6 matches found
thunderbird: Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links
A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is...
CVE-2025-5986
A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is...
CVE-2025-5986
A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. This behavior can be abused to fill the disk with garbage data e.g. using /dev/urandom on Linux or to...
CVE-2025-5986
CVE-2025-5986 affects Thunderbird. A crafted HTML email that uses mailbox:/// links can trigger automatic, unsolicited downloads of PDF files to the user’s desktop or home directory without prompting, even if auto-saving is disabled. This can lead to disk-space exhaustion and potential credential...
CVE-2025-3877
Rejected reason: This CVE was marked as fixed, but due to other code landing - was not actually fixed. It was subsequently fixed in CVE-2025-5986...
CVE-2025-3877
CVE-2025-3877 is rejected/not used; this entry does not represent an active vulnerability.