21 matches found
Astra Linux – Vulnerability in Thunderbird
An HTML email containing links to .pdf files can trigger automatic, unsolicited downloads of those files to the user’s desktop or home directory without any prompts, even if auto-saving is disabled. This behavior can be exploited to fill the disk with junk data e.g., using /dev/urandom on Linux o...
MiracleLinux 8 : thunderbird-128.12.0-1.el8_10.ML.1 (AXSA:2025-10437:13)
The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-10437:13 advisory. thunderbird: Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links CVE-2025-5986 Tenable has extracted the precedin...
MiracleLinux 9 : thunderbird-128.10.1-1.el9_6.ML.1 (AXSA:2025-10505:15)
The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-10505:15 advisory. thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link CVE-2025-3909 thunderbird: Sender Spoofing via Malformed From Header...
RockyLinux 10 : thunderbird (RLSA-2025:10195)
The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:10195 advisory. thunderbird: Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links CVE-2025-5986 Tenable has extracted the...
thunderbird security update
An update is available for thunderbird. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Thunderbird is a standalone mail and newsgroup client. Security...
RockyLinux 10 : thunderbird (RLSA-2025:8196)
The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:8196 advisory. thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link CVE-2025-3909 thunderbird: Sender Spoofing via Malformed From Header in...
thunderbird security update
An update is available for thunderbird. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Thunderbird is a standalone mail and newsgroup client. Security...
thunderbird: Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links
A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is...
thunderbird: Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links
A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is...
thunderbird: Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links
A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is...
thunderbird: Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links
A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is...
thunderbird: Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links
A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is...
thunderbird: Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links
A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is...
thunderbird: Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links
A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is...
thunderbird: Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links
A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is...
thunderbird: Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links
A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is...
Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird 128.11.1 CVE-2025-5986: Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links MFSA 2025-49 bsc1244468. Patch Instructions: To install this SUSE update use the SUSE recommend...
Important: thunderbird
Issue Overview: A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. This behavior can be abused to fill the disk with garbage data e.g. using /dev/urando...
CVE-2025-5986
A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. This behavior can be abused to fill the disk with garbage data e.g. using /dev/urandom on Linux or to...
UBUNTU-CVE-2025-5986
A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. This behavior can be abused to fill the disk with garbage data e.g. using /dev/urandom on Linux or to...