EUVD-1999-0998

Malware in sbrugna...

EUVD-2017-8994

Malware in sbrugna...

EUVD-2022-28205

Malicious code in bioql PyPI...

CVE-2025-3932

It was possible to craft an email that showed a tracking link as an attachment. If the user attempted to open the attachment, Thunderbird automatically accessed the link. The configuration to block remote content did not prevent that. Thunderbird has been fixed to no longer allow access to web...

Security Vulnerabilities fixed in Thunderbird 138.0.1 — Mozilla

Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From address to be used. For example, if the From header contains an invalid value "Spoofed Name [email protected] [email protected]", Thunderbird treats [email protected] as the...

CVE-2013-4479

lib/sup/messagechunks.rb in Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the contenttype of an email attachment...

Threat Outbreak Alert: Fake Account Invoice Statement Email Messages on October 26, 2013

Medium Alert ID: 31504 First Published: 2013 October 28 17:39 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain an account invoice statement for the recipient. The text in the email message attempts to persuade the recipie...

CVE-2002-1210

Qualcomm Eudora 5.1.1, 5.2, and possibly other versions stores email attachments in a predictable location, which allows remote attackers to read arbitrary files via a link that loads an attachment with malicious script into a frame, which then executes the script in the local browser context...