SUSE update for MozillaThunderbird
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2025-3875 CVE-2025-3877 CVE-2025-3909 CVE-2025-3932 |
| CWE-ID | CWE-20 CWE-200 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
SUSE Linux Enterprise Workstation Extension 15 Operating systems & Components / Operating system SUSE Package Hub 15 Operating systems & Components / Operating system SUSE Linux Enterprise Real Time 15 Operating systems & Components / Operating system openSUSE Leap Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 Operating systems & Components / Operating system SUSE Linux Enterprise Desktop 15 Operating systems & Components / Operating system MozillaThunderbird-debugsource Operating systems & Components / Operating system package or component MozillaThunderbird Operating systems & Components / Operating system package or component MozillaThunderbird-debuginfo Operating systems & Components / Operating system package or component MozillaThunderbird-translations-other Operating systems & Components / Operating system package or component MozillaThunderbird-translations-common Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU109190
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-3875
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a spoofing attack
The vulnerability exists due to insufficient validation of email addresses. A remote attacker can spoof the sender email address via a specially crafted "From" field in the email..
Update the affected package MozillaThunderbird to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Workstation Extension 15: SP6
SUSE Package Hub 15: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
SUSE Linux Enterprise Desktop 15: SP6
MozillaThunderbird-debugsource: before 128.10.1-150200.8.215.1
MozillaThunderbird: before 128.10.1-150200.8.215.1
MozillaThunderbird-debuginfo: before 128.10.1-150200.8.215.1
MozillaThunderbird-translations-other: before 128.10.1-150200.8.215.1
MozillaThunderbird-translations-common: before 128.10.1-150200.8.215.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_workstation_extension_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_package_hub_15:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:mozillathunderbird-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillathunderbird:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillathunderbird-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillathunderbird-translations-other:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillathunderbird-translations-common:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202501660-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU109191
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-3877
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to incorrect handling of "mailbox:///" links. A remote attacker can trick the victim into clicking on such a link and force the application into downloading arbitrary file or leak credentials.
Update the affected package MozillaThunderbird to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Workstation Extension 15: SP6
SUSE Package Hub 15: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
SUSE Linux Enterprise Desktop 15: SP6
MozillaThunderbird-debugsource: before 128.10.1-150200.8.215.1
MozillaThunderbird: before 128.10.1-150200.8.215.1
MozillaThunderbird-debuginfo: before 128.10.1-150200.8.215.1
MozillaThunderbird-translations-other: before 128.10.1-150200.8.215.1
MozillaThunderbird-translations-common: before 128.10.1-150200.8.215.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_workstation_extension_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_package_hub_15:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:mozillathunderbird-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillathunderbird:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillathunderbird-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillathunderbird-translations-other:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillathunderbird-translations-common:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202501660-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU109192
Risk: High
CVSSv4.0: 6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-3909
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary JavaScript code.
The vulnerability exists due to incorrect handling of the X-Mozilla-External-Attachment-URL header. A remote attacker can create a nested email attachment, set its content type to application/pdf and force the application to execute arbitrary JavaScript code in the file:/// context.
MitigationUpdate the affected package MozillaThunderbird to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Workstation Extension 15: SP6
SUSE Package Hub 15: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
SUSE Linux Enterprise Desktop 15: SP6
MozillaThunderbird-debugsource: before 128.10.1-150200.8.215.1
MozillaThunderbird: before 128.10.1-150200.8.215.1
MozillaThunderbird-debuginfo: before 128.10.1-150200.8.215.1
MozillaThunderbird-translations-other: before 128.10.1-150200.8.215.1
MozillaThunderbird-translations-common: before 128.10.1-150200.8.215.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_workstation_extension_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_package_hub_15:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:mozillathunderbird-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillathunderbird:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillathunderbird-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillathunderbird-translations-other:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillathunderbird-translations-common:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202501660-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Information disclosure
EUVDB-ID: #VU109193
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-3932
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to incorrect handling of tracking links. A remote attacker can create a specially crafted email message that showed a tracking link as an attachment. If the user attempted to open the attachment, Thunderbird automatically accessed the link.
MitigationUpdate the affected package MozillaThunderbird to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Workstation Extension 15: SP6
SUSE Package Hub 15: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
SUSE Linux Enterprise Desktop 15: SP6
MozillaThunderbird-debugsource: before 128.10.1-150200.8.215.1
MozillaThunderbird: before 128.10.1-150200.8.215.1
MozillaThunderbird-debuginfo: before 128.10.1-150200.8.215.1
MozillaThunderbird-translations-other: before 128.10.1-150200.8.215.1
MozillaThunderbird-translations-common: before 128.10.1-150200.8.215.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_workstation_extension_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_package_hub_15:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_desktop_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:mozillathunderbird-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillathunderbird:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillathunderbird-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillathunderbird-translations-other:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:mozillathunderbird-translations-common:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2025/suse-su-202501660-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
