{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-26696","assignerOrgId":"f16b083a-5664-49f3-a51e-8d479e5ed7fe","state":"PUBLISHED","assignerShortName":"mozilla","dateReserved":"2025-02-13T22:03:43.233Z","datePublished":"2025-03-10T18:41:25.205Z","dateUpdated":"2026-04-13T14:27:27.799Z"},"containers":{"cna":{"affected":[{"product":"Thunderbird","vendor":"Mozilla","versions":[{"status":"unaffected","version":"128.8","lessThanOrEqual":"128.*","versionType":"rpm"},{"status":"unaffected","version":"136","lessThanOrEqual":"*","versionType":"rpm"}]}],"descriptions":[{"lang":"en","value":"Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which instead contained an OpenPGP signed message, were wrongly shown as being encrypted. This vulnerability was fixed in Thunderbird 136 and Thunderbird 128.8.","supportingMedia":[{"type":"text/html","base64":false,"value":"Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which instead contained an OpenPGP signed message, were wrongly shown as being encrypted. This vulnerability was fixed in Thunderbird 136 and Thunderbird 128.8."}]}],"title":"Crafted email message incorrectly shown as being encrypted","references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1864205"},{"url":"https://www.mozilla.org/security/advisories/mfsa2025-17/"},{"url":"https://www.mozilla.org/security/advisories/mfsa2025-18/"}],"credits":[{"lang":"en","value":"Marcus Brinkmann"}],"providerMetadata":{"orgId":"f16b083a-5664-49f3-a51e-8d479e5ed7fe","shortName":"mozilla","dateUpdated":"2026-04-13T14:27:27.799Z"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-290","lang":"en","description":"CWE-290 Authentication Bypass by Spoofing"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":7,"attackVector":"NETWORK","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L","integrityImpact":"LOW","userInteraction":"NONE","attackComplexity":"HIGH","availabilityImpact":"LOW","privilegesRequired":"NONE","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-03-11T19:15:27.829296Z","id":"CVE-2025-26696","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-03-11T19:17:04.139Z"}}]}}