Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Mozilla Thunderbird < 137.0.2

🗓️ 16 Apr 2025 00:00:00Reported by TenableType 
nessus
 nessus🔗 www.tenable.com👁 11 Views

Mozilla Thunderbird versions before 137.0.2 have multiple vulnerabilities affecting security.

Related
Refs
Code
ReporterTitlePublishedViews
Family
Tenable Nessus		Amazon Linux 2 : thunderbird, --advisory ALAS2-2025-2858 (ALAS-2025-2858)
29 May 202500:00
nessus
Tenable Nessus		AlmaLinux 9 : thunderbird (ALSA-2025:4229)
28 Apr 202500:00
nessus
Tenable Nessus		AlmaLinux 8 : thunderbird (ALSA-2025:4649)
12 May 202500:00
nessus
Tenable Nessus		AlmaLinux 9 : thunderbird (ALSA-2025:7435)
21 May 202500:00
nessus
Tenable Nessus		Debian dsa-5912 : thunderbird - security update
1 May 202500:00
nessus
Tenable Nessus		Fedora 42 : thunderbird (2025-013f8d6631)
3 Jul 202500:00
nessus
Tenable Nessus		Fedora 41 : thunderbird (2025-9e6d18cb4f)
21 Apr 202500:00
nessus
Tenable Nessus		Fedora 40 : thunderbird (2025-fd8eb9ca57)
27 Apr 202500:00
nessus
Tenable Nessus		Mozilla Thunderbird < 128.9.2
15 Apr 202500:00
nessus
Tenable Nessus		MiracleLinux 9 : thunderbird-128.10.0-1.el9_6.ML.1 (AXSA:2025-10475:14)
13 Jan 202600:00
nessus
Rows per page
#%NASL_MIN_LEVEL 80900
## 
# (C) Tenable, Inc.
#                                  
# The descriptive text and package checks in this plugin were
# extracted from Mozilla Foundation Security Advisory mfsa2025-26.
# The text itself is copyright (C) Mozilla Foundation.
##

include('compat.inc');

if (description)
{
  script_id(234491);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/11/18");

  script_cve_id("CVE-2025-2830", "CVE-2025-3522", "CVE-2025-3523");
  script_xref(name:"IAVA", value:"2025-A-0279-S");

  script_name(english:"Mozilla Thunderbird < 137.0.2");

  script_set_attribute(attribute:"synopsis", value:
"A mail client installed on the remote macOS or Mac OS X host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 137.0.2. It is, therefore,
affected by multiple vulnerabilities as referenced in the mfsa2025-26 advisory.

  - When an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL
    header, only the last link is shown when hovering over any attachment. Although the correct link is used
    on click, the misleading hover text could trick users into downloading content from untrusted sources.
    (CVE-2025-3523)

  - Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be
    hosted externally. When an email is opened, Thunderbird accesses the specified URL to  determine file
    size, and navigates to it when the user clicks the attachment. Because the URL is not validated or
    sanitized, it can reference internal resources like chrome:// or SMB share file:// links, potentially
    leading to hashed Windows credential leakage and opening the door to more serious security issues.
    (CVE-2025-3522)

  - By crafting a malformed file name for an attachment in a multipart message, an attacker can trick
    Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a new
    message. This vulnerability could allow attackers to disclose sensitive information from the victim's
    system. This vulnerability is not limited to Linux; similar behavior has been observed on Windows as well.
    (CVE-2025-2830)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2025-26/");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Mozilla Thunderbird version 137.0.2 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-3522");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2025-3523");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/04/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/04/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/04/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:thunderbird");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("macosx_thunderbird_installed.nasl");
  script_require_keys("installed_sw/Mozilla Thunderbird");

  exit(0);
}

include('vdf.inc');

# @tvdl-content-verify-only
var vuln_data = {
  "metadata": {
    "spec_version": "1.0"
  },
  "requires": [
    {
      "scope": "target",
      "match": {
        "os": "macos"
      }
    }
  ],
  "checks": [
    {
      "product": {
        "name": "Mozilla Thunderbird",
        "type": "app"
      },
      "check_algorithm": "default",
      "constraints": [
        {
          "fixed_version": "137.0.2"
        }
      ]
    }
  ]
};

var vdf_result = vdf::check_and_report(vuln_data:vuln_data, severity:SECURITY_HOLE);
vdf::handle_check_and_report_errors(vdf_result:vdf_result);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
18 Nov 2025 00:00Current
6.8Medium risk
Vulners AI Score6.8
CVSS 3.16.4
EPSS0.00295
SSVC
mozilla thunderbird vulnerabilitiesexternal link issuesuser credential exposuresensitive information disclosuremisleading hover textversion 137.0.2
11