CVE-2025-26695

March 10, 2025, 7:15 p.m.

None
No Score

Description

When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could have learned the length of the requested email address. This vulnerability affects Thunderbird < 136 and Thunderbird < 128.8.

Product(s) Impacted

Product Versions
Thunderbird
  • < 136
  • < 128.8

Weaknesses

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1883039
https://www.mozilla.org/security/advisories/mfsa2025-17/
https://www.mozilla.org/security/advisories/mfsa2025-18/

Tags

security@mozilla.org
2025-03-10
CVE-2025-26695

Date

  • Published: March 10, 2025, 7:15 p.m.
  • Last Modified: March 10, 2025, 7:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security@mozilla.org

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.