CVE-2025-3932 Tracking Links in Attachments Bypassed Remote Content Blocking

It was possible to craft an email that showed a tracking link as an attachment. If the user attempted to open the attachment, Thunderbird automatically accessed the link. The configuration to block remote content did not prevent that. Thunderbird has been fixed to no longer allow access to web...

Mozilla Thunderbird < 137.0.2

The version of Thunderbird installed on the remote Windows host is prior to 137.0.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-26 advisory. - When an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL header...