CVE-2025-0510

EPSS 0.56%
Veröffentlicht 04.02.2025 14:15:31
Zuletzt bearbeitet 13.04.2026 15:16:35
Quelle security@mozilla.org
CVE-Watchlists
Login
Unerledigt
Login

Address of e-mail sender can be spoofed by malicious email

Thunderbird displayed an incorrect sender address if the From field of an email used the invalid group name syntax that is described in CVE-2024-49040. This vulnerability was fixed in Thunderbird 128.7 and Thunderbird 135.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mozilla ≫ Thunderbird SwEditionesr Version >= 128.0.1 < 128.7.0

Mozilla ≫ Thunderbird SwEdition- Version >= 131.0 < 135.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.56%	0.683

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CWE-345 Insufficient Verification of Data Authenticity

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

https://www.mozilla.org/security/advisories/mfsa2025-10/

Vendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=1940570

Permissions Required

https://www.mozilla.org/security/advisories/mfsa2025-11/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-0510

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-0510

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-0510

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-0510