Security Advisory

CVE-2025-26695

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-03-10 18:41:25
Last updated 2026-04-13 14:27:29
Assigner mozilla
State PUBLISHED

Description

When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could have learned the length of the requested email address. This vulnerability was fixed in Thunderbird 136 and Thunderbird 128.8.