CVE-2025-0510
published 2025-02-04CVE-2025-0510: Thunderbird displayed an incorrect sender address if the From field of an email used the invalid group name syntax that is described in CVE-2024-49040. This…
medium6.5CVSS 3.1
AVNACLPRNUIRSUCNIHAN
Thunderbird displayed an incorrect sender address if the From field of an email used the invalid group name syntax that is described in CVE-2024-49040. This vulnerability was fixed in Thunderbird 128.7 and Thunderbird 135.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | thunderbird | < thunderbird 1:128.7.0esr-1~deb12u1 (bookworm) | thunderbird 1:128.7.0esr-1~deb12u1 (bookworm) |
| mozilla | firefox | — | — |
| mozilla | thunderbird | >= 0 < 1:128.7.0esr-1~deb11u1 | 1:128.7.0esr-1~deb11u1 |
| mozilla | thunderbird | >= 0 < 1:128.7.0esr-1~deb12u1 | 1:128.7.0esr-1~deb12u1 |
| mozilla | thunderbird | >= 0 < 1:128.7.0esr-1 | 1:128.7.0esr-1 |
| mozilla | thunderbird | >= 0 < 1:128.7.0esr-1 | 1:128.7.0esr-1 |
| mozilla | thunderbird | >= 128.0.1 < 128.7.0 | 128.7.0 |
| mozilla | thunderbird | >= 131.0 < 135.0 | 135.0 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
osv7.5HIGH