vulnerability

Amazon Linux AMI 2: CVE-2025-3523: Security patch for thunderbird (ALAS-2025-2858)

Severity
7
CVSS
(AV:N/AC:H/Au:N/C:P/I:C/A:P)
Published
Apr 15, 2025
Added
May 30, 2025
Modified
May 30, 2025

Description

When an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL header, only the last link is shown when hovering over any attachment. Although the correct link is used on click, the misleading hover text could trick users into downloading content from untrusted sources. This vulnerability affects Thunderbird

Solution(s)

amazon-linux-ami-2-upgrade-thunderbirdamazon-linux-ami-2-upgrade-thunderbird-debuginfo
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.