Nixpkgs security tracker

Untriaged

Permalink CVE-2026-0818

4.3 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): NONE
Availability impact (A): NONE

created 2 months, 3 weeks ago

CSS-based exfiltration of the content from partially encrypted emails when allowing remote content

CSS-based exfiltration of the content from partially encrypted emails when allowing remote content. This vulnerability affects Thunderbird < 147.0.1 and Thunderbird < 140.7.1.

References

Affected products

Thunderbird

<147.0.1
<140.7.1

Matching in nixpkgs

pkgs.thunderbird-unwrapped

Full-featured e-mail client

nixos-unstable 141.0
- nixpkgs-unstable 141.0
- nixos-unstable-small 141.0
nixos-25.11 146.0.1

pkgs.thunderbird-128-unwrapped

Full-featured e-mail client

nixos-unstable 128.13.0esr
- nixpkgs-unstable 128.13.0esr
- nixos-unstable-small 128.13.0esr

pkgs.thunderbird-140-unwrapped

Full-featured e-mail client

nixos-25.11 140.6.0esr

pkgs.thunderbird-esr-unwrapped

Full-featured e-mail client

nixos-unstable 128.13.0esr
- nixpkgs-unstable 128.13.0esr
- nixos-unstable-small 128.13.0esr
nixos-25.11 140.6.0esr

pkgs.pkgsRocm.thunderbird-latest

Full-featured e-mail client

nixos-25.11 146.0.1
- nixpkgs-25.11-darwin 145.0

pkgs.thunderbird-latest-unwrapped

Full-featured e-mail client

nixos-unstable 141.0
- nixpkgs-unstable 141.0
- nixos-unstable-small 141.0
nixos-25.11 146.0.1

pkgs.thunderbirdPackages.thunderbird

Full-featured e-mail client

nixos-unstable 141.0
- nixpkgs-unstable 141.0
- nixos-unstable-small 141.0
nixos-25.11 146.0.1

pkgs.roundcubePlugins.thunderbird_labels

None

nixos-25.11 1.6.0
- nixpkgs-25.11-darwin 1.6.0

pkgs.thunderbirdPackages.thunderbird-128

Full-featured e-mail client

nixos-unstable 128.13.0esr
- nixpkgs-unstable 128.13.0esr
- nixos-unstable-small 128.13.0esr

pkgs.thunderbirdPackages.thunderbird-140

Full-featured e-mail client

nixos-25.11 140.6.0esr

pkgs.thunderbirdPackages.thunderbird-esr

Full-featured e-mail client

nixos-unstable 128.13.0esr
- nixpkgs-unstable 128.13.0esr
- nixos-unstable-small 128.13.0esr
nixos-25.11 140.6.0esr
- nixpkgs-25.11-darwin 140.6.0esr

pkgs.thunderbirdPackages.thunderbird-latest

Full-featured e-mail client

nixos-unstable 141.0
- nixpkgs-unstable 141.0
- nixos-unstable-small 141.0
nixos-25.11 146.0.1
- nixpkgs-25.11-darwin 145.0

pkgs.pkgsRocm.thunderbirdPackages.thunderbird-latest

Full-featured e-mail client

nixos-25.11 146.0.1
- nixpkgs-25.11-darwin 145.0

Package maintainers

@lovesegfault Bernardo Meurer <meurerbernardo@gmail.com>
@nbp Nicolas B. Pierron <nixos@nbp.name>
@vcunat Vladimír Čunát <v@cunat.cz>
@booxter Ihar Hrachyshka <ihar.hrachyshka@gmail.com>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.thunderbird-unwrapped

pkgs.thunderbird-128-unwrapped

pkgs.thunderbird-140-unwrapped

pkgs.thunderbird-esr-unwrapped

pkgs.pkgsRocm.thunderbird-latest

pkgs.thunderbird-latest-unwrapped

pkgs.thunderbirdPackages.thunderbird

pkgs.roundcubePlugins.thunderbird_labels

pkgs.thunderbirdPackages.thunderbird-128

pkgs.thunderbirdPackages.thunderbird-140

pkgs.thunderbirdPackages.thunderbird-esr

pkgs.thunderbirdPackages.thunderbird-latest

pkgs.pkgsRocm.thunderbirdPackages.thunderbird-latest

Package maintainers