High severity7.0NVD Advisory· Published Mar 10, 2025· Updated Apr 13, 2026
CVE-2025-26696
CVE-2025-26696
Description
Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which instead contained an OpenPGP signed message, were wrongly shown as being encrypted. This vulnerability was fixed in Thunderbird 136 and Thunderbird 128.8.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*range: <128.8.0
- (no CPE)range: <136.0 (or <128.8)
- osv-coords3 versionspkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP6
< 128.8.0-150200.8.203.1+ 2 more
- (no CPE)range: < 128.8.0-150200.8.203.1
- (no CPE)range: < 128.8.0-150200.8.203.1
- (no CPE)range: < 128.8.0-150200.8.203.1
Patches
Vulnerability mechanics
References
3- www.mozilla.org/security/advisories/mfsa2025-17/nvdVendor Advisory
- www.mozilla.org/security/advisories/mfsa2025-18/nvdVendor Advisory
- bugzilla.mozilla.org/show_bug.cginvdIssue Tracking
News mentions
0No linked articles in our index yet.