- Description
- Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From address to be used. For example, if the From header contains an (invalid) value "Spoofed Name ", Thunderbird treats spoofed@example.com as the actual address. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1.
- Source
- security@mozilla.org
- NVD status
- Analyzed
CVSS 3.1
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-290
- Hype score
- Not currently trending
⚠️Actualizaciones de seguridad para los productos de Mozilla ❗CVE-2025-3875 ➡️Más info: https://t.co/QKJcAbXeOx https://t.co/IQH6BUfpBj
@CERTpy
19 May 2025
108 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-3875 (CVSS:7.5, HIGH) is Awaiting Analysis. Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From address t..https://t.co/Na6ce1bTmH #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
19 May 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
wat??? 🤣🤣🤣 (CVE-2025-3875)[1950629]Sender Spoofing via Malformed From Header in Thunderbird https://t.co/FSatRixPGY https://t.co/uHG1Y2ExdP https://t.co/kahz2qUpSh https://t.co/v1ouBEZFty
@xvonfers
14 May 2025
518 Impressions
0 Retweets
3 Likes
2 Bookmarks
0 Replies
0 Quotes
CVE-2025-3875 Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From address to be used. For example, if the From header conta… https://t.co/sfz1Hj8ly4
@CVEnew
14 May 2025
290 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "47A000D1-78D1-43A0-BBA8-5018439291D3",
"versionEndExcluding": "128.10.0"
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4AFE1A41-57DD-4532-9F3F-D3E9705868BA",
"versionEndExcluding": "138.0.1",
"versionStartIncluding": "129.0"
}
],
"operator": "OR"
}
]
}
]