CVE-2025-26695 Information

Description

When requesting an OpenPGP key from a WKD server an incorrect padding size was used and a network observer could have learned the length of the requested email address. This vulnerability affects Thunderbird < 136 and Thunderbird < 128.8.

Reference

https://bugzilla.mozilla.org/show_bug.cgi?id=1883039 https://www.mozilla.org/security/advisories/mfsa2025-17/ https://www.mozilla.org/security/advisories/mfsa2025-18/