Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-26695

Опубликовано: 10 мар. 2025
Источник: redhat
CVSS3: 4.3
EPSS Низкий

Описание

When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could have learned the length of the requested email address. This vulnerability affects Thunderbird < 136 and Thunderbird < 128.8.

A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: When requesting an OpenPGP key from a WKD server, an incorrect padding size was used, and a network observer could have learned the length of the requested email address.

Отчет

Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10thunderbirdAffected
Red Hat Enterprise Linux 10thunderbird-flatpak-containerAffected
Red Hat Enterprise Linux 6thunderbirdOut of support scope
Red Hat Enterprise Linux 7thunderbirdOut of support scope
Red Hat Enterprise Linux 8thunderbirdAffected
Red Hat Enterprise Linux 9thunderbirdAffected
Red Hat Enterprise Linux 9thunderbird-flatpak-containerAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-203
https://bugzilla.redhat.com/show_bug.cgi?id=2351146thunderbird: Downloading of OpenPGP keys from WKD used incorrect padding

EPSS

Процентиль: 6%
0.00029
Низкий

4.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-26695

CVSS3: 5.3
ubuntu
5 месяцев назад

When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could have learned the length of the requested email address. This vulnerability affects Thunderbird < 136 and Thunderbird < 128.8.

nvd логотип

CVE-2025-26695

CVSS3: 5.3
nvd
5 месяцев назад

When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could have learned the length of the requested email address. This vulnerability affects Thunderbird < 136 and Thunderbird < 128.8.

debian логотип

CVE-2025-26695

CVSS3: 5.3
debian
5 месяцев назад

When requesting an OpenPGP key from a WKD server, an incorrect padding ...

github логотип

GHSA-29qq-gf32-fj2m

CVSS3: 5.3
github
5 месяцев назад

When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could have learned the length of the requested email address. This vulnerability affects Thunderbird < 136 and Thunderbird < 128.8.

fstec логотип

BDU:2025-02578

CVSS3: 5.3
fstec
6 месяцев назад

Уязвимость почтового клиента Thunderbird, связанная с некорректным импортом ключа OpenPGP с сервера WKD, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 6%
0.00029
Низкий

4.3 Medium

CVSS3