vulnerability
Ubuntu: USN-7991-1 (CVE-2025-4089): Thunderbird vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:L/AC:L/Au:N/C:P/I:P/A:N) | Apr 29, 2025 | Jun 26, 2025 | Feb 4, 2026 |
Severity
4
CVSS
(AV:L/AC:L/Au:N/C:P/I:P/A:N)
Published
Apr 29, 2025
Added
Jun 26, 2025
Modified
Feb 4, 2026
Description
Due to insufficient escaping of special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability affects Firefox < 138 and Thunderbird < 138.
Solution
ubuntu-upgrade-thunderbird
References
- CVE-2025-4089
- https://attackerkb.com/topics/CVE-2025-4089
- CWE-77
- UBUNTU-USN-7991-1
- URL-https://bugzilla.mozilla.org/buglist.cgi?bug_id=1949994%2C1956698%2C1960198
- URL-https://www.cve.org/CVERecord?id=CVE-2025-4089
- URL-https://www.mozilla.org/en-US/security/advisories/mfsa2025-28/#CVE-2025-4089
- URL-https://www.mozilla.org/security/advisories/mfsa2025-28/
- URL-https://www.mozilla.org/security/advisories/mfsa2025-31/
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.