385 matches found
CVE-2025-3523
When an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL header, only the last link is shown when hovering over any attachment. Although the correct link is used on click, the misleading hover text could trick users into downloading content from...
CVE-2025-3523
When an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL header, only the last link is shown when hovering over any attachment. Although the correct link is used on click, the misleading hover text could trick users into downloading content from...
UBUNTU-CVE-2025-3523
When an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL header, only the last link is shown when hovering over any attachment. Although the correct link is used on click, the misleading hover text could trick users into downloading content from...
CVE-2025-3523 User Interface (UI) Misrepresentation of attachment URL
When an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL header, only the last link is shown when hovering over any attachment. Although the correct link is used on click, the misleading hover text could trick users into downloading content from...
CVE-2025-3523
Vulnerability in Thunderbird where the X-Mozilla-External-Attachment-URL header is processed such that only the last external link is shown on hover for multi-attachment messages. The hover text can mislead users into downloading content from untrusted sources, while the correct link is used on c...
CVE-2025-3523
When an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL header, only the last link is shown when hovering over any attachment. Although the correct link is used on click, the misleading hover text could trick users into downloading content from...
CVE-2025-3522 Leak of hashed Window credentials via crafted attachment URL
Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an email is opened, Thunderbird accesses the specified URL to determine file size, and navigates to it when the user clicks the attachment. Because the URL is not validate...
CVE-2025-3522
Summary of CVE-2025-3522 (Thunderbird) : Thunderbird improperly processes the X-Mozilla-External-Attachment-URL header used for external attachments. When opening an email, Thunderbird fetches the URL to determine file size and may navigate to it when attaching is clicked. The URL is not validate...
PT-2025-16353 · Mozilla +10 · Thunderbird +10
Name of the Vulnerable Software and Affected Versions: Thunderbird versions prior to 137.0.2 Thunderbird versions prior to 128.9.2 Description: The issue arises when an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL header. In such cases, only th...
QR codes sent in attachments are the new favorite for phishers
Recently we’ve been seeing quite a few phishing campaigns using QR codes in email attachments. The lure and the targets are varied, but the use of a QR code to get someone to visit the phishing site is fast becoming a preferred method for cybercriminals. There are several reasons why cybercrimina...
5 Unexpected Devices You Didn’t Know Could Spread Malware
When you think of malware, your mind probably jumps to malicious downloads or email attachments. But it turns…...
Linux Distros Unpatched Vulnerability : CVE-2020-11879
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary non-RFC6068 mailto?attach=... parameter, a website or other source of mailto...
CVE-2024-20401
A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to overwrite arbitrary files on the underlying operating system. This vulnerability is due to improper handling of email attachments when file...
Able to attach restricted files to Jira issues from Email
h3. Issue Summary From 9.15, admins can now restrict unwanted file extensions from being uploaded through issues. However, the restriction does not work when the attachment is sent via email. The files with restricted extensions are being uploaded to Jira issues. Reference:Restrict unwanted file...
PT-2025-1103 · Microsoft · Windows App Package Installer +1
Name of the Vulnerable Software and Affected Versions: Windows App Package Installer affected versions not specified Description: The issue is related to weaknesses in the authorization procedure of the Windows App Package Installer, allowing an attacker to elevate their privileges. This can be...
emacs: LaTeX preview is enabled by default for e-mail attachments
A flaw was found in Emacs. When Emacs is used as an email client, a preview of a crafted LaTeX document attached to an email can exhaust the disk space or the inodes allocated for the partition where the /tmp directory is located. This issue possibly results in a denial of service...
EulerOS Virtualization 2.11.1 : emacs (EulerOS-SA-2024-2165)
According to the versions of the emacs package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.CVE-2024-30205 I...
EulerOS Virtualization 2.11.0 : emacs (EulerOS-SA-2024-2190)
According to the versions of the emacs package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.CVE-2024-30205 I...
EulerOS 2.0 SP12 : emacs (EulerOS-SA-2024-2210)
According to the versions of the emacs package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.CVE-2024-30205 In Emacs before...
emacs: org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code
A flaw was found in Emacs. Arbitrary shell commands can be executed without prompting when an Org mode file is opened or when the Org mode is enabled, when Emacs is used as an email client, this issue can be triggered when previewing email attachments...