Mozilla Foundation Security Advisory 2026-08
Security Vulnerabilities fixed in Thunderbird 140.7.1
- Announced
- January 27, 2026
- Impact
- moderate
- Products
- Thunderbird
- Fixed in
-
- Thunderbird 140.7.1
#CVE-2026-0818: CSS-based exfiltration of the content from partially encrypted emails when allowing remote content
- Reporter
- Leon Trampert, Daniel Weber, Christian Rossow, Michael Schwarz
- Impact
- moderate