CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-26696: Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which instead contained an OpenPGP signed message, were...

Description

Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which instead contained an OpenPGP signed message, were wrongly shown as being encrypted. This vulnerability affects Thunderbird < 136 and Thunderbird < 128.8.

Classification

CVE ID: CVE-2025-26696

Problem Types

Crafted email message incorrectly shown as being encrypted

Affected Products

Vendor: Mozilla, Mozilla

Product: Thunderbird, Thunderbird

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.08% (probability of being exploited)

EPSS Percentile: 21.39% (scored less or equal to compared to others)

EPSS Date: 2025-04-08 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-26696
https://bugzilla.mozilla.org/show_bug.cgi?id=1864205
https://www.mozilla.org/security/advisories/mfsa2025-17/
https://www.mozilla.org/security/advisories/mfsa2025-18/

Timeline

2025-03-10 19:40:22 UTC
CVE

Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which instead contained an OpenPGP signed message, were...