Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-3522

Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an email is opened, Thunderbird accesses the specified URL to determine file size, and navigates to it when the user clicks the attachment. Because the URL is not validated or sanitized, it can reference internal resources like chrome:// or SMB share file:// links, potentially leading to hashed Windows credential leakage and opening the door to more serious security issues. This vulnerability affects Thunderbird < 137.0.2 and Thunderbird < 128.9.2.

Published

2025-04-15T15:16:09.877

Last Modified

2025-06-18T13:26:04.983

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-601

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mozilla	thunderbird	< 128.9.2	Yes
Application	mozilla	thunderbird	< 137.0.2	Yes

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1955372 Permissions Required ([email protected])
https://www.mozilla.org/security/advisories/mfsa2025-26/ Vendor Advisory ([email protected])
https://www.mozilla.org/security/advisories/mfsa2025-27/ Vendor Advisory ([email protected])