VulnerableCode Package Details - pkg:rpm/redhat/thunderbird@128.10.0-1?arch=el10

Search for packages

Vulnerability	Summary	Fixed by
VCID-754j-7erb-z7ae Aliases: CVE-2025-2817	Mozilla Firefox's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled by a non-privileged user and enabling privilege escalation.	There are no reported fixed by versions.
VCID-as4y-nhw6-akfx Aliases: CVE-2025-4087	A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption.	There are no reported fixed by versions.
VCID-b3rg-quvp-2uha Aliases: CVE-2025-4083	A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape.	There are no reported fixed by versions.
VCID-dp5j-4mzw-pqer Aliases: CVE-2025-4093	Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code.	There are no reported fixed by versions.
VCID-gph4-xa9p-73fr Aliases: CVE-2025-4091	Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.	There are no reported fixed by versions.
VCID-jyns-kqp9-4ygh Aliases: CVE-2025-2830	By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a new message. This vulnerability could allow attackers to disclose sensitive information from the victim's system. This vulnerability is not limited to Linux; similar behavior has been observed on Windows as well.	There are no reported fixed by versions.
VCID-n9jq-77ud-v7c9 Aliases: CVE-2025-3523	When an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL header, only the last link is shown when hovering over any attachment. Although the correct link is used on click, the misleading hover text could trick users into downloading content from untrusted sources.	There are no reported fixed by versions.
VCID-rfve-tkv7-13dv Aliases: CVE-2025-3522	Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an email is opened, Thunderbird accesses the specified URL to determine file size, and navigates to it when the user clicks the attachment. Because the URL is not validated or sanitized, it can reference internal resources like chrome:// or SMB share file:// links, potentially leading to hashed Windows credential leakage and opening the door to more serious security issues.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-754j-7erb-z7ae
Aliases:
CVE-2025-2817

Mozilla Firefox's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled by a non-privileged user and enabling privilege escalation.