Описание
The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For example, in the “Other” field of the Instant Messaging section. If another user imported the address book, clicking on the link could result in opening a web page inside Thunderbird, and that page could execute (unprivileged) JavaScript. This vulnerability affects Thunderbird < 128.7 and Thunderbird < 135.
A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For example, in the "Other" field of the Instant Messaging section. If another user imported the address book, clicking on the link could result in opening a web page inside Thunderbird and that page could execute (unprivileged) JavaScript.
Отчет
Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | thunderbird | Out of support scope | ||
| Red Hat Enterprise Linux 7 | thunderbird | Out of support scope | ||
| Red Hat Enterprise Linux 9 | thunderbird-flatpak-container | Affected | ||
| Red Hat Enterprise Linux 8 | thunderbird | Fixed | RHSA-2025:1292 | 11.02.2025 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | thunderbird | Fixed | RHSA-2025:1348 | 12.02.2025 |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | thunderbird | Fixed | RHSA-2025:1339 | 12.02.2025 |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | thunderbird | Fixed | RHSA-2025:1339 | 12.02.2025 |
| Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | thunderbird | Fixed | RHSA-2025:1339 | 12.02.2025 |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | thunderbird | Fixed | RHSA-2025:1341 | 12.02.2025 |
| Red Hat Enterprise Linux 8.6 Telecommunications Update Service | thunderbird | Fixed | RHSA-2025:1341 | 12.02.2025 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.4 Medium
CVSS3
Связанные уязвимости
The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For example, in the “Other” field of the Instant Messaging section. If another user imported the address book, clicking on the link could result in opening a web page inside Thunderbird, and that page could execute (unprivileged) JavaScript. This vulnerability affects Thunderbird < 128.7 and Thunderbird < 135.
The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For example, in the “Other” field of the Instant Messaging section. If another user imported the address book, clicking on the link could result in opening a web page inside Thunderbird, and that page could execute (unprivileged) JavaScript. This vulnerability affects Thunderbird < 128.7 and Thunderbird < 135.
The Thunderbird Address Book URI fields contained unsanitized links. T ...
The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For example, in the “Other” field of the Instant Messaging section. If another user imported the address book, clicking on the link could result in opening a web page inside Thunderbird, and that page could execute (unprivileged) JavaScript. This vulnerability affects Thunderbird < 128.7.
Уязвимость полей адресной книги Address Book URI почтового клиента Thunderbird, Thunderbird ESR, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю выполнить произвольный JavaScript-код
EPSS
5.4 Medium
CVSS3