vulnerability
Red Hat: CVE-2025-2830: thunderbird: Information Disclosure of /tmp directory listing (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:H/Au:N/C:C/I:N/A:N) | Apr 15, 2025 | Apr 29, 2025 | May 15, 2025 |
Severity
5
CVSS
(AV:N/AC:H/Au:N/C:C/I:N/A:N)
Published
Apr 15, 2025
Added
Apr 29, 2025
Modified
May 15, 2025
Description
By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a new message. This vulnerability could allow attackers to disclose sensitive information from the victim's system. This vulnerability is not limited to Linux; similar behavior has been observed on Windows as well. This vulnerability affects Thunderbird
Solution(s)
redhat-upgrade-thunderbirdredhat-upgrade-thunderbird-debuginforedhat-upgrade-thunderbird-debugsource
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.