Lucene search
K

385 matches found

NVD
NVD
added 2025/04/15 3:16 p.m.10 views

CVE-2025-3523

When an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL header, only the last link is shown when hovering over any attachment. Although the correct link is used on click, the misleading hover text could trick users into downloading content from...

6.4CVSS0.0028EPSS
Exploits0References3
OSV
OSV
added 2025/04/15 3:16 p.m.11 views

CVE-2025-3523

When an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL header, only the last link is shown when hovering over any attachment. Although the correct link is used on click, the misleading hover text could trick users into downloading content from...

6.4CVSS6.8AI score
Exploits0References3
OSV
OSV
added 2025/04/15 3:16 p.m.10 views

UBUNTU-CVE-2025-3523

When an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL header, only the last link is shown when hovering over any attachment. Although the correct link is used on click, the misleading hover text could trick users into downloading content from...

6.4CVSS6.6AI score0.0028EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/04/15 3:6 p.m.19 views

CVE-2025-3523 User Interface (UI) Misrepresentation of attachment URL

When an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL header, only the last link is shown when hovering over any attachment. Although the correct link is used on click, the misleading hover text could trick users into downloading content from...

0.0028EPSS
Exploits0References3
CVE
CVE
added 2025/04/15 3:6 p.m.120 views

CVE-2025-3523

Vulnerability in Thunderbird where the X-Mozilla-External-Attachment-URL header is processed such that only the last external link is shown on hover for multi-attachment messages. The hover text can mislead users into downloading content from untrusted sources, while the correct link is used on c...

6.4CVSS6.6AI score0.0028EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2025/04/15 3:6 p.m.4 views

CVE-2025-3523

When an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL header, only the last link is shown when hovering over any attachment. Although the correct link is used on click, the misleading hover text could trick users into downloading content from...

6.4CVSS6.3AI score0.0028EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2025/04/15 3:6 p.m.5 views

CVE-2025-3522 Leak of hashed Window credentials via crafted attachment URL

Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an email is opened, Thunderbird accesses the specified URL to determine file size, and navigates to it when the user clicks the attachment. Because the URL is not validate...

6.7AI score0.0024EPSS
Exploits0References3
CVE
CVE
added 2025/04/15 3:6 p.m.123 views

CVE-2025-3522

Summary of CVE-2025-3522 (Thunderbird) : Thunderbird improperly processes the X-Mozilla-External-Attachment-URL header used for external attachments. When opening an email, Thunderbird fetches the URL to determine file size and may navigate to it when attaching is clicked. The URL is not validate...

6.3CVSS6.7AI score0.0024EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/04/15 12:0 a.m.3 views

PT-2025-16353 · Mozilla +10 · Thunderbird +10

Name of the Vulnerable Software and Affected Versions: Thunderbird versions prior to 137.0.2 Thunderbird versions prior to 128.9.2 Description: The issue arises when an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL header. In such cases, only th...

9.8CVSS6.3AI score0.1307EPSS
Exploits3References310
Malwarebytes
Malwarebytes
added 2025/04/03 3:32 p.m.24 views

QR codes sent in attachments are the new favorite for phishers

Recently we’ve been seeing quite a few phishing campaigns using QR codes in email attachments. The lure and the targets are varied, but the use of a QR code to get someone to visit the phishing site is fast becoming a preferred method for cybercriminals. There are several reasons why cybercrimina...

6.8AI score
Exploits0
HackRead
HackRead
added 2025/03/24 8:28 p.m.13 views

5 Unexpected Devices You Didn’t Know Could Spread Malware

When you think of malware, your mind probably jumps to malicious downloads or email attachments. But it turns…...

7.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2020-11879

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary non-RFC6068 mailto?attach=... parameter, a website or other source of mailto...

6.5CVSS6.4AI score0.02682EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/05 1:25 a.m.12 views

CVE-2024-20401

A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to overwrite arbitrary files on the underlying operating system. This vulnerability is due to improper handling of email attachments when file...

9.8CVSS7.7AI score0.02278EPSS
Exploits0References1
Atlassian
Atlassian
added 2025/01/22 12:12 p.m.21 views

Able to attach restricted files to Jira issues from Email

h3. Issue Summary From 9.15, admins can now restrict unwanted file extensions from being uploaded through issues. However, the restriction does not work when the attachment is sent via email. The files with restricted extensions are being uploaded to Jira issues. Reference:Restrict unwanted file...

7AI score
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/14 12:0 a.m.5 views

PT-2025-1103 · Microsoft · Windows App Package Installer +1

Name of the Vulnerable Software and Affected Versions: Windows App Package Installer affected versions not specified Description: The issue is related to weaknesses in the authorization procedure of the Windows App Package Installer, allowing an attacker to elevate their privileges. This can be...

7.8CVSS9.5AI score0.00606EPSS
Exploits0References13
RedHat Linux
RedHat Linux
added 2024/11/12 8:58 a.m.4 views

emacs: LaTeX preview is enabled by default for e-mail attachments

A flaw was found in Emacs. When Emacs is used as an email client, a preview of a crafted LaTeX document attached to an email can exhaust the disk space or the inodes allocated for the partition where the /tmp directory is located. This issue possibly results in a denial of service...

2.8CVSS7.2AI score0.00471EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/08/21 12:0 a.m.23 views

EulerOS Virtualization 2.11.1 : emacs (EulerOS-SA-2024-2165)

According to the versions of the emacs package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.CVE-2024-30205 I...

7.1CVSS6.5AI score0.00482EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/08/21 12:0 a.m.19 views

EulerOS Virtualization 2.11.0 : emacs (EulerOS-SA-2024-2190)

According to the versions of the emacs package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.CVE-2024-30205 I...

7.1CVSS6.5AI score0.00482EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/08/20 12:0 a.m.16 views

EulerOS 2.0 SP12 : emacs (EulerOS-SA-2024-2210)

According to the versions of the emacs package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.CVE-2024-30205 In Emacs before...

7.1CVSS6.5AI score0.00482EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/08/01 8:10 a.m.7 views

emacs: org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code

A flaw was found in Emacs. Arbitrary shell commands can be executed without prompting when an Org mode file is opened or when the Org mode is enabled, when Emacs is used as an email client, this issue can be triggered when previewing email attachments...

9.8CVSS5.8AI score0.01312EPSS
Exploits0References5
Rows per page
Query Builder