CVE-2025-0510

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 128.7 Thunderbird versions prior to 135

Description The issue arises when the From field of an email uses invalid group name syntax. This results in Thunderbird displaying an incorrect sender address.

Recommendations For versions prior to 128.7, update to version 128.7 or later. For versions prior to 135, update to version 135 or later. At the moment, there is no information about additional mitigation measures for this issue.

Fix

Insufficient Verification of Data Authenticity

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-345

Related Identifiers

ALSA-2025:1184

ALSA-2025:1292

ALT-PU-2025-4001

ALT-PU-2025-7695

BDU:2025-02316

CESA-2025_1292

CVE-2025-0510

DLA-4045-1

DSA-5861-1

INFSA-2025_1184

INFSA-2025_1292

MGASA-2025-0048

OESA-2025-1835

OPENSUSE-SU-2025:14731-1

OPENSUSE-SU-2025_0405-1

RHSA-2025:1184

RHSA-2025:1292

RHSA-2025:1317

RHSA-2025:1318

RHSA-2025:1319

RHSA-2025:1339

RHSA-2025:1340

RHSA-2025:1341

RHSA-2025:1348

RHSA-2025_1184

RHSA-2025_1292

RLSA-2025:1292

SUSE-SU-2025:0405-1

USN-7663-1

Affected Products

Alt Linux

Almalinux

Centos

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Thunderbird

Ubuntu

CVE-2025-0510

Weakness Enumeration

Related Identifiers

Affected Products

References · 227