fkie_cve-2025-2830
Vulnerability from fkie_nvd
Published
2025-04-15 15:16
Modified
2025-06-18 13:37
Severity ?
Summary
By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a new message. This vulnerability could allow attackers to disclose sensitive information from the victim's system. This vulnerability is not limited to Linux; similar behavior has been observed on Windows as well. This vulnerability affects Thunderbird < 137.0.2 and Thunderbird < 128.9.2.
References
▶ | URL | Tags | |
---|---|---|---|
security@mozilla.org | https://bugzilla.mozilla.org/show_bug.cgi?id=1956379 | Permissions Required | |
security@mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-26/ | Vendor Advisory | |
security@mozilla.org | https://www.mozilla.org/security/advisories/mfsa2025-27/ | Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mozilla | thunderbird | * | |
mozilla | thunderbird | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "D11A3908-71D7-4967-8029-0D4DD57F384C", "versionEndExcluding": "128.9.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "971D9339-D135-4B63-A4DA-E333080DA5E6", "versionEndExcluding": "137.0.2", "versionStartIncluding": "129.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a new message. This vulnerability could allow attackers to disclose sensitive information from the victim\u0027s system. This vulnerability is not limited to Linux; similar behavior has been observed on Windows as well. This vulnerability affects Thunderbird \u003c 137.0.2 and Thunderbird \u003c 128.9.2." }, { "lang": "es", "value": "Al manipular un nombre de archivo mal formado para un archivo adjunto en un mensaje multiparte, un atacante puede enga\u00f1ar a Thunderbird para que incluya la lista de directorio /tmp al reenviar o editar el mensaje como nuevo. Esta vulnerabilidad podr\u00eda permitir a los atacantes divulgar informaci\u00f3n confidencial del sistema de la v\u00edctima. Esta vulnerabilidad no se limita a Linux; tambi\u00e9n se ha observado un comportamiento similar en Windows. Esta vulnerabilidad afecta a Thunderbird (versi\u00f3n anterior a la 137.0.2) y a Thunderbird (versi\u00f3n anterior a la 128.9.2)." } ], "id": "CVE-2025-2830", "lastModified": "2025-06-18T13:37:00.120", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] }, "published": "2025-04-15T15:16:08.957", "references": [ { "source": "security@mozilla.org", "tags": [ "Permissions Required" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1956379" }, { "source": "security@mozilla.org", "tags": [ "Vendor Advisory" ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-26/" }, { "source": "security@mozilla.org", "tags": [ "Vendor Advisory" ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-27/" } ], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Analyzed", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-22" } ], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…