CVE-2025-2830 — Path Traversal in Mozilla Thunderbird

CWE-22 — Path Traversal CWE-200 — Sensitive Information Exposure9 documents8 sources

Severity

6.3MEDIUMNVD

EPSS

0.2%

top 54.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Thunderbird

Timeline

PublishedApr 15

Latest updateJul 22

Description

By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a new message. This vulnerability could allow attackers to disclose sensitive information from the victim's system. This vulnerability is not limited to Linux; similar behavior has been observed on Windows as well. This vulnerability was fixed in Thunderbird 137.0.2 and Thunderbird 128.9.2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages2 packages

▶NVDmozilla/thunderbird129.0 — 137.0.2+1

▶Debianmozilla/thunderbird< 1:128.10.1esr-1~deb11u1+3

🔴Vulnerability Details

GHSA

GHSA-g6gh-87cw-x396: By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /t↗2025-04-15

▶

OSV

CVE-2025-2830: By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /t↗2025-04-15

▶

CVEList

Information Disclosure of /tmp directory listing↗2025-04-15

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2025-07-22

▶

Red Hat

thunderbird: Information Disclosure of /tmp directory listing↗2025-04-15

▶

Debian

CVE-2025-2830: thunderbird - By crafting a malformed file name for an attachment in a multipart message, an a...↗2025

▶

Mozilla

Mozilla Foundation Security Advisory 2025-26: CVE-2025-2830↗

▶

Mozilla

Mozilla Foundation Security Advisory 2025-27: CVE-2025-2830↗

▶