{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/725?format=json","vulnerability_id":"VCID-gc1t-v1q2-kkez","summary":"When an email contains multiple attachments with external links\nvia the X-Mozilla-External-Attachment-URL header, only the last\nlink is shown when hovering over any attachment. Although the\ncorrect link is used on click, the misleading hover text could\ntrick users into downloading content from untrusted sources.","aliases":[{"alias":"CVE-2025-3523"}],"fixed_packages":[],"affected_packages":[],"references":[{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-26","reference_id":"mfsa2025-26","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-26"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-27","reference_id":"mfsa2025-27","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-27"}],"weaknesses":[],"exploits":[],"severity_range_score":"7.0 - 8.9","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gc1t-v1q2-kkez"}