Количество 13
Количество 13
CVE-2025-3932
It was possible to craft an email that showed a tracking link as an attachment. If the user attempted to open the attachment, Thunderbird automatically accessed the link. The configuration to block remote content did not prevent that. Thunderbird has been fixed to no longer allow access to web pages listed in the X-Mozilla-External-Attachment-URL header of an email. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1.
CVE-2025-3932
It was possible to craft an email that showed a tracking link as an attachment. If the user attempted to open the attachment, Thunderbird automatically accessed the link. The configuration to block remote content did not prevent that. Thunderbird has been fixed to no longer allow access to web pages listed in the X-Mozilla-External-Attachment-URL header of an email. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1.
CVE-2025-3932
It was possible to craft an email that showed a tracking link as an attachment. If the user attempted to open the attachment, Thunderbird automatically accessed the link. The configuration to block remote content did not prevent that. Thunderbird has been fixed to no longer allow access to web pages listed in the X-Mozilla-External-Attachment-URL header of an email. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1.
CVE-2025-3932
It was possible to craft an email that showed a tracking link as an at ...
GHSA-jfxg-6gv4-f2gh
It was possible to craft an email that showed a tracking link as an attachment. If the user attempted to open the attachment, Thunderbird automatically accessed the link. The configuration to block remote content did not prevent that. Thunderbird has been fixed to no longer allow access to web pages listed in the X-Mozilla-External-Attachment-URL header of an email. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1.
BDU:2025-08557
Уязвимость почтового клиента Thunderbird, связанная с недостаточной защитой служебных данных, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
SUSE-SU-2025:01660-2
Security update for MozillaThunderbird
SUSE-SU-2025:01660-1
Security update for MozillaThunderbird
ELSA-2025-8203
ELSA-2025-8203: thunderbird security update (IMPORTANT)
ELSA-2025-8196
ELSA-2025-8196: thunderbird security update (IMPORTANT)
ELSA-2025-8756
ELSA-2025-8756: thunderbird security update (IMPORTANT)
RLSA-2025:8756
Important: thunderbird security update
ROS-20250703-08
Множественные уязвимости Thunderbird
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-3932 It was possible to craft an email that showed a tracking link as an attachment. If the user attempted to open the attachment, Thunderbird automatically accessed the link. The configuration to block remote content did not prevent that. Thunderbird has been fixed to no longer allow access to web pages listed in the X-Mozilla-External-Attachment-URL header of an email. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1. | CVSS3: 6.5 | 0% Низкий | 3 месяца назад |
 | CVE-2025-3932 It was possible to craft an email that showed a tracking link as an attachment. If the user attempted to open the attachment, Thunderbird automatically accessed the link. The configuration to block remote content did not prevent that. Thunderbird has been fixed to no longer allow access to web pages listed in the X-Mozilla-External-Attachment-URL header of an email. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1. | CVSS3: 6.5 | 0% Низкий | 3 месяца назад |
 | CVE-2025-3932 It was possible to craft an email that showed a tracking link as an attachment. If the user attempted to open the attachment, Thunderbird automatically accessed the link. The configuration to block remote content did not prevent that. Thunderbird has been fixed to no longer allow access to web pages listed in the X-Mozilla-External-Attachment-URL header of an email. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1. | CVSS3: 6.5 | 0% Низкий | 3 месяца назад |
| CVE-2025-3932 It was possible to craft an email that showed a tracking link as an at ... | CVSS3: 6.5 | 0% Низкий | 3 месяца назад |
| GHSA-jfxg-6gv4-f2gh It was possible to craft an email that showed a tracking link as an attachment. If the user attempted to open the attachment, Thunderbird automatically accessed the link. The configuration to block remote content did not prevent that. Thunderbird has been fixed to no longer allow access to web pages listed in the X-Mozilla-External-Attachment-URL header of an email. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1. | CVSS3: 7.5 | 0% Низкий | 3 месяца назад |
 | BDU:2025-08557 Уязвимость почтового клиента Thunderbird, связанная с недостаточной защитой служебных данных, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации | CVSS3: 6.5 | 0% Низкий | 3 месяца назад |
 | SUSE-SU-2025:01660-2 Security update for MozillaThunderbird | 2 месяца назад | ||
| SUSE-SU-2025:01660-1 Security update for MozillaThunderbird | 3 месяца назад | ||
| ELSA-2025-8203 ELSA-2025-8203: thunderbird security update (IMPORTANT) | 2 месяца назад | ||
| ELSA-2025-8196 ELSA-2025-8196: thunderbird security update (IMPORTANT) | около 1 месяца назад | ||
| ELSA-2025-8756 ELSA-2025-8756: thunderbird security update (IMPORTANT) | около 2 месяцев назад | ||
 | RLSA-2025:8756 Important: thunderbird security update | 7 дней назад | ||
 | ROS-20250703-08 Множественные уязвимости Thunderbird | CVSS3: 7.5 | около 1 месяца назад |
Уязвимостей на страницу