CVE-2025-26696
Publication date 10 March 2025
Last updated 13 May 2026
Ubuntu priority
Description
Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which instead contained an OpenPGP signed message, were wrongly shown as being encrypted. This vulnerability was fixed in Thunderbird 136 and Thunderbird 128.8.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| thunderbird | ||
| 24.04 LTS noble |
Not affected
|
|
| 22.04 LTS jammy |
Fixed 1:128.12.0+build1-0ubuntu0.22.04.1
|
|
| 20.04 LTS focal | Not in release |
Severity score breakdown
CVSS version: CVSS v3.0
Base score
7.0 · High
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
References
Related Ubuntu Security Notices (USN)
- USN-7663-1
- Thunderbird vulnerabilities
- 22 July 2025