CVE-2025-1015

EPSS 23.77%
Veröffentlicht 04.02.2025 14:15:32
Zuletzt bearbeitet 13.04.2026 15:16:50
Quelle security@mozilla.org
CVE-Watchlists
Login
Unerledigt
Login

Unsanitized address book fields

The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For example, in the “Other” field of the Instant Messaging section. If another user imported the address book, clicking on the link could result in opening a web page inside Thunderbird, and that page could execute (unprivileged) JavaScript. This vulnerability was fixed in Thunderbird 128.7 and Thunderbird 135.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mozilla ≫ Thunderbird SwEditionesr Version >= 128.0.1 < 128.7.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	23.77%	0.96

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.4	2.8	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.4	2.8	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://www.mozilla.org/security/advisories/mfsa2025-10/

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2025-11/

https://bugzilla.mozilla.org/show_bug.cgi?id=1939458

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2025-1015

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-1015

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-1015

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-1015