CVE-2025-5986

Medienbericht

EPSS 0.58%
Veröffentlicht 11.06.2025 12:07:50
Zuletzt bearbeitet 13.04.2026 15:17:05
Quelle security@mozilla.org
CVE-Watchlists
Login
Unerledigt
Login

Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links

A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. This behavior can be abused to fill the disk with garbage data (e.g. using /dev/urandom on Linux) or to leak Windows credentials via SMB links when the email is viewed in HTML mode. While user interaction is required to download the .pdf file, visual obfuscation can conceal the download trigger. Viewing the email in HTML mode is enough to load external content. This vulnerability was fixed in Thunderbird 128.11.1 and Thunderbird 139.0.2.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

NVD 2 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mozilla ≫ Thunderbird SwEdition- Version < 128.11.1

Mozilla ≫ Thunderbird SwEdition- Version >= 135.0 < 139.0.2

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.58%	0.689

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-451 User Interface (UI) Misrepresentation of Critical Information

The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks.

https://www.heise.de/news/Thunderbird-HTML-Mails-koennen-Zugangsdaten-verraten-Update-verfuegbar-10441439.html

Media Report

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1958580%2C1968012

Broken Link

https://www.mozilla.org/security/advisories/mfsa2025-49/

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2025-50/

Vendor Advisory

https://lists.debian.org/debian-lts-announce/2025/07/msg00002.html

https://nvd.nist.gov/vuln/detail/CVE-2025-5986

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-5986

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-5986

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-5986