Количество 14
Количество 14
GHSA-h6cg-6m9j-xj9g
Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment (message/rfc822) and setting its content type to application/pdf, Thunderbird may incorrectly render it as HTML when opened, allowing the embedded JavaScript to run without requiring a file download. This behavior relies on Thunderbird auto-saving the attachment to /tmp and linking to it via the file:/// protocol, potentially enabling JavaScript execution as part of the HTML. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1.
CVE-2025-3909
Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment (message/rfc822) and setting its content type to application/pdf, Thunderbird may incorrectly render it as HTML when opened, allowing the embedded JavaScript to run without requiring a file download. This behavior relies on Thunderbird auto-saving the attachment to /tmp and linking to it via the file:/// protocol, potentially enabling JavaScript execution as part of the HTML. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1.
CVE-2025-3909
Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment (message/rfc822) and setting its content type to application/pdf, Thunderbird may incorrectly render it as HTML when opened, allowing the embedded JavaScript to run without requiring a file download. This behavior relies on Thunderbird auto-saving the attachment to /tmp and linking to it via the file:/// protocol, potentially enabling JavaScript execution as part of the HTML. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1.
CVE-2025-3909
Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment (message/rfc822) and setting its content type to application/pdf, Thunderbird may incorrectly render it as HTML when opened, allowing the embedded JavaScript to run without requiring a file download. This behavior relies on Thunderbird auto-saving the attachment to /tmp and linking to it via the file:/// protocol, potentially enabling JavaScript execution as part of the HTML. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1.
CVE-2025-3909
Thunderbird's handling of the X-Mozilla-External-Attachment-URL header ...
BDU:2025-05734
Уязвимость почтового клиента Thunderbird, связанная с обходом аутентификации посредством спуфинга, позволяющая нарушителю выполнить произвольный код
SUSE-SU-2025:01660-2
Security update for MozillaThunderbird
SUSE-SU-2025:01660-1
Security update for MozillaThunderbird
RLSA-2025:8196
Important: thunderbird security update
ELSA-2025-8203
ELSA-2025-8203: thunderbird security update (IMPORTANT)
ELSA-2025-8196
ELSA-2025-8196: thunderbird security update (IMPORTANT)
ELSA-2025-8756
ELSA-2025-8756: thunderbird security update (IMPORTANT)
RLSA-2025:8756
Important: thunderbird security update
ROS-20250703-08
Множественные уязвимости Thunderbird
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-h6cg-6m9j-xj9g Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment (message/rfc822) and setting its content type to application/pdf, Thunderbird may incorrectly render it as HTML when opened, allowing the embedded JavaScript to run without requiring a file download. This behavior relies on Thunderbird auto-saving the attachment to /tmp and linking to it via the file:/// protocol, potentially enabling JavaScript execution as part of the HTML. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1. | CVSS3: 6.5 | 0% Низкий | 6 месяцев назад |
 | CVE-2025-3909 Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment (message/rfc822) and setting its content type to application/pdf, Thunderbird may incorrectly render it as HTML when opened, allowing the embedded JavaScript to run without requiring a file download. This behavior relies on Thunderbird auto-saving the attachment to /tmp and linking to it via the file:/// protocol, potentially enabling JavaScript execution as part of the HTML. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1. | CVSS3: 6.5 | 0% Низкий | 6 месяцев назад |
 | CVE-2025-3909 Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment (message/rfc822) and setting its content type to application/pdf, Thunderbird may incorrectly render it as HTML when opened, allowing the embedded JavaScript to run without requiring a file download. This behavior relies on Thunderbird auto-saving the attachment to /tmp and linking to it via the file:/// protocol, potentially enabling JavaScript execution as part of the HTML. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1. | CVSS3: 6.5 | 0% Низкий | 6 месяцев назад |
 | CVE-2025-3909 Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment (message/rfc822) and setting its content type to application/pdf, Thunderbird may incorrectly render it as HTML when opened, allowing the embedded JavaScript to run without requiring a file download. This behavior relies on Thunderbird auto-saving the attachment to /tmp and linking to it via the file:/// protocol, potentially enabling JavaScript execution as part of the HTML. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1. | CVSS3: 6.5 | 0% Низкий | 6 месяцев назад |
| CVE-2025-3909 Thunderbird's handling of the X-Mozilla-External-Attachment-URL header ... | CVSS3: 6.5 | 0% Низкий | 6 месяцев назад |
 | BDU:2025-05734 Уязвимость почтового клиента Thunderbird, связанная с обходом аутентификации посредством спуфинга, позволяющая нарушителю выполнить произвольный код | CVSS3: 6.5 | 0% Низкий | 6 месяцев назад |
 | SUSE-SU-2025:01660-2 Security update for MozillaThunderbird | 5 месяцев назад | ||
| SUSE-SU-2025:01660-1 Security update for MozillaThunderbird | 6 месяцев назад | ||
 | RLSA-2025:8196 Important: thunderbird security update | около 1 месяца назад | ||
| ELSA-2025-8203 ELSA-2025-8203: thunderbird security update (IMPORTANT) | 5 месяцев назад | ||
| ELSA-2025-8196 ELSA-2025-8196: thunderbird security update (IMPORTANT) | 4 месяца назад | ||
| ELSA-2025-8756 ELSA-2025-8756: thunderbird security update (IMPORTANT) | 5 месяцев назад | ||
| RLSA-2025:8756 Important: thunderbird security update | 3 месяца назад | ||
 | ROS-20250703-08 Множественные уязвимости Thunderbird | CVSS3: 7.5 | 4 месяца назад |
Уязвимостей на страницу