Important: Red Hat Security Advisory: OpenShift Container Platform 4.18.35 bug fix and security update

Red Hat OpenShift Container Platform release 4.18.35 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.18. Red Hat Product Security has rated this update as having a...

EUVD-2026-3875

Missing Authorization vulnerability in e-plugins fitness-trainer fitness-trainer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects fitness-trainer: from n/a through = 1.7.1...

MiracleLinux 8 : bind9.16-9.16.23-0.7.el8.1 (AXSA:2022-3875:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3875:02 advisory. bind: BIND 9 resolvers configured to answer from cache with zero stale-answer-timeout may terminate unexpectedly CVE-2022-3080 bind: memory leak in...

MiracleLinux 8 : thunderbird-128.11.0-1.el8_10.ML.1 (AXSA:2025-10026:12)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-10026:12 advisory. thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link CVE-2025-3909 thunderbird: Sender Spoofing via Malformed From Header...

RockyLinux 9 : thunderbird (RLSA-2025:8203)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:8203 advisory. thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link CVE-2025-3909 thunderbird: Sender Spoofing via Malformed From Header in...

EUVD-2020-3875

Malware in sbrugna...

thunderbird security update

An update is available for thunderbird. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Thunderbird is a standalone mail and newsgroup client. Security...

TencentOS Server 3: thunderbird (TSSA-2025:0496)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0496 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

AlmaLinux 8 : thunderbird (ALSA-2025:8756)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2025:8756 advisory. thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link CVE-2025-3909 thunderbird: Sender Spoofing via Malformed From Header in...

RHEL 8 : thunderbird (RHSA-2025:8756)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:8756 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: thunderbird: JavaScript Execution via Spoofed PDF Attachment...

RHEL 10 : thunderbird (RHSA-2025:8196)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:8196 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: thunderbird: JavaScript Execution via Spoofed PDF Attachment...

SUSE SLED15 / SLES15 Security Update : MozillaThunderbird (SUSE-SU-2025:01660-2)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:01660-2 advisory. Update to Mozilla Thunderbird 128.10.1. Security fixes: - MFSA 2025-34 bsc1243216 CVE-2025-3875: Sender...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : MozillaThunderbird (SUSE-SU-2025:01660-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:01660-1 advisory. Update to Mozilla Thunderbird 128.10.1. Security fixes: - MFSA 2025-34 bsc1243216 CVE-2025-3875...

CVE-2020-3875

A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to read restricted memory...

MozillaThunderbird-128.10.1-1.1 on GA media (moderate)

MozillaThunderbird-128.10.1-1.1 on GA media Announcement ID: openSUSE-SU-2025:15131-1 Rating: moderate Cross-References: CVE-2025-3875 CVE-2025-3877 CVE-2025-3909 CVE-2025-3932 Affected Products: openSUSE Tumbleweed An update that solves 4 vulnerabilities can now be installed. Description: These...

Slackware: Security Advisory (SSA:2025-136-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian dsa-5921 : thunderbird - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5921 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5921-1 [email protected] https://www.debian.org/securit...

CVE-2025-3875

creationtimestamp| type| source ---|---|--- 2025-05-14 17:32:24+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/16352 2026-04-13 17:55:39+00:00| seen| Telegram/4Vx4R6xou6qXHv3AbtTLRrpL9hIHAaokGjUtgj9B731Cf0...

CVE-2025-3875

Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From address to be used. For example, if the From header contains an invalid value "Spoofed Name ", Thunderbird treats [email protected] as the actual address. This vulnerability was fixed ...

CVE-2024-3875

The CVE-2024-3875 issue affects Tenda F1202 devices, specifically the fromNatlimit function in the /goform/Natlimit file (version 1.2.0.20(408)). The vulnerability is a stack-based buffer overflow triggered by manipulating the page parameter, allowing remote exploitation. Impact is stated as incl...