Описание
Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From address to be used. For example, if the From header contains an (invalid) value "Spoofed Name ", Thunderbird treats spoofed@example.com as the actual address. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1.
The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From address to be used. For example, if the From header contains an (invalid) value "Spoofed Name spoofed@example.com legitimate@example.com", Thunderbird treats spoofed@example.com as the actual address.
Отчет
Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | rhel10/thunderbird-flatpak | Affected | ||
| Red Hat Enterprise Linux 6 | thunderbird | Out of support scope | ||
| Red Hat Enterprise Linux 7 | thunderbird | Out of support scope | ||
| Red Hat Enterprise Linux 10 | thunderbird | Fixed | RHSA-2025:8196 | 27.05.2025 |
| Red Hat Enterprise Linux 8 | thunderbird | Fixed | RHSA-2025:8756 | 10.06.2025 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | thunderbird | Fixed | RHSA-2025:8391 | 02.06.2025 |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | thunderbird | Fixed | RHSA-2025:8507 | 04.06.2025 |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | thunderbird | Fixed | RHSA-2025:8594 | 05.06.2025 |
| Red Hat Enterprise Linux 8.6 Telecommunications Update Service | thunderbird | Fixed | RHSA-2025:8594 | 05.06.2025 |
| Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | thunderbird | Fixed | RHSA-2025:8594 | 05.06.2025 |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From address to be used. For example, if the From header contains an (invalid) value "Spoofed Name ", Thunderbird treats spoofed@example.com as the actual address. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1.
Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From address to be used. For example, if the From header contains an (invalid) value "Spoofed Name ", Thunderbird treats spoofed@example.com as the actual address. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1.
Thunderbird parses addresses in a way that can allow sender spoofing i ...
Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From address to be used. For example, if the From header contains an (invalid) value "Spoofed Name ", Thunderbird treats spoofed@example.com as the actual address. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1.
Уязвимость почтового клиента Thunderbird, связанная с некорректной обработкой заголовка p2-from, позволяющая нарушителю проводить спуфинг атаки
7.5 High
CVSS3