CVE-2025-5986

Media report

EPSS 0.07%
Published 11.06.2025 12:07:50
Last modified 02.07.2025 16:07:00
Source security@mozilla.org
Teams watchlist Login
Open Login

A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. This behavior can be abused to fill the disk with garbage data (e.g. using /dev/urandom on Linux) or to leak Windows credentials via SMB links when the email is viewed in HTML mode. While user interaction is required to download the .pdf file, visual obfuscation can conceal the download trigger. Viewing the email in HTML mode is enough to load external content. This vulnerability affects Thunderbird < 128.11.1 and Thunderbird < 139.0.2.

Affected products Warnungen 0 Metrics 2 CWE 1 References 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Mozilla ≫ Thunderbird SwEdition- Version < 128.11.1

Mozilla ≫ Thunderbird SwEdition- Version >= 135.0 < 139.0.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.07%	0.209

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-451 User Interface (UI) Misrepresentation of Critical Information

The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks.

https://www.heise.de/news/Thunderbird-HTML-Mails-koennen-Zugangsdaten-verraten-Update-verfuegbar-10441439.html

Medienbericht

heise Security

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1958580%2C1968012

Broken Link

https://www.mozilla.org/security/advisories/mfsa2025-49/

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2025-50/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-5986

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-5986

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-5986

EUVD