PT-2025-3931 · Mozilla+9 · Thunderbird+9

Fabian Densborn

Publicado

2025-02-04

Atualizado

2025-10-08

CVE-2025-0510

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 128.7 Thunderbird versions prior to 135

Description The issue arises when the From field of an email uses invalid group name syntax. This results in Thunderbird displaying an incorrect sender address.

Recommendations For versions prior to 128.7, update to version 128.7 or later. For versions prior to 135, update to version 135 or later. At the moment, there is no information about additional mitigation measures for this issue.

Correção

Insufficient Verification of Data Authenticity

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-345

Identificadores relacionados

ALSA-2025:1184

ALSA-2025:1292

ALT-PU-2025-4001

ALT-PU-2025-7695

BDU:2025-02316

CESA-2025_1292

CVE-2025-0510

DLA-4045-1

DSA-5861-1

INFSA-2025_1184

INFSA-2025_1292

MGASA-2025-0048

OESA-2025-1835

OPENSUSE-SU-2025:14731-1

OPENSUSE-SU-2025_0405-1

RHSA-2025:1184

RHSA-2025:1292

RHSA-2025:1317

RHSA-2025:1318

RHSA-2025:1319

RHSA-2025:1339

RHSA-2025:1340

RHSA-2025:1341

RHSA-2025:1348

RHSA-2025_1184

RHSA-2025_1292

RLSA-2025:1292

SUSE-SU-2025:0405-1

USN-7663-1

Produtos afetados

Alt Linux

Almalinux

Centos

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Thunderbird

Ubuntu

PT-2025-3931 · Mozilla+9 · Thunderbird+9

CVE-2025-0510

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 227