CVSS: 6.5EPSS: 0%CPEs: 23EXPL: 0CVE-2025-3909 – thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link
https://notcve.org/view.php?id=CVE-2025-3909
14 May 2025 — Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment (message/rfc822) and setting its content type to application/pdf, Thunderbird may incorrectly render it as HTML when opened, allowing the embedded JavaScript to run without requiring a file download. This behavior relies on Thunderbird auto-saving the attachment to /tmp and linking to it via the file:/// protocol, potentially enabling Ja... • https://bugzilla.mozilla.org/show_bug.cgi?id=1958376 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 0CVE-2025-3875 – thunderbird: Sender Spoofing via Malformed From Header in Thunderbird
https://notcve.org/view.php?id=CVE-2025-3875
14 May 2025 — Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From address to be used. For example, if the From header contains an (invalid) value "Spoofed Name ", Thunderbird treats spoofed@example.com as the actual address. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1. The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird parses addresses in a way that can allow sender spoofing in case the server all... • https://bugzilla.mozilla.org/show_bug.cgi?id=1950629 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2025-27587 – openSUSE Security Advisory - openSUSE-SU-2025:15183-1
https://notcve.org/view.php?id=CVE-2025-27587
14 May 2025 — OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extracti... • https://github.com/openssl/openssl/issues/24253 • CWE-385: Covert Timing Channel •
CVSS: 6.2EPSS: 0%CPEs: 12EXPL: 0CVE-2025-4382 – Grub2: grub allow access to encrypted device through cli once root device is unlocked via tpm
https://notcve.org/view.php?id=CVE-2025-4382
09 May 2025 — A flaw was found in systems utilizing LUKS-encrypted disks with GRUB configured for TPM-based auto-decryption. When GRUB is set to automatically decrypt disks using keys stored in the TPM, it reads the decryption key into system memory. If an attacker with physical access can corrupt the underlying filesystem superblock, GRUB will fail to locate a valid filesystem and enter rescue mode. At this point, the disk is already decrypted, and the decryption key remains loaded in system memory. This scenario may al... • https://access.redhat.com/security/cve/CVE-2025-4382 • CWE-306: Missing Authentication for Critical Function •
CVSS: 4.8EPSS: 0%CPEs: 27EXPL: 0CVE-2025-4373 – Glib: buffer underflow on glib through glib/gstring.c via function g_string_insert_unichar
https://notcve.org/view.php?id=CVE-2025-4373
06 May 2025 — A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite. It was discovered that Glib incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. • https://access.redhat.com/security/cve/CVE-2025-4373 • CWE-124: Buffer Underwrite ('Buffer Underflow') •
CVSS: 7.8EPSS: 0%CPEs: 28EXPL: 0CVE-2025-3891 – Mod_auth_openidc: dos via empty post in mod_auth_openidc with oidcpreservepost enabled
https://notcve.org/view.php?id=CVE-2025-3891
29 Apr 2025 — A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability. An update for the mod_auth_openidc:2.3 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise ... • https://access.redhat.com/security/cve/CVE-2025-3891 • CWE-248: Uncaught Exception •
CVSS: 9.0EPSS: 0%CPEs: 29EXPL: 0CVE-2025-32911 – Libsoup: double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" ghashtable value
https://notcve.org/view.php?id=CVE-2025-32911
15 Apr 2025 — A flaw was found in libsoup, which is vulnerable to a use-after-free memory issue not on the heap in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server. A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server. This update for libsoup fixes the following is... • https://access.redhat.com/security/cve/CVE-2025-32911 • CWE-590: Free of Memory not on the Heap •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2025-2830 – thunderbird: Information Disclosure of /tmp directory listing
https://notcve.org/view.php?id=CVE-2025-2830
15 Apr 2025 — By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a new message. This vulnerability could allow attackers to disclose sensitive information from the victim's system. This vulnerability is not limited to Linux; similar behavior has been observed on Windows as well. This vulnerability affects Thunderbird < 137.0.2 and Thunderbird < 128.9.2. Multiple security issues ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1956379 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0CVE-2025-3522 – thunderbird: Leak of hashed Window credentials via crafted attachment URL
https://notcve.org/view.php?id=CVE-2025-3522
15 Apr 2025 — Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an email is opened, Thunderbird accesses the specified URL to determine file size, and navigates to it when the user clicks the attachment. Because the URL is not validated or sanitized, it can reference internal resources like chrome:// or SMB share file:// links, potentially leading to hashed Windows credential leakage and opening the door to more serious security issues. This vuln... • https://bugzilla.mozilla.org/show_bug.cgi?id=1955372 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') CWE-1220: Insufficient Granularity of Access Control •
CVSS: 7.8EPSS: 0%CPEs: 30EXPL: 0CVE-2025-32914 – Libsoup: oob read on libsoup through function "soup_multipart_new_from_message" in soup-multipart.c leads to crash or exit of process
https://notcve.org/view.php?id=CVE-2025-32914
14 Apr 2025 — A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds. This update for libsoup fixes the following issues. Fixed heap buffer over-read in 'skip_insignificant_space' when sniffing conten. Fixed integer overflow in append_param_quoted. • https://access.redhat.com/errata/RHSA-2025:7505 • CWE-125: Out-of-bounds Read •