CLSA-2026-1779579653 thunderbird: Fix of 4 CVEs

CVE-2024-0742: assertion failure in nsPresContext::UserInputEventsAllowed Document::SetIsInitialDocument sticky-bit - CVE-2025-2830: path traversal via malformed attachment filename in multipart message directory guard in MimePart.fetchAttachment + mimedrft.cpp - CVE-2025-3909: predictable...

Astra Linux - уязвимость в thunderbird

It was possible to create an email that included a tracking link as an attachment. If the user attempted to open the attachment, Thunderbird would automatically access the link. The configuration to block remote content did not prevent this behavior. Thunderbird has been updated to no longer allo...

AlmaLinux 10 : thunderbird (ALSA-2025:8196)

The remote AlmaLinux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2025:8196 advisory. thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link CVE-2025-3909 thunderbird: Sender Spoofing via Malformed From Header in...

thunderbird security update

An update is available for thunderbird. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Thunderbird is a standalone mail and newsgroup client. Security...

RLSA-2025:8203 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link CVE-2025-3909 thunderbird: Sender Spoofing via Malformed From Header in Thunderbird CVE-2025-3875 thunderbird: Unsolicited File Download,...

RockyLinux 10 : thunderbird (RLSA-2025:8196)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:8196 advisory. thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link CVE-2025-3909 thunderbird: Sender Spoofing via Malformed From Header in...

RLSA-2025:8196 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link CVE-2025-3909 thunderbird: Sender Spoofing via Malformed From Header in Thunderbird CVE-2025-3875 thunderbird: Unsolicited File Download,...

openSUSE Security Advisory (SUSE-SU-2025:02684-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2025-f055a0d751)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

thunderbird: Tracking Links in Attachments Bypassed Remote Content Blocking

The Mozilla Foundation's Security Advisory describes the following issue: It is possible to craft an email that shows a tracking link as an attachment. If the user attempts to open the attachment, Thunderbird automatically accesses the link. The configuration to block remote content does not...

thunderbird: Tracking Links in Attachments Bypassed Remote Content Blocking

The Mozilla Foundation's Security Advisory describes the following issue: It is possible to craft an email that shows a tracking link as an attachment. If the user attempts to open the attachment, Thunderbird automatically accesses the link. The configuration to block remote content does not...

ALSA-2025:8756 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link CVE-2025-3909 thunderbird: Sender Spoofing via Malformed From Header in Thunderbird CVE-2025-3875 thunderbird: Unsolicited File Download,...

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link CVE-2025-3909 thunderbird: Sender Spoofing via Malformed From Header in Thunderbird CVE-2025-3875 thunderbird: Unsolicited File Download,...

thunderbird: Tracking Links in Attachments Bypassed Remote Content Blocking

The Mozilla Foundation's Security Advisory describes the following issue: It is possible to craft an email that shows a tracking link as an attachment. If the user attempts to open the attachment, Thunderbird automatically accesses the link. The configuration to block remote content does not...

thunderbird: Tracking Links in Attachments Bypassed Remote Content Blocking

The Mozilla Foundation's Security Advisory describes the following issue: It is possible to craft an email that shows a tracking link as an attachment. If the user attempts to open the attachment, Thunderbird automatically accesses the link. The configuration to block remote content does not...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

thunderbird: Tracking Links in Attachments Bypassed Remote Content Blocking

The Mozilla Foundation's Security Advisory describes the following issue: It is possible to craft an email that shows a tracking link as an attachment. If the user attempts to open the attachment, Thunderbird automatically accesses the link. The configuration to block remote content does not...

RHEL 8 : thunderbird (RHSA-2025:8391)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:8391 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: thunderbird: JavaScript Execution via Spoofed PDF Attachment...

thunderbird: Tracking Links in Attachments Bypassed Remote Content Blocking

The Mozilla Foundation's Security Advisory describes the following issue: It is possible to craft an email that shows a tracking link as an attachment. If the user attempts to open the attachment, Thunderbird automatically accesses the link. The configuration to block remote content does not...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...