Количество 14
Количество 14
CVE-2025-3932
It was possible to craft an email that showed a tracking link as an attachment. If the user attempted to open the attachment, Thunderbird automatically accessed the link. The configuration to block remote content did not prevent that. Thunderbird has been fixed to no longer allow access to web pages listed in the X-Mozilla-External-Attachment-URL header of an email. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1.
CVE-2025-3932
It was possible to craft an email that showed a tracking link as an attachment. If the user attempted to open the attachment, Thunderbird automatically accessed the link. The configuration to block remote content did not prevent that. Thunderbird has been fixed to no longer allow access to web pages listed in the X-Mozilla-External-Attachment-URL header of an email. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1.
CVE-2025-3932
It was possible to craft an email that showed a tracking link as an attachment. If the user attempted to open the attachment, Thunderbird automatically accessed the link. The configuration to block remote content did not prevent that. Thunderbird has been fixed to no longer allow access to web pages listed in the X-Mozilla-External-Attachment-URL header of an email. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1.
CVE-2025-3932
It was possible to craft an email that showed a tracking link as an at ...
GHSA-jfxg-6gv4-f2gh
It was possible to craft an email that showed a tracking link as an attachment. If the user attempted to open the attachment, Thunderbird automatically accessed the link. The configuration to block remote content did not prevent that. Thunderbird has been fixed to no longer allow access to web pages listed in the X-Mozilla-External-Attachment-URL header of an email. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1.
BDU:2025-08557
Уязвимость почтового клиента Thunderbird, связанная с недостаточной защитой служебных данных, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
SUSE-SU-2025:01660-2
Security update for MozillaThunderbird
SUSE-SU-2025:01660-1
Security update for MozillaThunderbird
RLSA-2025:8196
Important: thunderbird security update
ELSA-2025-8203
ELSA-2025-8203: thunderbird security update (IMPORTANT)
ELSA-2025-8196
ELSA-2025-8196: thunderbird security update (IMPORTANT)
ELSA-2025-8756
ELSA-2025-8756: thunderbird security update (IMPORTANT)
RLSA-2025:8756
Important: thunderbird security update
ROS-20250703-08
Множественные уязвимости Thunderbird
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-3932 It was possible to craft an email that showed a tracking link as an attachment. If the user attempted to open the attachment, Thunderbird automatically accessed the link. The configuration to block remote content did not prevent that. Thunderbird has been fixed to no longer allow access to web pages listed in the X-Mozilla-External-Attachment-URL header of an email. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1. | CVSS3: 6.5 | 0% Низкий | 6 месяцев назад |
 | CVE-2025-3932 It was possible to craft an email that showed a tracking link as an attachment. If the user attempted to open the attachment, Thunderbird automatically accessed the link. The configuration to block remote content did not prevent that. Thunderbird has been fixed to no longer allow access to web pages listed in the X-Mozilla-External-Attachment-URL header of an email. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1. | CVSS3: 6.5 | 0% Низкий | 6 месяцев назад |
 | CVE-2025-3932 It was possible to craft an email that showed a tracking link as an attachment. If the user attempted to open the attachment, Thunderbird automatically accessed the link. The configuration to block remote content did not prevent that. Thunderbird has been fixed to no longer allow access to web pages listed in the X-Mozilla-External-Attachment-URL header of an email. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1. | CVSS3: 6.5 | 0% Низкий | 6 месяцев назад |
| CVE-2025-3932 It was possible to craft an email that showed a tracking link as an at ... | CVSS3: 6.5 | 0% Низкий | 6 месяцев назад |
| GHSA-jfxg-6gv4-f2gh It was possible to craft an email that showed a tracking link as an attachment. If the user attempted to open the attachment, Thunderbird automatically accessed the link. The configuration to block remote content did not prevent that. Thunderbird has been fixed to no longer allow access to web pages listed in the X-Mozilla-External-Attachment-URL header of an email. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1. | CVSS3: 7.5 | 0% Низкий | 6 месяцев назад |
 | BDU:2025-08557 Уязвимость почтового клиента Thunderbird, связанная с недостаточной защитой служебных данных, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации | CVSS3: 6.5 | 0% Низкий | 6 месяцев назад |
 | SUSE-SU-2025:01660-2 Security update for MozillaThunderbird | 5 месяцев назад | ||
| SUSE-SU-2025:01660-1 Security update for MozillaThunderbird | 6 месяцев назад | ||
 | RLSA-2025:8196 Important: thunderbird security update | около 1 месяца назад | ||
| ELSA-2025-8203 ELSA-2025-8203: thunderbird security update (IMPORTANT) | 5 месяцев назад | ||
| ELSA-2025-8196 ELSA-2025-8196: thunderbird security update (IMPORTANT) | 4 месяца назад | ||
| ELSA-2025-8756 ELSA-2025-8756: thunderbird security update (IMPORTANT) | 5 месяцев назад | ||
| RLSA-2025:8756 Important: thunderbird security update | 3 месяца назад | ||
 | ROS-20250703-08 Множественные уязвимости Thunderbird | CVSS3: 7.5 | 4 месяца назад |
Уязвимостей на страницу