SB2025070701 - Red Hat Enterprise Linux 8 update for thunderbird

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025070701

SB2025070701 - Red Hat Enterprise Linux 8 update for thunderbird

Published: July 7, 2025

Security Bulletin ID SB2025070701
Severity
High
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

High 20% Medium 60% Low 20%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Input validation error (CVE-ID: CVE-2025-5986)

The vulnerability allows a remote attacker to gain access to sensitive information or perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when handling mailbox:/// links. A remote attacker can create a specially crafted email mailbox:/// links and trigger unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. Additionally, this behavior can be use to leak Windows credentials via SMB links when the email is viewed in HTML mode.

Note, viewing the email in HTML mode is enough to load external content.


2) Use-after-free (CVE-ID: CVE-2025-6424)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in FontFaceSet. A remote attacker can trick the victim into opening a specially crafted website and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


3) Information disclosure (CVE-ID: CVE-2025-6425)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the WebCompat extension shipped with Firefox allows to enumerate resources and obtain a persistent UUID that identifies the browser, and persists between containers and normal/private browsing mode, but not profiles.


4) Input validation error (CVE-ID: CVE-2025-6429)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to incorrect parsing of embedded URLs that led to URLs being rewritten to the youtube.com domain. A remote attacker can use a specially crafted embed tag to bypass website security checks that restricted which domains users were allowed to embed.


5) Protection Mechanism Failure (CVE-ID: CVE-2025-6430)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to an error when handling embed or object tags. When a file download is specified via the Content-Disposition header, that directive would be ignored if the file was included via a <embed> or <object> tag, potentially making a website vulnerable to a cross-site scripting attack.


Remediation

Install update from vendor's website.

References