Количество 9
Количество 9
CVE-2025-3932
It was possible to craft an email that showed a tracking link as an attachment. If the user attempted to open the attachment, Thunderbird automatically accessed the link. The configuration to block remote content did not prevent that. Thunderbird has been fixed to no longer allow access to web pages listed in the X-Mozilla-External-Attachment-URL header of an email. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1.
CVE-2025-3932
It was possible to craft an email that showed a tracking link as an attachment. If the user attempted to open the attachment, Thunderbird automatically accessed the link. The configuration to block remote content did not prevent that. Thunderbird has been fixed to no longer allow access to web pages listed in the X-Mozilla-External-Attachment-URL header of an email. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1.
CVE-2025-3932
It was possible to craft an email that showed a tracking link as an attachment. If the user attempted to open the attachment, Thunderbird automatically accessed the link. The configuration to block remote content did not prevent that. Thunderbird has been fixed to no longer allow access to web pages listed in the X-Mozilla-External-Attachment-URL header of an email. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1.
CVE-2025-3932
It was possible to craft an email that showed a tracking link as an at ...
GHSA-jfxg-6gv4-f2gh
It was possible to craft an email that showed a tracking link as an attachment. If the user attempted to open the attachment, Thunderbird automatically accessed the link. The configuration to block remote content did not prevent that. Thunderbird has been fixed to no longer allow access to web pages listed in the X-Mozilla-External-Attachment-URL header of an email. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1.
SUSE-SU-2025:01660-2
Security update for MozillaThunderbird
SUSE-SU-2025:01660-1
Security update for MozillaThunderbird
ELSA-2025-8203
ELSA-2025-8203: thunderbird security update (IMPORTANT)
ELSA-2025-8756
ELSA-2025-8756: thunderbird security update (IMPORTANT)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-3932 It was possible to craft an email that showed a tracking link as an attachment. If the user attempted to open the attachment, Thunderbird automatically accessed the link. The configuration to block remote content did not prevent that. Thunderbird has been fixed to no longer allow access to web pages listed in the X-Mozilla-External-Attachment-URL header of an email. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1. | CVSS3: 6.5 | 0% Низкий | около 1 месяца назад |
 | CVE-2025-3932 It was possible to craft an email that showed a tracking link as an attachment. If the user attempted to open the attachment, Thunderbird automatically accessed the link. The configuration to block remote content did not prevent that. Thunderbird has been fixed to no longer allow access to web pages listed in the X-Mozilla-External-Attachment-URL header of an email. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1. | CVSS3: 6.5 | 0% Низкий | около 1 месяца назад |
 | CVE-2025-3932 It was possible to craft an email that showed a tracking link as an attachment. If the user attempted to open the attachment, Thunderbird automatically accessed the link. The configuration to block remote content did not prevent that. Thunderbird has been fixed to no longer allow access to web pages listed in the X-Mozilla-External-Attachment-URL header of an email. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1. | CVSS3: 6.5 | 0% Низкий | около 1 месяца назад |
| CVE-2025-3932 It was possible to craft an email that showed a tracking link as an at ... | CVSS3: 6.5 | 0% Низкий | около 1 месяца назад |
| GHSA-jfxg-6gv4-f2gh It was possible to craft an email that showed a tracking link as an attachment. If the user attempted to open the attachment, Thunderbird automatically accessed the link. The configuration to block remote content did not prevent that. Thunderbird has been fixed to no longer allow access to web pages listed in the X-Mozilla-External-Attachment-URL header of an email. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1. | CVSS3: 7.5 | 0% Низкий | около 1 месяца назад |
 | SUSE-SU-2025:01660-2 Security update for MozillaThunderbird | 21 день назад | ||
| SUSE-SU-2025:01660-1 Security update for MozillaThunderbird | 27 дней назад | ||
| ELSA-2025-8203 ELSA-2025-8203: thunderbird security update (IMPORTANT) | 23 дня назад | ||
| ELSA-2025-8756 ELSA-2025-8756: thunderbird security update (IMPORTANT) | 9 дней назад |
Уязвимостей на страницу