Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-26696

Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which instead contained an OpenPGP signed message, were wrongly shown as being encrypted. This vulnerability affects Thunderbird < 136 and Thunderbird < 128.8.

Published

2025-03-10T19:15:40.670

Last Modified

2025-04-03T13:30:33.593

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.0 (HIGH)

Weaknesses

Type: Secondary
CWE-290

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mozilla	thunderbird	< 128.8.0	Yes
Application	mozilla	thunderbird	< 136.0	Yes

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1864205 Issue Tracking ([email protected])
https://www.mozilla.org/security/advisories/mfsa2025-17/ Vendor Advisory ([email protected])
https://www.mozilla.org/security/advisories/mfsa2025-18/ Vendor Advisory ([email protected])