CVE-2025-3909 | Mozilla Thunderbird up to 128.10.0/138.0.0 Header X-Mozilla-External-Attachment-URL cross site scripting

Inserito da Angelo Barbosa | Mag 14, 2025 | CVE

A vulnerability, which was classified as problematic, has been found in Mozilla Thunderbird up to 128.10.0/138.0.0. This issue affects some unknown processing of the component Header Handler. The manipulation of the argument X-Mozilla-External-Attachment-URL leads to cross site scripting.

The identification of this vulnerability is CVE-2025-3909. The attack may be initiated remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2025-3909 | Mozilla Thunderbird up to 128.10.0/138.0.0 Header X-Mozilla-External-Attachment-URL cross site scripting

Post correlati

CVE-2024-31008 | wuzhicms 4.1.0 index.php information disclosure

CVE-2025-23056 | HPE Aruba Networking Fabric Composer AFC up to 7.1.0 Web Management Interface cross site scripting

CVE-2024-53796 | Themesflat Addons for Elementor Plugin up to 2.2.2 on WordPress cross site scripting

CVE-2024-3502 | lunary-ai lunary up to 1.2.5 User Password information disclosure (dec-4538-8905)