cpe:2.3:a:mozilla:thunderbird:128.7.1
-
cpe:2.3:a:mozilla:thunderbird:128.8.0
-
cpe:2.3:a:mozilla:thunderbird:128.8.1
-
cpe:2.3:a:mozilla:thunderbird:128.9.0
-
cpe:2.3:a:mozilla:thunderbird:128.9.1
-
cpe:2.3:a:mozilla:thunderbird:128.9.2
-
cpe:2.3:a:mozilla:thunderbird:135.0
-
cpe:2.3:a:mozilla:thunderbird:139.0
-
cpe:2.3:a:mozilla:thunderbird:140.0
-
cpe:2.3:a:mozilla:thunderbird:140.0.1
-
cpe:2.3:a:mozilla:thunderbird:140.1.0
-
cpe:2.3:a:mozilla:thunderbird:140.1.1
-
cpe:2.3:a:mozilla:thunderbird:140.2.0
-
cpe:2.3:a:mozilla:thunderbird:140.2.1
-
cpe:2.3:a:mozilla:thunderbird:140.3.0
-
cpe:2.3:a:mozilla:thunderbird:140.3.1
-
cpe:2.3:a:mozilla:thunderbird:140.4.0
-
cpe:2.3:a:mozilla:thunderbird:140.5.0
-
cpe:2.3:a:mozilla:thunderbird:140.6.0
-
cpe:2.3:a:mozilla:thunderbird:140.7.0
-
cpe:2.3:a:mozilla:thunderbird:141.0
-
cpe:2.3:a:mozilla:thunderbird:142.0
-
cpe:2.3:a:mozilla:thunderbird:143.0
-
cpe:2.3:a:mozilla:thunderbird:143.0.1
-
cpe:2.3:a:mozilla:thunderbird:144.0
-
cpe:2.3:a:mozilla:thunderbird:144.0.1
-
cpe:2.3:a:mozilla:thunderbird:145.0
-
cpe:2.3:a:mozilla:thunderbird:146.0
-
cpe:2.3:a:mozilla:thunderbird:146.0.1
-
cpe:2.3:a:mozilla:thunderbird:147.0