{ "document": { "aggregate_severity": { "text": "Critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "CVE-2024-0742: assertion failure in nsPresContext::UserInputEventsAllowed\n (Document::SetIsInitialDocument sticky-bit)\n- CVE-2025-2830: path traversal via malformed attachment filename in multipart\n message (directory guard in MimePart._fetchAttachment + mimedrft.cpp)\n- CVE-2025-3909: predictable tempfile path enables JavaScript execution from\n attachment opened in file:/// context (per-PID tempdir, 0o700)\n- CVE-2025-3932: tracking links in attachments bypass remote-content blocking\n (scheme allowlist + FeedMsg http(s) carve-out in AttachmentInfo.isEmpty)", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2026:1779579653", "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1779579653" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/almalinux9.2esu/advisories/2026/clsa-2026_1779579653.json" } ], "tracking": { "current_release_date": "2026-05-25T07:36:32Z", "generator": { "date": "2026-05-25T07:36:32Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2026:1779579653", "initial_release_date": "2026-05-23T23:41:45Z", "revision_history": [ { "date": "2026-05-23T23:41:45Z", "number": "1", "summary": "Initial version" }, { "date": "2026-05-25T07:36:32Z", "number": "2", "summary": "Update document" } ], "status": "final", "version": "2" }, "title": "thunderbird: Fix of 4 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "AlmaLinux 9.2", "product": { "name": "AlmaLinux 9.2", "product_id": "AlmaLinux-9.2", "product_identification_helper": { "cpe": "cpe:2.3:o:almalinux:almalinux:9.2:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "AlmaLinux" } ], "category": "vendor", "name": "AlmaLinux OS Foundation" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els3.x86_64", "product": { "name": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els3.x86_64", "product_id": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/thunderbird@115.4.1-1.el9_2.alma.tuxcare.els3?arch=x86_64" } } }, { "category": "product_version", "name": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els1.x86_64", "product": { "name": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els1.x86_64", "product_id": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/thunderbird@115.4.1-1.el9_2.alma.tuxcare.els1?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els3.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els3.x86_64" }, "product_reference": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els3.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els1.x86_64" }, "product_reference": "thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" } ] }, "vulnerabilities": [ { "cve": "CVE-2026-33416", "cwe": { "id": "CWE-825", "name": "Expired Pointer Dereference" }, "notes": [ { "category": "description", "text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.2.1 through 1.6.55, `png_set_tRNS` and `png_set_PLTE` each alias a heap-allocated buffer between `png_struct` and `png_info`, sharing a single allocation across two structs with independent lifetimes. The `trans_alpha` aliasing has been present since at least libpng 1.0, and the `palette` aliasing since at least 1.2.1. Both affect all prior release lines `png_set_tRNS` sets `png_ptr->trans_alpha = info_ptr->trans_alpha` (256-byte buffer) and `png_set_PLTE` sets `info_ptr->palette = png_ptr->palette` (768-byte buffer). In both cases, calling `png_free_data` (with `PNG_FREE_TRNS` or `PNG_FREE_PLTE`) frees the buffer through `info_ptr` while the corresponding `png_ptr` pointer remains dangling. Subsequent row-transform functions dereference and, in some code paths, write to the freed memory. A second call to `png_set_tRNS` or `png_set_PLTE` has the same effect, because both functions call `png_free_data` internally before reallocating the `info_ptr` buffer. Version 1.6.56 fixes the issue.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els3.x86_64" ], "known_affected": [ "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-33416" } ], "release_date": "2026-03-26T16:48:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-05-23T23:40:56.057064Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1779579653", "product_ids": [ "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els3.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1779579653" }, { "category": "none_available", "date": "2026-03-26T16:48:00Z", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-3932", "cwe": { "id": "CWE-288", "name": "Authentication Bypass Using an Alternate Path or Channel" }, "notes": [ { "category": "description", "text": "It was possible to craft an email that showed a tracking link as an attachment. If the user attempted to open the attachment, Thunderbird automatically accessed the link. The configuration to block remote content did not prevent that. Thunderbird has been fixed to no longer allow access to web pages listed in the X-Mozilla-External-Attachment-URL header of an email. This vulnerability was fixed in Thunderbird 128.10.1 and Thunderbird 138.0.1.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els3.x86_64" ], "known_affected": [ "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-3932" } ], "release_date": "2025-05-14T16:56:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-05-23T23:40:56.057064Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1779579653", "product_ids": [ "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els3.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1779579653" }, { "category": "none_available", "date": "2025-05-14T16:56:00Z", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-3909", "cwe": { "id": "CWE-290", "name": "Authentication Bypass by Spoofing" }, "notes": [ { "category": "description", "text": "Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment (message/rfc822) and setting its content type to application/pdf, Thunderbird may incorrectly render it as HTML when opened, allowing the embedded JavaScript to run without requiring a file download. This behavior relies on Thunderbird auto-saving the attachment to /tmp and linking to it via the file:/// protocol, potentially enabling JavaScript execution as part of the HTML. This vulnerability was fixed in Thunderbird 128.10.1 and Thunderbird 138.0.1.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els3.x86_64" ], "known_affected": [ "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-3909" } ], "release_date": "2025-05-14T16:56:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-05-23T23:40:56.057064Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1779579653", "product_ids": [ "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els3.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1779579653" }, { "category": "none_available", "date": "2025-05-14T16:56:00Z", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-2830", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "notes": [ { "category": "description", "text": "By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a new message. This vulnerability could allow attackers to disclose sensitive information from the victim's system. This vulnerability is not limited to Linux; similar behavior has been observed on Windows as well. This vulnerability was fixed in Thunderbird 137.0.2 and Thunderbird 128.9.2.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els3.x86_64" ], "known_affected": [ "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-2830" } ], "release_date": "2025-04-15T15:06:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-05-23T23:40:56.057064Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1779579653", "product_ids": [ "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els3.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1779579653" }, { "category": "none_available", "date": "2025-04-15T15:06:00Z", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-0742", "notes": [ { "category": "description", "text": "It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els3.x86_64" ], "known_affected": [ "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-0742" }, { "category": "external", "summary": "https://bugzilla.mozilla.org/show_bug.cgi?id=1867152", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1867152" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html", "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html", "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html" }, { "category": "external", "summary": "https://www.mozilla.org/security/advisories/mfsa2024-01/", "url": "https://www.mozilla.org/security/advisories/mfsa2024-01/" }, { "category": "external", "summary": "https://www.mozilla.org/security/advisories/mfsa2024-02/", "url": "https://www.mozilla.org/security/advisories/mfsa2024-02/" }, { "category": "external", "summary": "https://www.mozilla.org/security/advisories/mfsa2024-04/", "url": "https://www.mozilla.org/security/advisories/mfsa2024-04/" } ], "release_date": "2024-01-23T14:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-05-23T23:40:56.057064Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1779579653", "product_ids": [ "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els3.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1779579653" }, { "category": "none_available", "date": "2024-01-23T14:15:00Z", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-3875", "cwe": { "id": "CWE-290", "name": "Authentication Bypass by Spoofing" }, "notes": [ { "category": "description", "text": "Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From address to be used. For example, if the From header contains an (invalid) value \"Spoofed Name \", Thunderbird treats spoofed@example.com as the actual address. This vulnerability was fixed in Thunderbird 128.10.1 and Thunderbird 138.0.1.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els3.x86_64" ], "known_affected": [ "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-3875" } ], "release_date": "2025-05-14T16:56:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-05-23T23:40:56.057064Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1779579653", "product_ids": [ "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els3.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1779579653" }, { "category": "none_available", "date": "2025-05-14T16:56:00Z", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2024-9680", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els3.x86_64" ], "known_affected": [ "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-9680" }, { "category": "external", "summary": "https://bugzilla.mozilla.org/show_bug.cgi?id=1923344", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1923344" }, { "category": "external", "summary": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49039", "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49039" }, { "category": "external", "summary": "https://www.mozilla.org/security/advisories/mfsa2024-51/", "url": "https://www.mozilla.org/security/advisories/mfsa2024-51/" }, { "category": "external", "summary": "https://www.mozilla.org/security/advisories/mfsa2024-52/", "url": "https://www.mozilla.org/security/advisories/mfsa2024-52/" }, { "category": "external", "summary": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281992", "url": "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281992" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/10/msg00005.html", "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00005.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/10/msg00006.html", "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00006.html" }, { "category": "external", "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-9680", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-9680" } ], "release_date": "2024-10-09T13:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-05-23T23:40:56.057064Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1779579653", "product_ids": [ "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els3.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1779579653" }, { "category": "none_available", "date": "2024-10-09T13:15:00Z", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] }, { "cve": "CVE-2025-3522", "cwe": { "id": "CWE-1220", "name": "Insufficient Granularity of Access Control" }, "notes": [ { "category": "description", "text": "Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an email is opened, Thunderbird accesses the specified URL to determine file size, and navigates to it when the user clicks the attachment. Because the URL is not validated or sanitized, it can reference internal resources like chrome:// or SMB share file:// links, potentially leading to hashed Windows credential leakage and opening the door to more serious security issues. This vulnerability was fixed in Thunderbird 137.0.2 and Thunderbird 128.9.2.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els3.x86_64" ], "known_affected": [ "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-3522" } ], "release_date": "2025-04-15T15:06:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-05-23T23:40:56.057064Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1779579653", "product_ids": [ "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els3.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1779579653" }, { "category": "none_available", "date": "2025-04-15T15:06:00Z", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:thunderbird-0:115.4.1-1.el9_2.alma.tuxcare.els3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] } ] }