| Summary: | mail-client/thunderbird{-bin,}: multiple vulnerabilities | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Christopher Fore <csfore> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | CONFIRMED --- | ||
| Severity: | normal | CC: | mozilla |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://www.mozilla.org/en-US/security/advisories/mfsa2025-27/ | ||
| Whiteboard: | A2 [ebuild] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | |||
| Bug Blocks: | 953890 | ||
|
Description
Christopher Fore
2025-04-15 19:20:27 UTC
CVE-2025-2830: By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a new message. This vulnerability could allow attackers to disclose sensitive information from the victim's system. This vulnerability is not limited to Linux; similar behavior has been observed on Windows as well. CVE-2025-3523: When an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL header, only the last link is shown when hovering over any attachment. Although the correct link is used on click, the misleading hover text could trick users into downloading content from untrusted sources. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=15601c24816cf343e336e1a3a9510b2cfb7b3ced commit 15601c24816cf343e336e1a3a9510b2cfb7b3ced Author: Joonas Niilola <juippis@gentoo.org> AuthorDate: 2025-04-16 05:03:06 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2025-04-16 05:03:06 +0000 mail-client/thunderbird-bin: drop 137.0.1 Bug: https://bugs.gentoo.org/953892 Signed-off-by: Joonas Niilola <juippis@gentoo.org> mail-client/thunderbird-bin/Manifest | 66 ----- .../thunderbird-bin/thunderbird-bin-137.0.1.ebuild | 279 --------------------- 2 files changed, 345 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1f7d97dfe1d6e75b4d391018a2aa5d5edd1a9cb6 commit 1f7d97dfe1d6e75b4d391018a2aa5d5edd1a9cb6 Author: Joonas Niilola <juippis@gentoo.org> AuthorDate: 2025-04-16 05:03:00 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2025-04-16 05:03:00 +0000 mail-client/thunderbird-bin: add 137.0.2 Bug: https://bugs.gentoo.org/953892 Signed-off-by: Joonas Niilola <juippis@gentoo.org> mail-client/thunderbird-bin/Manifest | 66 +++++ .../thunderbird-bin/thunderbird-bin-137.0.2.ebuild | 279 +++++++++++++++++++++ 2 files changed, 345 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4a926e0cbcf4d722efe98c64aeb4774c73534c8f commit 4a926e0cbcf4d722efe98c64aeb4774c73534c8f Author: Joonas Niilola <juippis@gentoo.org> AuthorDate: 2025-04-16 10:43:46 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2025-04-16 10:44:13 +0000 mail-client/thunderbird: add 137.0.2 Bug: https://bugs.gentoo.org/953892 Signed-off-by: Joonas Niilola <juippis@gentoo.org> mail-client/thunderbird/Manifest | 66 ++ mail-client/thunderbird/thunderbird-137.0.2.ebuild | 1157 ++++++++++++++++++++ 2 files changed, 1223 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7bd781d38cffb918546ca511c6999ff3863b462d commit 7bd781d38cffb918546ca511c6999ff3863b462d Author: Joonas Niilola <juippis@gentoo.org> AuthorDate: 2025-04-17 07:23:40 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2025-04-17 07:25:43 +0000 mail-client/thunderbird-bin: add 128.9.2 Bug: https://bugs.gentoo.org/953892 Signed-off-by: Joonas Niilola <juippis@gentoo.org> mail-client/thunderbird-bin/Manifest | 66 +++++ .../thunderbird-bin/thunderbird-bin-128.9.2.ebuild | 279 +++++++++++++++++++++ 2 files changed, 345 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=45cd025fc7dba50fea5c6008621e0d40c81b3025 commit 45cd025fc7dba50fea5c6008621e0d40c81b3025 Author: Joonas Niilola <juippis@gentoo.org> AuthorDate: 2025-04-17 07:23:16 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2025-04-17 07:25:43 +0000 mail-client/thunderbird: add 128.9.2 Bug: https://bugs.gentoo.org/953892 Signed-off-by: Joonas Niilola <juippis@gentoo.org> mail-client/thunderbird/Manifest | 65 ++ mail-client/thunderbird/thunderbird-128.9.2.ebuild | 1171 ++++++++++++++++++++ 2 files changed, 1236 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=39e141a550822813027aba517d0df3a9f0381aec commit 39e141a550822813027aba517d0df3a9f0381aec Author: Joonas Niilola <juippis@gentoo.org> AuthorDate: 2025-04-18 07:12:59 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2025-04-18 07:12:59 +0000 mail-client/thunderbird: stabilize 128.9.2 for amd64 Bug: https://bugs.gentoo.org/953892 Signed-off-by: Joonas Niilola <juippis@gentoo.org> mail-client/thunderbird/thunderbird-128.9.2.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) |
