When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could have learned the length of the requested email address. This vulnerability affects Thunderbird < 136 and Thunderbird < 128.8.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Thunderbird | Ubuntu | upstream | * |