CVE-2025-3909 | Mozilla Thunderbird up to 128.10.0/138.0.0 Header X-Mozilla-External-Attachment-URL cross site scripting

Inserito da Angelo Barbosa | Mag 14, 2025 | CVE

A vulnerability, which was classified as problematic, has been found in Mozilla Thunderbird up to 128.10.0/138.0.0. This issue affects some unknown processing of the component Header Handler. The manipulation of the argument X-Mozilla-External-Attachment-URL leads to cross site scripting.

The identification of this vulnerability is CVE-2025-3909. The attack may be initiated remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2025-3909 | Mozilla Thunderbird up to 128.10.0/138.0.0 Header X-Mozilla-External-Attachment-URL cross site scripting

Post correlati

CVE-2024-40958 | Linux Kernel up to 6.9.6 lib/refcount.c get_net_ns use after free

CVE-2024-1341 | Advanced iFrame Plugin up to 2024.1 on WordPress cross site scripting

CVE-2024-8403 | Mitsubishi Electric MELSEC iQ-F FX5-ENET IP SLMP Packet improper validation of specified type of input

CVE-2024-44234 | Apple visionOS Video File memory corruption