5 matches found
CVE-2025-3909
Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment message/rfc822 and setting its content type to application/pdf, Thunderbird may incorrectly render it as HTML when opened,...
CVE-2025-3909
Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment message/rfc822 and setting its content type to application/pdf, Thunderbird may incorrectly render it as HTML when opened,...
CVE-2025-3909
Thunderbird (email client) is affected by CVE-2025-3909 via the X-Mozilla-External-Attachment-URL header. An attacker could craft a nested message/rfc822 attachment with content type application/pdf, causing Thunderbird to render it as HTML and execute JavaScript in the file:/// context after aut...
CVE-2025-3909 JavaScript Execution via Spoofed PDF Attachment and file:/// Link
Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment message/rfc822 and setting its content type to application/pdf, Thunderbird may incorrectly render it as HTML when opened,...
Дырка в GroupWise client
Пользователь может получить доступ к файлам, доступ к которым запрещен системной политикой используя файлы в качестве вложения в письмо...