RHEL 9 : thunderbird (RHSA-2025:8324)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:8324 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: thunderbird: JavaScript Execution via Spoofed PDF Attachment...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link

The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment message/rfc822 and setting its content type to...

thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link

The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment message/rfc822 and setting its content type to...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

U.S. Dept Of Defense: Cross-Site Scripting (XSS) in ASP.NET via ResolveUrl on ███████

A Cross-Site Scripting XSS vulnerability was discovered in an ASP.NET web application. The issue was caused by improper handling of URLs passed to the ResolveUrl method, which failed to sanitize user-controlled input. This allowed the injection of arbitrary JavaScript payloads that could execute ...

Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 128.10.1. Security fixes: MFSA 2025-34 bsc1243216 CVE-2025-3875: Sender Spoofing via Malformed From Header in Thunderbird. CVE-2025-3877: Unsolicited File Download, Disk Space Exhaustion, and Credential...

SUSE-SU-2025:01660-2 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 128.10.1. Security fixes: - MFSA 2025-34 bsc1243216 CVE-2025-3875: Sender Spoofing via Malformed From Header in Thunderbird. CVE-2025-3877: Unsolicited File Download, Disk Space Exhaustion, and Credential...

Important: thunderbird

Issue Overview: Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From address to be used. For example, if the From header contains an invalid value "Spoofed Name ", Thunderbird treats [email protected] as the actual address. This...

RHEL 9 : thunderbird (RHSA-2025:8325)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:8325 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: thunderbird: JavaScript Execution via Spoofed PDF Attachment...

Amazon Linux 2 : thunderbird (ALAS-2025-2859)

The version of thunderbird installed on the remote host is prior to 128.10.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2859 advisory. Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From...

RHEL 9 : thunderbird (RHSA-2025:8326)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:8326 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: thunderbird: JavaScript Execution via Spoofed PDF Attachment...

CVE-2025-40651 Reflected Cross Site Scripting (XSS) in Real Easy Store

Reflected Cross-Site Scripting XSS vulnerability in Real Easy Store. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the keyword parameter in /index.php?a=search. This vulnerability can be exploited to steal...

CVE-2025-40651

Real Easy Store suffers a Reflected Cross-Site Scripting (XSS) via the keyword parameter in /index.php?a=search. An attacker can lure a victim to a crafted URL to execute JavaScript in the browser, potentially stealing session cookies or acting on behalf of the user. The CVSS data indicates a 5.1...

CVE-2025-40651 Reflected Cross Site Scripting (XSS) in Real Easy Store

Reflected Cross-Site Scripting XSS vulnerability in Real Easy Store. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the keyword parameter in /index.php?a=search. This vulnerability can be exploited to steal...

PT-2025-23084 · Unknown · Real Easy Store

Name of the Vulnerable Software and Affected Versions: Real Easy Store affected versions not specified Description: A Reflected Cross-Site Scripting XSS issue allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL using the keyword parameter in...

COOKiES Consent Management - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-076

The COOKIES module protects users from executing JavaScript code provided by third parties, e.g., to display ads or track user data without consent. Each sub-module allows to include a specific third party service in the consent management, by controlling the execution of javascript. However, thi...

Updated thunderbird packages fix security vulnerabilities

Sender Spoofing via Malformed From Header in Thunderbird. CVE-2025-3875 Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links. CVE-2025-3877 JavaScript Execution via Spoofed PDF Attachment and file:/// Link. CVE-2025-3909 Tracking Links in Attachments...

MGASA-2025-0168 Updated thunderbird packages fix security vulnerabilities

Sender Spoofing via Malformed From Header in Thunderbird. CVE-2025-3875 Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links. CVE-2025-3877 JavaScript Execution via Spoofed PDF Attachment and file:/// Link. CVE-2025-3909 Tracking Links in Attachments...