Vulnerabilities > CVE-2025-1015 - Unspecified vulnerability in Mozilla Thunderbird

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

mozilla

NVD

Published: 2025-02-04

Updated: 2025-02-06

Summary

The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For example, in the “Other” field of the Instant Messaging section. If another user imported the address book, clicking on the link could result in opening a web page inside Thunderbird, and that page could execute (unprivileged) JavaScript. This vulnerability affects Thunderbird < 128.7.

Vulnerable Configurations

Part	Description	Count
Application	Mozilla Mozilla Thunderbird 128.0.1 Mozilla Thunderbird 128.1.0 Mozilla Thunderbird 128.1.1 Mozilla Thunderbird 128.2.0 Mozilla Thunderbird 128.2.1 Mozilla Thunderbird 128.2.2 Mozilla Thunderbird 128.2.3 Mozilla Thunderbird 128.3.0 Mozilla Thunderbird 128.3.1 Mozilla Thunderbird 128.3.2 Mozilla Thunderbird 128.3.3 Mozilla Thunderbird 128.4.0 Mozilla Thunderbird 128.4.1 Mozilla Thunderbird 128.4.2 Mozilla Thunderbird 128.4.3 Mozilla Thunderbird 128.4.4 Mozilla Thunderbird 128.5.0 Mozilla Thunderbird 128.5.1 Mozilla Thunderbird 128.5.2 Mozilla Thunderbird 128.6.0	20

Summary

Vulnerable Configurations

References