vulnerability
Amazon Linux AMI 2: CVE-2025-3523: Security patch for thunderbird (ALAS-2025-2858)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
7 | (AV:N/AC:H/Au:N/C:P/I:C/A:P) | Apr 15, 2025 | May 30, 2025 | May 30, 2025 |
Severity
7
CVSS
(AV:N/AC:H/Au:N/C:P/I:C/A:P)
Published
Apr 15, 2025
Added
May 30, 2025
Modified
May 30, 2025
Description
When an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL header, only the last link is shown when hovering over any attachment. Although the correct link is used on click, the misleading hover text could trick users into downloading content from untrusted sources. This vulnerability affects Thunderbird
Solution(s)
amazon-linux-ami-2-upgrade-thunderbirdamazon-linux-ami-2-upgrade-thunderbird-debuginfo

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.