Updated thunderbird packages fix security vulnerabilities

Sender Spoofing via Malformed From Header in Thunderbird. CVE-2025-3875 Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links. CVE-2025-3877 JavaScript Execution via Spoofed PDF Attachment and file:/// Link. CVE-2025-3909 Tracking Links in Attachments...

MGASA-2025-0168 Updated thunderbird packages fix security vulnerabilities

Sender Spoofing via Malformed From Header in Thunderbird. CVE-2025-3875 Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links. CVE-2025-3877 JavaScript Execution via Spoofed PDF Attachment and file:/// Link. CVE-2025-3909 Tracking Links in Attachments...

thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link

The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment message/rfc822 and setting its content type to...

thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link

The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment message/rfc822 and setting its content type to...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

CVE-2025-23393

A Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in spacewalk-java allows execution of arbitrary Javascript code on users machines.This issue affects Container suse/manager/5.0/x8664/server:5.0.4.7.19.1: from ? before 5.0.24-150600.3.25.1; SUSE Manager...

SUSE Manager Server 安全漏洞

SUSE Manager Server is an infrastructure management solution from SUSE Germany designed to simplify and secure the management of various Linux distributions. A security vulnerability exists in SUSE Manager Server that stems from improper neutralization of script-related HTML tags, which could lea...

RHEL 9 : thunderbird (RHSA-2025:8203)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:8203 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: thunderbird: JavaScript Execution via Spoofed PDF Attachment...

ALSA-2025:8196 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link CVE-2025-3909 thunderbird: Sender Spoofing via Malformed From Header in Thunderbird CVE-2025-3875 thunderbird: Unsolicited File Download,...

CVE-2025-23392

CVE-2025-23392 is a spacewalk-java XSS vulnerability (Improper Neutralization of Script-Related HTML Tags). Affects SUSE Manager components including Spacewalk/Spacewalk-Java modules and SUSE Manager Server Module 4.3; targeted versions listed as before 5.0.24-150600.3.25.1 for several containers...

CVE-2025-44998

A stored cross-site scripting XSS vulnerability in the component /tinyfilemanager.php of TinyFileManager v2.4.7 allows attackers to execute arbitrary JavaScript or HTML via injecting a crafted payload into the js-theme-3 parameter...

CVE-2025-44998

A stored cross-site scripting XSS vulnerability in the component /tinyfilemanager.php of TinyFileManager v2.4.7 allows attackers to execute arbitrary JavaScript or HTML via injecting a crafted payload into the js-theme-3 parameter...

CVE-2025-44998

A stored cross-site scripting XSS vulnerability in the component /tinyfilemanager.php of TinyFileManager v2.4.7 allows attackers to execute arbitrary JavaScript or HTML via injecting a crafted payload into the js-theme-3 parameter...

CVE-2024-43412

Xibo is an open source digital signage platform with a web content management system CMS. Prior to version 4.1.0, a cross-site scripting vulnerability in Xibo CMS allows authorized users to execute arbitrary JavaScript via the file preview function. Users can upload HTML/CSS/JS files into the Xib...

CVE-2024-52286

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In affected versions the Merge functionality takes untrusted user input file name and uses it directly in the creation of HTML pages allowing any unauthenticated to execute JavaScript code...

CVE-2024-47772

Discourse is an open source platform for community discussion. An attacker can execute arbitrary JavaScript on users' browsers by sending a maliciously crafted chat message and replying to it. This issue only affects sites with CSP disabled. This problem is patched in the latest version of...

CVE-2024-40746

A stored cross-site scripting XSS vulnerability in HikaShop Joomla Component 5.1.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload in the description parameter of any product. The description parameter is not sanitised in the...

CVE-2024-43413

Xibo is an open source digital signage platform with a web content management system CMS. Prior to version 4.1.0, a cross-site scripting vulnerability in Xibo CMS allows authorized users to execute JavaScript via the DataSet functionality. Users can design a DataSet with a HTML column which...

CVE-2024-43111

Long pressing on a download link could potentially allow Javascript commands to be executed within the browser This vulnerability affects Firefox for iOS 129...

CVE-2024-40618

Whale browser before 3.26.244.21 allows an attacker to execute malicious JavaScript due to improper sanitization when processing a built-in extension...