SB2025042806 - Red Hat Enterprise Linux 9 update for thunderbird
Published: April 28, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Spoofing attack (CVE-ID: CVE-2025-3523)
The vulnerability allows a remote attacker to perform spoofing attack.
When an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL header, only the last link is shown when hovering over any attachment. Although the correct link is used on click, the misleading hover text could trick users into downloading content from untrusted sources.
2) Information disclosure (CVE-ID: CVE-2025-2830)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to an error when handling attachment in a multipart
message. A remote attacker can trick the victim into forwarding a specially crafted email and force Thunderbird to include in the message a
directory listing of /tmp.
3) Information disclosure (CVE-ID: CVE-2025-3522)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a missing URL validation when processing the X-Mozilla-External-Attachment-URL header to handle externally hosted attachments. A remote attacker can send a specially crafted email to the victim that contains a link with an internally referenced document, such as "chrome://" or "chrome://" and force Thunderbird to share hashed Windows credentials with that URL, leading to information disclosure.
Remediation
Install update from vendor's website.