8 matches found
RLSA-2025:8203 Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link CVE-2025-3909 thunderbird: Sender Spoofing via Malformed From Header in Thunderbird CVE-2025-3875 thunderbird: Unsolicited File Download,...
thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link
The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment message/rfc822 and setting its content type to...
thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link
The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment message/rfc822 and setting its content type to...
XWiki Platform 跨站脚本漏洞
XWiki Platform is a suite of Wiki platforms for creating Web collaboration applications from the XWiki Foundation in France. A security vulnerability exists in XWiki Platform 3.2-milestone-3 and earlier versions, which stems from a cross-site scripting XSS vulnerability that allows an attacker to...
NewStart CGSL MAIN 4.05 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0136)
The remote NewStart CGSL host, running version MAIN 4.05, has thunderbird packages installed that are affected by multiple vulnerabilities: - Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR 52.8 and Thunderbird 52.8...
USN-3660-1: Thunderbird vulnerabilities
Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service via application crash, install lightweight themes without user interaction, or...
Security vulnerabilities fixed in Thunderbird 52.8 — Mozilla
Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. Using remote content in encrypted messages can lead to the disclosure of plaintext. A use-after-free vulnerabilit...
Qualcomm Eudora 5.x/6.0 Spoofed Attachment Line Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9026/info A vulnerability has been reported by Qualcomm that may be exploited by a remote attacker to cause the Eudora e-mail client to crash. It has been reported that a malicious email that contains a spoofed attachment...