CNNVD-202601-4801 Information
CNNVD ID
CNNVD-202601-4801
Related CVE
- CNNVD Published: 2026-01-28
Description (Chinese)
Mozilla Thunderbird是美国Mozilla基金会的一套从Mozilla Application Suite独立出来的电子邮件客户端软件。该软件支持IMAP、POP邮件协议以及HTML邮件格式。 Thunderbird 147.0.1之前版本和140.7.1之前版本存在安全漏洞,该漏洞源于解密内联OpenPGP消息时CSS样式应用不当,可能导致秘密内容泄露。
Description (English)
Mozilla Thunderbird is an independent e-mail client from Mozilla Application Suite of the Mozilla Foundation in the United States. The software supports IMAP, POP mail protocols and HTML mail formats. There is a security loophole in the previous version of Thunderbird 147.0.1 and in the previous version of 140.7.1, which stems from the improper application of the CSS style when the information from OpenPGP is decrypted and may lead to the disclosure of secret content.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Mozilla
Published
2026-01-28
Last Modified
2026-02-24
References
https://bugzilla.mozilla.org/show_bug.cgi?id=1881530 https://www.mozilla.org/security/advisories/mfsa2026-07/ https://www.mozilla.org/security/advisories/mfsa2026-08/
Patch
https://www.thunderbird.net/zh-CN/download/
Share on: