Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/thunderbird@1:128.10.0esr-1~deb12u1?distro=trixie

Type deb

Namespace debian

Name thunderbird

Version 1:128.10.0esr-1~deb12u1

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 1:128.10.0esr-1

Latest_non_vulnerable_version 1:140.9.1esr-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-as4y-nhw6-akfx

vulnerability_id VCID-as4y-nhw6-akfx

summary A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4087.json

reference_id

reference_type

scores

value	7.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4087.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-4087

reference_id

reference_type

scores

value	0.00436
scoring_system	epss
scoring_elements	0.63068
published_at	2026-04-18T12:55:00Z

value	0.00436
scoring_system	epss
scoring_elements	0.63011
published_at	2026-04-04T12:55:00Z

value	0.00436
scoring_system	epss
scoring_elements	0.63046
published_at	2026-04-21T12:55:00Z

value	0.00436
scoring_system	epss
scoring_elements	0.6306
published_at	2026-04-11T12:55:00Z

value	0.00436
scoring_system	epss
scoring_elements	0.63043
published_at	2026-04-09T12:55:00Z

value	0.00436
scoring_system	epss
scoring_elements	0.63027
published_at	2026-04-08T12:55:00Z

value	0.00436
scoring_system	epss
scoring_elements	0.62976
published_at	2026-04-07T12:55:00Z

value	0.00436
scoring_system	epss
scoring_elements	0.62982
published_at	2026-04-02T12:55:00Z

value	0.00436
scoring_system	epss
scoring_elements	0.63061
published_at	2026-04-16T12:55:00Z

value	0.00436
scoring_system	epss
scoring_elements	0.63024
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-4087

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4087
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4087

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2362904
reference_id	2362904
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2362904

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-28

reference_id

mfsa2025-28

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-28

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-28/

reference_id

mfsa2025-28

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T15:51:33Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-28/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-29

reference_id

mfsa2025-29

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-29

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-29/

reference_id

mfsa2025-29

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T15:51:33Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-29/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-31

reference_id

mfsa2025-31

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-31

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-31/

reference_id

mfsa2025-31

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T15:51:33Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-31/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-32

reference_id

mfsa2025-32

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-32

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-32/

reference_id

mfsa2025-32

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T15:51:33Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-32/

reference_url	https://access.redhat.com/errata/RHSA-2025:4443
reference_id	RHSA-2025:4443
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4443

reference_url	https://access.redhat.com/errata/RHSA-2025:4458
reference_id	RHSA-2025:4458
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4458

reference_url	https://access.redhat.com/errata/RHSA-2025:4460
reference_id	RHSA-2025:4460
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4460

reference_url	https://access.redhat.com/errata/RHSA-2025:4751
reference_id	RHSA-2025:4751
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4751

reference_url	https://access.redhat.com/errata/RHSA-2025:4752
reference_id	RHSA-2025:4752
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4752

reference_url	https://access.redhat.com/errata/RHSA-2025:4753
reference_id	RHSA-2025:4753
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4753

reference_url	https://access.redhat.com/errata/RHSA-2025:4756
reference_id	RHSA-2025:4756
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4756

reference_url	https://access.redhat.com/errata/RHSA-2025:4797
reference_id	RHSA-2025:4797
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4797

reference_url	https://access.redhat.com/errata/RHSA-2025:7428
reference_id	RHSA-2025:7428
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7428

reference_url	https://access.redhat.com/errata/RHSA-2025:7506
reference_id	RHSA-2025:7506
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7506

reference_url	https://access.redhat.com/errata/RHSA-2025:7507
reference_id	RHSA-2025:7507
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7507

reference_url	https://access.redhat.com/errata/RHSA-2025:7543
reference_id	RHSA-2025:7543
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7543

reference_url	https://access.redhat.com/errata/RHSA-2025:7544
reference_id	RHSA-2025:7544
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7544

reference_url	https://access.redhat.com/errata/RHSA-2025:7545
reference_id	RHSA-2025:7545
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7545

reference_url	https://access.redhat.com/errata/RHSA-2025:7547
reference_id	RHSA-2025:7547
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7547

reference_url	https://access.redhat.com/errata/RHSA-2025:7689
reference_id	RHSA-2025:7689
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7689

reference_url	https://access.redhat.com/errata/RHSA-2025:7690
reference_id	RHSA-2025:7690
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7690

reference_url	https://access.redhat.com/errata/RHSA-2025:7691
reference_id	RHSA-2025:7691
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7691

reference_url	https://access.redhat.com/errata/RHSA-2025:7692
reference_id	RHSA-2025:7692
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7692

reference_url	https://access.redhat.com/errata/RHSA-2025:7693
reference_id	RHSA-2025:7693
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7693

reference_url	https://access.redhat.com/errata/RHSA-2025:7694
reference_id	RHSA-2025:7694
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7694

reference_url	https://access.redhat.com/errata/RHSA-2025:7695
reference_id	RHSA-2025:7695
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7695

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1952465

reference_id

show_bug.cgi?id=1952465

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T15:51:33Z/

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1952465

reference_url	https://usn.ubuntu.com/7663-1/
reference_id	USN-7663-1
reference_type
scores
url	https://usn.ubuntu.com/7663-1/

fixed_packages

url	pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:128.10.0esr-1~deb12u1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:128.10.0esr-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.0esr-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:128.10.0esr-1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:128.10.0esr-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.0esr-1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie

purl pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5dw5-vpt8-zqbz

vulnerability	VCID-9ag7-z86d-nba9

vulnerability	VCID-qbzp-euvv-q7c7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie

aliases CVE-2025-4087

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-as4y-nhw6-akfx

url VCID-b3rg-quvp-2uha

vulnerability_id VCID-b3rg-quvp-2uha

summary A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4083.json

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4083.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-4083

reference_id

reference_type

scores

value	0.00406
scoring_system	epss
scoring_elements	0.61101
published_at	2026-04-21T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.61118
published_at	2026-04-18T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.61052
published_at	2026-04-04T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.61089
published_at	2026-04-12T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.61102
published_at	2026-04-11T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.61081
published_at	2026-04-09T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.61065
published_at	2026-04-08T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.61017
published_at	2026-04-07T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.61023
published_at	2026-04-02T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.61111
published_at	2026-04-16T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.61069
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-4083

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4083
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4083

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2362907
reference_id	2362907
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2362907

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-28

reference_id

mfsa2025-28

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-28

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-28/

reference_id

mfsa2025-28

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-30T13:43:47Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-28/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-29

reference_id

mfsa2025-29

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-29

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-29/

reference_id

mfsa2025-29

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-30T13:43:47Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-29/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-30

reference_id

mfsa2025-30

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-30

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-30/

reference_id

mfsa2025-30

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-30T13:43:47Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-30/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-31

reference_id

mfsa2025-31

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-31

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-31/

reference_id

mfsa2025-31

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-30T13:43:47Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-31/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-32

reference_id

mfsa2025-32

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-32

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-32/

reference_id

mfsa2025-32

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-30T13:43:47Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-32/

reference_url	https://access.redhat.com/errata/RHSA-2025:4443
reference_id	RHSA-2025:4443
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4443

reference_url	https://access.redhat.com/errata/RHSA-2025:4458
reference_id	RHSA-2025:4458
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4458

reference_url	https://access.redhat.com/errata/RHSA-2025:4460
reference_id	RHSA-2025:4460
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4460

reference_url	https://access.redhat.com/errata/RHSA-2025:4751
reference_id	RHSA-2025:4751
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4751

reference_url	https://access.redhat.com/errata/RHSA-2025:4752
reference_id	RHSA-2025:4752
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4752

reference_url	https://access.redhat.com/errata/RHSA-2025:4753
reference_id	RHSA-2025:4753
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4753

reference_url	https://access.redhat.com/errata/RHSA-2025:4756
reference_id	RHSA-2025:4756
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4756

reference_url	https://access.redhat.com/errata/RHSA-2025:4797
reference_id	RHSA-2025:4797
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4797

reference_url	https://access.redhat.com/errata/RHSA-2025:7428
reference_id	RHSA-2025:7428
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7428

reference_url	https://access.redhat.com/errata/RHSA-2025:7506
reference_id	RHSA-2025:7506
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7506

reference_url	https://access.redhat.com/errata/RHSA-2025:7507
reference_id	RHSA-2025:7507
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7507

reference_url	https://access.redhat.com/errata/RHSA-2025:7543
reference_id	RHSA-2025:7543
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7543

reference_url	https://access.redhat.com/errata/RHSA-2025:7544
reference_id	RHSA-2025:7544
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7544

reference_url	https://access.redhat.com/errata/RHSA-2025:7545
reference_id	RHSA-2025:7545
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7545

reference_url	https://access.redhat.com/errata/RHSA-2025:7547
reference_id	RHSA-2025:7547
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7547

reference_url	https://access.redhat.com/errata/RHSA-2025:7689
reference_id	RHSA-2025:7689
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7689

reference_url	https://access.redhat.com/errata/RHSA-2025:7690
reference_id	RHSA-2025:7690
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7690

reference_url	https://access.redhat.com/errata/RHSA-2025:7691
reference_id	RHSA-2025:7691
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7691

reference_url	https://access.redhat.com/errata/RHSA-2025:7692
reference_id	RHSA-2025:7692
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7692

reference_url	https://access.redhat.com/errata/RHSA-2025:7693
reference_id	RHSA-2025:7693
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7693

reference_url	https://access.redhat.com/errata/RHSA-2025:7694
reference_id	RHSA-2025:7694
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7694

reference_url	https://access.redhat.com/errata/RHSA-2025:7695
reference_id	RHSA-2025:7695
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7695

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1958350

reference_id

show_bug.cgi?id=1958350

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-30T13:43:47Z/

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1958350

reference_url	https://usn.ubuntu.com/7663-1/
reference_id	USN-7663-1
reference_type
scores
url	https://usn.ubuntu.com/7663-1/

fixed_packages

url	pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:128.10.0esr-1~deb12u1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:128.10.0esr-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.0esr-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:128.10.0esr-1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:128.10.0esr-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.0esr-1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie

purl pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5dw5-vpt8-zqbz

vulnerability	VCID-9ag7-z86d-nba9

vulnerability	VCID-qbzp-euvv-q7c7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie

aliases CVE-2025-4083

risk_score 4.1

exploitability 0.5

weighted_severity 8.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b3rg-quvp-2uha

url VCID-dp5j-4mzw-pqer

vulnerability_id VCID-dp5j-4mzw-pqer

summary Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4093.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4093.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-4093

reference_id

reference_type

scores

value	0.00427
scoring_system	epss
scoring_elements	0.62328
published_at	2026-04-21T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.62304
published_at	2026-04-09T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.62236
published_at	2026-04-07T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.62286
published_at	2026-04-08T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.62323
published_at	2026-04-11T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.6224
published_at	2026-04-02T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.62344
published_at	2026-04-18T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.62337
published_at	2026-04-16T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.62291
published_at	2026-04-13T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.62313
published_at	2026-04-12T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.6227
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-4093

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4093
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4093

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2362915
reference_id	2362915
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2362915

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-29

reference_id

mfsa2025-29

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-29

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-29/

reference_id

mfsa2025-29

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-29T15:16:24Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-29/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-32

reference_id

mfsa2025-32

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-32

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-32/

reference_id

mfsa2025-32

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-29T15:16:24Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-32/

reference_url	https://access.redhat.com/errata/RHSA-2025:4443
reference_id	RHSA-2025:4443
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4443

reference_url	https://access.redhat.com/errata/RHSA-2025:4458
reference_id	RHSA-2025:4458
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4458

reference_url	https://access.redhat.com/errata/RHSA-2025:4460
reference_id	RHSA-2025:4460
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4460

reference_url	https://access.redhat.com/errata/RHSA-2025:4751
reference_id	RHSA-2025:4751
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4751

reference_url	https://access.redhat.com/errata/RHSA-2025:4752
reference_id	RHSA-2025:4752
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4752

reference_url	https://access.redhat.com/errata/RHSA-2025:4753
reference_id	RHSA-2025:4753
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4753

reference_url	https://access.redhat.com/errata/RHSA-2025:4756
reference_id	RHSA-2025:4756
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4756

reference_url	https://access.redhat.com/errata/RHSA-2025:4797
reference_id	RHSA-2025:4797
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4797

reference_url	https://access.redhat.com/errata/RHSA-2025:7428
reference_id	RHSA-2025:7428
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7428

reference_url	https://access.redhat.com/errata/RHSA-2025:7506
reference_id	RHSA-2025:7506
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7506

reference_url	https://access.redhat.com/errata/RHSA-2025:7507
reference_id	RHSA-2025:7507
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7507

reference_url	https://access.redhat.com/errata/RHSA-2025:7543
reference_id	RHSA-2025:7543
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7543

reference_url	https://access.redhat.com/errata/RHSA-2025:7544
reference_id	RHSA-2025:7544
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7544

reference_url	https://access.redhat.com/errata/RHSA-2025:7545
reference_id	RHSA-2025:7545
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7545

reference_url	https://access.redhat.com/errata/RHSA-2025:7547
reference_id	RHSA-2025:7547
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7547

reference_url	https://access.redhat.com/errata/RHSA-2025:7689
reference_id	RHSA-2025:7689
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7689

reference_url	https://access.redhat.com/errata/RHSA-2025:7690
reference_id	RHSA-2025:7690
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7690

reference_url	https://access.redhat.com/errata/RHSA-2025:7691
reference_id	RHSA-2025:7691
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7691

reference_url	https://access.redhat.com/errata/RHSA-2025:7692
reference_id	RHSA-2025:7692
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7692

reference_url	https://access.redhat.com/errata/RHSA-2025:7693
reference_id	RHSA-2025:7693
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7693

reference_url	https://access.redhat.com/errata/RHSA-2025:7694
reference_id	RHSA-2025:7694
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7694

reference_url	https://access.redhat.com/errata/RHSA-2025:7695
reference_id	RHSA-2025:7695
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7695

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1894100

reference_id

show_bug.cgi?id=1894100

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-29T15:16:24Z/

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1894100

reference_url	https://usn.ubuntu.com/7663-1/
reference_id	USN-7663-1
reference_type
scores
url	https://usn.ubuntu.com/7663-1/

fixed_packages

url	pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:128.10.0esr-1~deb12u1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:128.10.0esr-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.0esr-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:128.10.0esr-1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:128.10.0esr-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.0esr-1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie

purl pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5dw5-vpt8-zqbz

vulnerability	VCID-9ag7-z86d-nba9

vulnerability	VCID-qbzp-euvv-q7c7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie

aliases CVE-2025-4093

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dp5j-4mzw-pqer

url VCID-gph4-xa9p-73fr

vulnerability_id VCID-gph4-xa9p-73fr

summary Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4091.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4091.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-4091

reference_id

reference_type

scores

value	0.00436
scoring_system	epss
scoring_elements	0.63019
published_at	2026-04-21T12:55:00Z

value	0.00436
scoring_system	epss
scoring_elements	0.62947
published_at	2026-04-07T12:55:00Z

value	0.00436
scoring_system	epss
scoring_elements	0.63018
published_at	2026-04-12T12:55:00Z

value	0.00436
scoring_system	epss
scoring_elements	0.63032
published_at	2026-04-11T12:55:00Z

value	0.00436
scoring_system	epss
scoring_elements	0.63015
published_at	2026-04-09T12:55:00Z

value	0.00436
scoring_system	epss
scoring_elements	0.62998
published_at	2026-04-08T12:55:00Z

value	0.00436
scoring_system	epss
scoring_elements	0.62983
published_at	2026-04-04T12:55:00Z

value	0.00436
scoring_system	epss
scoring_elements	0.62954
published_at	2026-04-02T12:55:00Z

value	0.00436
scoring_system	epss
scoring_elements	0.6304
published_at	2026-04-18T12:55:00Z

value	0.00436
scoring_system	epss
scoring_elements	0.63033
published_at	2026-04-16T12:55:00Z

value	0.00436
scoring_system	epss
scoring_elements	0.62996
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-4091

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4091
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4091

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2362912
reference_id	2362912
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2362912

reference_url

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1951161%2C1952105

reference_id

buglist.cgi?bug_id=1951161%2C1952105

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-29T15:36:41Z/

url

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1951161%2C1952105

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-28

reference_id

mfsa2025-28

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-28

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-28/

reference_id

mfsa2025-28

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-29T15:36:41Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-28/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-29

reference_id

mfsa2025-29

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-29

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-29/

reference_id

mfsa2025-29

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-29T15:36:41Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-29/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-31

reference_id

mfsa2025-31

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-31

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-31/

reference_id

mfsa2025-31

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-29T15:36:41Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-31/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-32

reference_id

mfsa2025-32

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-32

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-32/

reference_id

mfsa2025-32

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-29T15:36:41Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-32/

reference_url	https://access.redhat.com/errata/RHSA-2025:4443
reference_id	RHSA-2025:4443
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4443

reference_url	https://access.redhat.com/errata/RHSA-2025:4458
reference_id	RHSA-2025:4458
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4458

reference_url	https://access.redhat.com/errata/RHSA-2025:4460
reference_id	RHSA-2025:4460
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4460

reference_url	https://access.redhat.com/errata/RHSA-2025:4751
reference_id	RHSA-2025:4751
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4751

reference_url	https://access.redhat.com/errata/RHSA-2025:4752
reference_id	RHSA-2025:4752
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4752

reference_url	https://access.redhat.com/errata/RHSA-2025:4753
reference_id	RHSA-2025:4753
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4753

reference_url	https://access.redhat.com/errata/RHSA-2025:4756
reference_id	RHSA-2025:4756
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4756

reference_url	https://access.redhat.com/errata/RHSA-2025:4797
reference_id	RHSA-2025:4797
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4797

reference_url	https://access.redhat.com/errata/RHSA-2025:7428
reference_id	RHSA-2025:7428
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7428

reference_url	https://access.redhat.com/errata/RHSA-2025:7506
reference_id	RHSA-2025:7506
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7506

reference_url	https://access.redhat.com/errata/RHSA-2025:7507
reference_id	RHSA-2025:7507
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7507

reference_url	https://access.redhat.com/errata/RHSA-2025:7543
reference_id	RHSA-2025:7543
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7543

reference_url	https://access.redhat.com/errata/RHSA-2025:7544
reference_id	RHSA-2025:7544
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7544

reference_url	https://access.redhat.com/errata/RHSA-2025:7545
reference_id	RHSA-2025:7545
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7545

reference_url	https://access.redhat.com/errata/RHSA-2025:7547
reference_id	RHSA-2025:7547
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7547

reference_url	https://access.redhat.com/errata/RHSA-2025:7689
reference_id	RHSA-2025:7689
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7689

reference_url	https://access.redhat.com/errata/RHSA-2025:7690
reference_id	RHSA-2025:7690
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7690

reference_url	https://access.redhat.com/errata/RHSA-2025:7691
reference_id	RHSA-2025:7691
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7691

reference_url	https://access.redhat.com/errata/RHSA-2025:7692
reference_id	RHSA-2025:7692
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7692

reference_url	https://access.redhat.com/errata/RHSA-2025:7693
reference_id	RHSA-2025:7693
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7693

reference_url	https://access.redhat.com/errata/RHSA-2025:7694
reference_id	RHSA-2025:7694
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7694

reference_url	https://access.redhat.com/errata/RHSA-2025:7695
reference_id	RHSA-2025:7695
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7695

reference_url	https://usn.ubuntu.com/7663-1/
reference_id	USN-7663-1
reference_type
scores
url	https://usn.ubuntu.com/7663-1/

fixed_packages

url	pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:128.10.0esr-1~deb12u1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:128.10.0esr-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.0esr-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:128.10.0esr-1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:128.10.0esr-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.0esr-1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie

purl pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5dw5-vpt8-zqbz

vulnerability	VCID-9ag7-z86d-nba9

vulnerability	VCID-qbzp-euvv-q7c7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie

aliases CVE-2025-4091

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gph4-xa9p-73fr

url VCID-jyns-kqp9-4ygh

vulnerability_id VCID-jyns-kqp9-4ygh

summary

By crafting a malformed file name for an attachment in a multipart
message, an attacker can trick Thunderbird into including a
directory listing of /tmp when the message is forwarded or edited
as a new message. This vulnerability could allow attackers to
disclose sensitive information from the victim's system. This
vulnerability is not limited to Linux; similar behavior has been
observed on Windows as well.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2830.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2830.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-2830

reference_id

reference_type

scores

value	0.00224
scoring_system	epss
scoring_elements	0.45075
published_at	2026-04-21T12:55:00Z

value	0.00224
scoring_system	epss
scoring_elements	0.4509
published_at	2026-04-09T12:55:00Z

value	0.00224
scoring_system	epss
scoring_elements	0.45037
published_at	2026-04-07T12:55:00Z

value	0.00224
scoring_system	epss
scoring_elements	0.45089
published_at	2026-04-08T12:55:00Z

value	0.00224
scoring_system	epss
scoring_elements	0.45112
published_at	2026-04-11T12:55:00Z

value	0.00224
scoring_system	epss
scoring_elements	0.45072
published_at	2026-04-02T12:55:00Z

value	0.00224
scoring_system	epss
scoring_elements	0.45124
published_at	2026-04-18T12:55:00Z

value	0.00224
scoring_system	epss
scoring_elements	0.45131
published_at	2026-04-16T12:55:00Z

value	0.00224
scoring_system	epss
scoring_elements	0.45082
published_at	2026-04-13T12:55:00Z

value	0.00224
scoring_system	epss
scoring_elements	0.4508
published_at	2026-04-12T12:55:00Z

value	0.00224
scoring_system	epss
scoring_elements	0.45094
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-2830

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2830
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2830

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2359789
reference_id	2359789
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2359789

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-26

reference_id

mfsa2025-26

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-26

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-26/

reference_id

mfsa2025-26

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T17:53:44Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-26/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-27

reference_id

mfsa2025-27

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-27

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-27/

reference_id

mfsa2025-27

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T17:53:44Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-27/

reference_url	https://access.redhat.com/errata/RHSA-2025:4229
reference_id	RHSA-2025:4229
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4229

reference_url	https://access.redhat.com/errata/RHSA-2025:4389
reference_id	RHSA-2025:4389
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4389

reference_url	https://access.redhat.com/errata/RHSA-2025:4512
reference_id	RHSA-2025:4512
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4512

reference_url	https://access.redhat.com/errata/RHSA-2025:4513
reference_id	RHSA-2025:4513
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4513

reference_url	https://access.redhat.com/errata/RHSA-2025:4514
reference_id	RHSA-2025:4514
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4514

reference_url	https://access.redhat.com/errata/RHSA-2025:4617
reference_id	RHSA-2025:4617
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4617

reference_url	https://access.redhat.com/errata/RHSA-2025:4649
reference_id	RHSA-2025:4649
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4649

reference_url	https://access.redhat.com/errata/RHSA-2025:4654
reference_id	RHSA-2025:4654
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4654

reference_url	https://access.redhat.com/errata/RHSA-2025:4665
reference_id	RHSA-2025:4665
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4665

reference_url	https://access.redhat.com/errata/RHSA-2025:7435
reference_id	RHSA-2025:7435
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7435

reference_url	https://access.redhat.com/errata/RHSA-2025:7507
reference_id	RHSA-2025:7507
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7507

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1956379

reference_id

show_bug.cgi?id=1956379

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T17:53:44Z/

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1956379

reference_url	https://usn.ubuntu.com/7663-1/
reference_id	USN-7663-1
reference_type
scores
url	https://usn.ubuntu.com/7663-1/

fixed_packages

url	pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:128.10.0esr-1~deb12u1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:128.10.0esr-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.0esr-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:128.10.0esr-1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:128.10.0esr-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.0esr-1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie

purl pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5dw5-vpt8-zqbz

vulnerability	VCID-9ag7-z86d-nba9

vulnerability	VCID-qbzp-euvv-q7c7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie

aliases CVE-2025-2830

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jyns-kqp9-4ygh

url VCID-n9jq-77ud-v7c9

vulnerability_id VCID-n9jq-77ud-v7c9

summary

When an email contains multiple attachments with external links
via the X-Mozilla-External-Attachment-URL header, only the last
link is shown when hovering over any attachment. Although the
correct link is used on click, the misleading hover text could
trick users into downloading content from untrusted sources.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3523.json

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3523.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-3523

reference_id

reference_type

scores

value	0.00244
scoring_system	epss
scoring_elements	0.47696
published_at	2026-04-21T12:55:00Z

value	0.00244
scoring_system	epss
scoring_elements	0.47689
published_at	2026-04-08T12:55:00Z

value	0.00244
scoring_system	epss
scoring_elements	0.47684
published_at	2026-04-09T12:55:00Z

value	0.00244
scoring_system	epss
scoring_elements	0.47634
published_at	2026-04-07T12:55:00Z

value	0.00244
scoring_system	epss
scoring_elements	0.47708
published_at	2026-04-11T12:55:00Z

value	0.00244
scoring_system	epss
scoring_elements	0.47664
published_at	2026-04-02T12:55:00Z

value	0.00244
scoring_system	epss
scoring_elements	0.47743
published_at	2026-04-18T12:55:00Z

value	0.00244
scoring_system	epss
scoring_elements	0.47751
published_at	2026-04-16T12:55:00Z

value	0.00244
scoring_system	epss
scoring_elements	0.47694
published_at	2026-04-13T12:55:00Z

value	0.00244
scoring_system	epss
scoring_elements	0.47685
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-3523

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3523
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3523

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2359786
reference_id	2359786
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2359786

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-26

reference_id

mfsa2025-26

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-26

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-26/

reference_id

mfsa2025-26

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T17:45:32Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-26/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-27

reference_id

mfsa2025-27

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-27

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-27/

reference_id

mfsa2025-27

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T17:45:32Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-27/

reference_url	https://access.redhat.com/errata/RHSA-2025:4229
reference_id	RHSA-2025:4229
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4229

reference_url	https://access.redhat.com/errata/RHSA-2025:4389
reference_id	RHSA-2025:4389
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4389

reference_url	https://access.redhat.com/errata/RHSA-2025:4512
reference_id	RHSA-2025:4512
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4512

reference_url	https://access.redhat.com/errata/RHSA-2025:4513
reference_id	RHSA-2025:4513
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4513

reference_url	https://access.redhat.com/errata/RHSA-2025:4514
reference_id	RHSA-2025:4514
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4514

reference_url	https://access.redhat.com/errata/RHSA-2025:4617
reference_id	RHSA-2025:4617
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4617

reference_url	https://access.redhat.com/errata/RHSA-2025:4649
reference_id	RHSA-2025:4649
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4649

reference_url	https://access.redhat.com/errata/RHSA-2025:4654
reference_id	RHSA-2025:4654
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4654

reference_url	https://access.redhat.com/errata/RHSA-2025:4665
reference_id	RHSA-2025:4665
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4665

reference_url	https://access.redhat.com/errata/RHSA-2025:7435
reference_id	RHSA-2025:7435
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7435

reference_url	https://access.redhat.com/errata/RHSA-2025:7507
reference_id	RHSA-2025:7507
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7507

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1958385

reference_id

show_bug.cgi?id=1958385

reference_type

scores

value	6.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T17:45:32Z/

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1958385

reference_url	https://usn.ubuntu.com/7663-1/
reference_id	USN-7663-1
reference_type
scores
url	https://usn.ubuntu.com/7663-1/

fixed_packages

url	pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:128.10.0esr-1~deb12u1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:128.10.0esr-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.0esr-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:128.10.0esr-1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:128.10.0esr-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.0esr-1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie

purl pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5dw5-vpt8-zqbz

vulnerability	VCID-9ag7-z86d-nba9

vulnerability	VCID-qbzp-euvv-q7c7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie

aliases CVE-2025-3523

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n9jq-77ud-v7c9

url VCID-rfve-tkv7-13dv

vulnerability_id VCID-rfve-tkv7-13dv

summary

Thunderbird processes the X-Mozilla-External-Attachment-URL header
to handle attachments which can be hosted externally. When an
email is opened, Thunderbird accesses the specified URL to 
determine file size, and navigates to it when the user clicks the
attachment. Because the URL is not validated or sanitized, it can
reference internal resources like chrome:// or SMB share file:// links,
potentially leading to hashed Windows credential leakage and opening the
door to more serious security issues.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3522.json

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3522.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-3522

reference_id

reference_type

scores

value	0.0023
scoring_system	epss
scoring_elements	0.45837
published_at	2026-04-21T12:55:00Z

value	0.0023
scoring_system	epss
scoring_elements	0.45872
published_at	2026-04-11T12:55:00Z

value	0.0023
scoring_system	epss
scoring_elements	0.45796
published_at	2026-04-07T12:55:00Z

value	0.0023
scoring_system	epss
scoring_elements	0.45853
published_at	2026-04-08T12:55:00Z

value	0.0023
scoring_system	epss
scoring_elements	0.4585
published_at	2026-04-09T12:55:00Z

value	0.0023
scoring_system	epss
scoring_elements	0.45824
published_at	2026-04-02T12:55:00Z

value	0.0023
scoring_system	epss
scoring_elements	0.45892
published_at	2026-04-18T12:55:00Z

value	0.0023
scoring_system	epss
scoring_elements	0.45898
published_at	2026-04-16T12:55:00Z

value	0.0023
scoring_system	epss
scoring_elements	0.45845
published_at	2026-04-13T12:55:00Z

value	0.0023
scoring_system	epss
scoring_elements	0.45842
published_at	2026-04-12T12:55:00Z

value	0.0023
scoring_system	epss
scoring_elements	0.45846
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-3522

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3522
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3522

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2359793
reference_id	2359793
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2359793

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-26

reference_id

mfsa2025-26

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-26

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-26/

reference_id

mfsa2025-26

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T18:49:37Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-26/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-27

reference_id

mfsa2025-27

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-27

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-27/

reference_id

mfsa2025-27

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T18:49:37Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-27/

reference_url	https://access.redhat.com/errata/RHSA-2025:4229
reference_id	RHSA-2025:4229
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4229

reference_url	https://access.redhat.com/errata/RHSA-2025:4389
reference_id	RHSA-2025:4389
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4389

reference_url	https://access.redhat.com/errata/RHSA-2025:4512
reference_id	RHSA-2025:4512
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4512

reference_url	https://access.redhat.com/errata/RHSA-2025:4513
reference_id	RHSA-2025:4513
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4513

reference_url	https://access.redhat.com/errata/RHSA-2025:4514
reference_id	RHSA-2025:4514
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4514

reference_url	https://access.redhat.com/errata/RHSA-2025:4617
reference_id	RHSA-2025:4617
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4617

reference_url	https://access.redhat.com/errata/RHSA-2025:4649
reference_id	RHSA-2025:4649
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4649

reference_url	https://access.redhat.com/errata/RHSA-2025:4654
reference_id	RHSA-2025:4654
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4654

reference_url	https://access.redhat.com/errata/RHSA-2025:4665
reference_id	RHSA-2025:4665
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4665

reference_url	https://access.redhat.com/errata/RHSA-2025:7435
reference_id	RHSA-2025:7435
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7435

reference_url	https://access.redhat.com/errata/RHSA-2025:7507
reference_id	RHSA-2025:7507
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7507

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1955372

reference_id

show_bug.cgi?id=1955372

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T18:49:37Z/

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1955372

reference_url	https://usn.ubuntu.com/7663-1/
reference_id	USN-7663-1
reference_type
scores
url	https://usn.ubuntu.com/7663-1/

fixed_packages

url	pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:128.10.0esr-1~deb12u1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:128.10.0esr-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.0esr-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:128.10.0esr-1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:128.10.0esr-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.0esr-1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.1esr-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie

purl pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5dw5-vpt8-zqbz

vulnerability	VCID-9ag7-z86d-nba9

vulnerability	VCID-qbzp-euvv-q7c7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie

aliases CVE-2025-3522

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rfve-tkv7-13dv

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.10.0esr-1~deb12u1%3Fdistro=trixie

Package Instance