CVE-2025-3932 | Mozilla Thunderbird up to 128.10.0/138.0.0 Header X-Mozilla-External-Attachment-URL Remote Code Execution

Inserito da Angelo Barbosa | Mag 14, 2025 | CVE

A vulnerability, which was classified as critical, was found in Mozilla Thunderbird up to 128.10.0/138.0.0. Affected is an unknown function of the component Header Handler. The manipulation of the argument X-Mozilla-External-Attachment-URL leads to Remote Code Execution.

This vulnerability is traded as CVE-2025-3932. It is possible to launch the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2025-3932 | Mozilla Thunderbird up to 128.10.0/138.0.0 Header X-Mozilla-External-Attachment-URL Remote Code Execution

Post correlati

CVE-2024-11150 | vanquish User Extra Fields Plugin up to 16.6 on WordPress wp-config.php delete_tmp_uploaded_file path traversal

CVE-2024-4201 | GitLab up to 16.10.6/16.11.3/17.0.1 XML File cross site scripting (Issue 458229)

CVE-2025-1173 | 1000 Projects Bookstore Management System 1.0 process_users_del.php id sql injection

CVE-2023-6574 | Beijing Baichuo Smart S20 up to 20231120 HTTP POST Request /sysmanage/updateos.php 1_file_upload unrestricted upload