Lucene search
K

53 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Thunderbird

Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments that can be hosted externally. When an email is opened, Thunderbird accesses the specified URL to determine the file size, and navigates to the attachment when the user clicks on it. Since the URL is not...

6.3CVSS6.6AI score0.0024EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.7 views

TencentOS Server 3: thunderbird (TSSA-2025:0445)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0445 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

6.4CVSS6.8AI score0.00313EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/06/10 4:52 p.m.2 views

thunderbird: Tracking Links in Attachments Bypassed Remote Content Blocking

The Mozilla Foundation's Security Advisory describes the following issue: It is possible to craft an email that shows a tracking link as an attachment. If the user attempts to open the attachment, Thunderbird automatically accesses the link. The configuration to block remote content does not...

6.5CVSS7.3AI score0.00314EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/06/10 4:52 p.m.5 views

thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link

The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment message/rfc822 and setting its content type to...

8.1CVSS7.5AI score0.00363EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/06/05 10:59 a.m.5 views

thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link

The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment message/rfc822 and setting its content type to...

8.1CVSS7.5AI score0.00363EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/06/04 11:46 a.m.3 views

thunderbird: Tracking Links in Attachments Bypassed Remote Content Blocking

The Mozilla Foundation's Security Advisory describes the following issue: It is possible to craft an email that shows a tracking link as an attachment. If the user attempts to open the attachment, Thunderbird automatically accesses the link. The configuration to block remote content does not...

6.5CVSS7.3AI score0.00314EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/06/02 5:30 p.m.6 views

thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link

The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment message/rfc822 and setting its content type to...

8.1CVSS7.5AI score0.00363EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/06/02 5:30 p.m.6 views

thunderbird: Tracking Links in Attachments Bypassed Remote Content Blocking

The Mozilla Foundation's Security Advisory describes the following issue: It is possible to craft an email that shows a tracking link as an attachment. If the user attempts to open the attachment, Thunderbird automatically accesses the link. The configuration to block remote content does not...

6.5CVSS7.3AI score0.00314EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/05/29 10:57 p.m.2 views

thunderbird: Tracking Links in Attachments Bypassed Remote Content Blocking

The Mozilla Foundation's Security Advisory describes the following issue: It is possible to craft an email that shows a tracking link as an attachment. If the user attempts to open the attachment, Thunderbird automatically accesses the link. The configuration to block remote content does not...

6.5CVSS7.3AI score0.00314EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/05/29 7:32 p.m.5 views

thunderbird: Tracking Links in Attachments Bypassed Remote Content Blocking

The Mozilla Foundation's Security Advisory describes the following issue: It is possible to craft an email that shows a tracking link as an attachment. If the user attempts to open the attachment, Thunderbird automatically accesses the link. The configuration to block remote content does not...

6.5CVSS7.3AI score0.00314EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/05/29 7:32 p.m.4 views

thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link

The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment message/rfc822 and setting its content type to...

8.1CVSS7.5AI score0.00363EPSS
Exploits0References5
Amazon
Amazon
added 2025/05/29 12:0 a.m.5 views

Important: thunderbird

Issue Overview: Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From address to be used. For example, if the From header contains an invalid value "Spoofed Name ", Thunderbird treats [email protected] as the actual address. This...

8.1CVSS7.1AI score0.00363EPSS
Exploits0
Amazon
Amazon
added 2025/05/29 12:0 a.m.5 views

Important: thunderbird

Issue Overview: Through a series of popup and window.print calls, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR 102.5, Thunderbird 102.5, and Firefo...

9.1CVSS8.7AI score0.0061EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2025/05/27 12:28 p.m.3 views

thunderbird: Tracking Links in Attachments Bypassed Remote Content Blocking

The Mozilla Foundation's Security Advisory describes the following issue: It is possible to craft an email that shows a tracking link as an attachment. If the user attempts to open the attachment, Thunderbird automatically accesses the link. The configuration to block remote content does not...

6.5CVSS7.3AI score0.00314EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/05/27 12:28 p.m.5 views

thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link

The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment message/rfc822 and setting its content type to...

8.1CVSS7.5AI score0.00363EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/05/27 10:4 a.m.6 views

thunderbird: Tracking Links in Attachments Bypassed Remote Content Blocking

The Mozilla Foundation's Security Advisory describes the following issue: It is possible to craft an email that shows a tracking link as an attachment. If the user attempts to open the attachment, Thunderbird automatically accesses the link. The configuration to block remote content does not...

6.5CVSS7.3AI score0.00314EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2025/05/21 12:0 a.m.8 views

The vulnerability of the Thunderbird email client, related to bypassing authentication through spamming, allows a hacker to execute arbitrary code.

The vulnerability of the Thunderbird email client relates to bypassing authentication through spamming when processing the X-Mozilla-External-Attachment-URL header. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

6.5CVSS7.3AI score0.00363EPSS
Exploits0References13Affected Software4
CNVD
CNVD
added 2025/05/20 12:0 a.m.2 views

Mozilla Thunderbird Cross-Site Scripting Vulnerability (CNVD-2025-18673)

Mozilla Thunderbird is the United States Mozilla Foundation's set of independent from the Mozilla Application Suite e-mail client software. The program supports IMAP, POP mail protocols and HTML mail format. A cross-site scripting vulnerability exists in Mozilla Thunderbird, which stems from...

6.5CVSS6.3AI score0.00363EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/05/16 2:54 a.m.2 views

SUSE CVE-2025-3909

Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment message/rfc822 and setting its content type to application/pdf, Thunderbird may incorrectly render it as HTML when opened,...

8.1CVSS7.1AI score0.00363EPSS
Exploits0References8
OSV
OSV
added 2025/05/14 5:15 p.m.3 views

DEBIAN-CVE-2025-3909

Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment message/rfc822 and setting its content type to application/pdf, Thunderbird may incorrectly render it as HTML when opened,...

8.1CVSS7.2AI score0.00363EPSS
Exploits0References1
Rows per page
Query Builder