46 matches found
CVE-2026-23863
An attachment spoofing issue in WhatsApp for Windows prior to v2.3000.1032164386.258709 could have allowed maliciously formatted documents with embedded NUL bytes in the filename to be shown in the application as one type of file but run as an executable when opened. We have not seen evidence of...
CVE-2026-23863
An attachment spoofing issue in WhatsApp for Windows prior to v2.3000.1032164386.258709 could have allowed maliciously formatted documents with embedded NUL bytes in the filename to be shown in the application as one type of file but run as an executable when opened. We have not seen evidence of...
CVE-2026-23863
An attachment spoofing issue in WhatsApp for Windows prior to v2.3000.1032164386.258709 could have allowed maliciously formatted documents with embedded NUL bytes in the filename to be shown in the application as one type of file but run as an executable when opened. We have not seen evidence of...
EUVD-2026-26665
An attachment spoofing issue in WhatsApp for Windows prior to v2.3000.1032164386.258709 could have allowed maliciously formatted documents with embedded NUL bytes in the filename to be shown in the application as one type of file but run as an executable when opened...
CVE-2026-23863
An attachment spoofing issue in WhatsApp for Windows prior to v2.3000.1032164386.258709 could have allowed maliciously formatted documents with embedded NUL bytes in the filename to be shown in the application as one type of file but run as an executable when opened. We have not seen evidence of...
CVE-2026-23863
CVE-2026-23863 affects WhatsApp for Windows prior to version 2.3000.1032164386.258709. The issue is an attachment spoofing flaw where documents with embedded NUL bytes in the filename could be displayed as one file type but executed when opened. Root cause is improper handling of specially crafte...
CVE-2026-23863
An attachment spoofing issue in WhatsApp for Windows prior to v2.3000.1032164386.258709 could have allowed maliciously formatted documents with embedded NUL bytes in the filename to be shown in the application as one type of file but run as an executable when opened. We have not seen evidence of...
Facebook WhatsApp 安全漏洞
Facebook WhatsApp is a suite of Android-based mobile applications from Facebook, Inc. in the United States that utilize the Internet to deliver text messages. The application uses the contact information in the smartphone to find contacts using the software to send texts, pictures, etc. A securit...
PT-2026-36499
Name of the Vulnerable Software and Affected Versions WhatsApp for Windows versions prior to 2.3000.1032164386.258709 Description An attachment spoofing issue exists due to improper handling of hidden control characters in filenames. Specifically, the application fails to properly sanitize or...
MiracleLinux 4 : thunderbird-52.8.0-2.AXS4 (AXSA:2018-3120:04)
The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2018-3120:04 advisory. Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 CVE-2018-5150 Mozilla: Backport critical security fixes in Skia CVE-2018-5183...
EUVD-2018-16955
Malware in sbrugna...
EUVD-2005-3006
Malware in sbrugna...
thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link
The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment message/rfc822 and setting its content type to...
thunderbird: File Extension Spoofing using the Text Direction Override Character
Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document file, while in fact it was an executable file. Newer versions of Thunderbird will strip the character and show the correct file extension. This...
SUSE CVE-2018-5170
It is possible to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening a remote attachment which is a different file type than expected. This vulnerability affects Thunderbird ESR 52.8 and Thunderbird 52.8...
Mozilla Thunderbird ESR and Thunderbird Design Vulnerabilities
Mozilla Thunderbird is a stand-alone email client developed by the Mozilla Foundation from the Mozilla Application Suite that supports IMAP, POP mail protocols, and the HTML mail format.Thunderbird ESR is an extended support version of it. A security vulnerability exists in Mozilla Thunderbird ES...
DEBIAN-CVE-2018-5170
It is possible to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening a remote attachment which is a different file type than expected. This vulnerability affects Thunderbird ESR 52.8 and Thunderbird 52.8...
CVE-2018-5170
It is possible to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening a remote attachment which is a different file type than expected. This vulnerability affects Thunderbird ESR 52.8 and Thunderbird 52.8...
UBUNTU-CVE-2018-5170
It is possible to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening a remote attachment which is a different file type than expected. This vulnerability affects Thunderbird ESR 52.8 and Thunderbird 52.8...
Qualcomm Eudora 5.2.1/6.0 File Attachment Spoofing Variant Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7653/info Eudora is reported to be prone to an issue which may allow attackers to spoof the file extension in an attachment. This may aid an attacker in enticing a user of the e-mail client into executing malicious conten...