CVE-2025-3877 - Vulnerability Details

This CVE was marked as fixed, but due to other code landing - was not actually fixed. It was subsequently fixed in CVE-2025-5986.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Enterprise Linux Rhel Aus Rhel E4s Rhel Eus Rhel Tus

No data.

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 10
thunderbird-0:128.10.1-1.el10_0	cpe:/o:redhat:enterprise_linux:10.0	RHSA-2025:8196	2025-05-27T00:00:00Z
Red Hat Enterprise Linux 8
thunderbird-0:128.11.0-1.el8_10	cpe:/a:redhat:enterprise_linux:8	RHSA-2025:8756	2025-06-10T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support
thunderbird-0:128.10.1-1.el8_2	cpe:/a:redhat:rhel_aus:8.2	RHSA-2025:8391	2025-06-02T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
thunderbird-0:128.10.1-1.el8_4	cpe:/a:redhat:rhel_aus:8.4	RHSA-2025:8507	2025-06-04T00:00:00Z
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
thunderbird-0:128.10.1-1.el8_6	cpe:/a:redhat:rhel_aus:8.6	RHSA-2025:8594	2025-06-05T00:00:00Z
Red Hat Enterprise Linux 8.6 Telecommunications Update Service
thunderbird-0:128.10.1-1.el8_6	cpe:/a:redhat:rhel_tus:8.6	RHSA-2025:8594	2025-06-05T00:00:00Z
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
thunderbird-0:128.10.1-1.el8_6	cpe:/a:redhat:rhel_e4s:8.6	RHSA-2025:8594	2025-06-05T00:00:00Z
Red Hat Enterprise Linux 8.8 Telecommunications Update Service
thunderbird-0:128.10.1-1.el8_8	cpe:/a:redhat:rhel_tus:8.8	RHSA-2025:8784	2025-06-10T00:00:00Z
Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
thunderbird-0:128.10.1-1.el8_8	cpe:/a:redhat:rhel_e4s:8.8	RHSA-2025:8784	2025-06-10T00:00:00Z
Red Hat Enterprise Linux 9
thunderbird-0:128.10.1-1.el9_6	cpe:/a:redhat:enterprise_linux:9	RHSA-2025:8203	2025-05-27T00:00:00Z
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
thunderbird-0:128.10.1-1.el9_0	cpe:/a:redhat:rhel_e4s:9.0	RHSA-2025:8324	2025-05-29T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
thunderbird-0:128.10.1-1.el9_2	cpe:/a:redhat:rhel_eus:9.2	RHSA-2025:8326	2025-05-29T00:00:00Z
Red Hat Enterprise Linux 9.4 Extended Update Support
thunderbird-0:128.10.1-1.el9_4	cpe:/a:redhat:rhel_eus:9.4	RHSA-2025:8325	2025-05-29T00:00:00Z

References

Link	Providers
https://nvd.nist.gov/vuln/detail/CVE-2025-3877
https://www.cve.org/CVERecord?id=CVE-2025-3877
https://www.mozilla.org/en-US/security/advisories/mfsa2025-34/#CVE-2025-3877

History

Wed, 18 Jun 2025 16:00:00 +0000

Type	Values Removed	Values Added
Metrics	threat_severity `Important`	threat_severity `None`

Wed, 11 Jun 2025 14:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:8 cpe:/a:redhat:rhel_e4s:8.8 cpe:/a:redhat:rhel_tus:8.8

Wed, 11 Jun 2025 13:30:00 +0000

Type	Values Removed	Values Added
CPEs	cpe:2.3:a:mozilla:thunderbird::::::::
Vendors & Products	Mozilla Mozilla thunderbird
References	https://bugzilla.mozilla.org/show_bug.cgi?id=1958580 https://www.mozilla.org/security/advisories/mfsa2025-34/ https://www.mozilla.org/security/advisories/mfsa2025-35/

Wed, 11 Jun 2025 13:15:00 +0000

Type	Values Removed	Values Added
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 11 Jun 2025 12:30:00 +0000

Type	Values Removed	Values Added
Description	A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. This behavior can be abused to fill the disk with garbage data (e.g. using /dev/urandom on Linux) or to leak Windows credentials via SMB links when the email is viewed in HTML mode. While user interaction is required to download the .pdf file, visual obfuscation can conceal the download trigger. Viewing the email in HTML mode is enough to load external content. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1.	This CVE was marked as fixed, but due to other code landing - was not actually fixed. It was subsequently fixed in CVE-2025-5986.

Fri, 06 Jun 2025 22:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Tus
CPEs		cpe:/a:redhat:rhel_aus:8.4 cpe:/a:redhat:rhel_aus:8.6 cpe:/a:redhat:rhel_e4s:8.6 cpe:/a:redhat:rhel_tus:8.6
Vendors & Products		Redhat rhel Tus

Thu, 05 Jun 2025 14:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Mozilla Mozilla thunderbird
CPEs		cpe:2.3:a:mozilla:thunderbird::::::::
Vendors & Products		Mozilla Mozilla thunderbird

Tue, 03 Jun 2025 06:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Aus
CPEs		cpe:/a:redhat:rhel_aus:8.2
Vendors & Products		Redhat rhel Aus

Sat, 31 May 2025 00:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel E4s Redhat rhel Eus
CPEs		cpe:/a:redhat:rhel_e4s:9.0 cpe:/a:redhat:rhel_eus:9.2 cpe:/a:redhat:rhel_eus:9.4
Vendors & Products		Redhat rhel E4s Redhat rhel Eus

Wed, 28 May 2025 14:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:9 cpe:/o:redhat:enterprise_linux:10.0
Vendors & Products		Redhat Redhat enterprise Linux

Wed, 21 May 2025 03:00:00 +0000

Type	Values Removed	Values Added
References		https://www.mozilla.org/en-US/security/advisories/mfsa2025-34/#CVE-2025-3877

Fri, 16 May 2025 15:00:00 +0000

Type	Values Removed	Values Added
Title		thunderbird: Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links
References		https://nvd.nist.gov/vuln/detail/CVE-2025-3877 https://www.cve.org/CVERecord?id=CVE-2025-3877
Metrics	threat_severity `None`	threat_severity `Important`

Thu, 15 May 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}`	cvssV3_1 `{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L'}`

Thu, 15 May 2025 15:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-200
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 14 May 2025 17:15:00 +0000

Type	Values Removed	Values Added
Description		A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. This behavior can be abused to fill the disk with garbage data (e.g. using /dev/urandom on Linux) or to leak Windows credentials via SMB links when the email is viewed in HTML mode. While user interaction is required to download the .pdf file, visual obfuscation can conceal the download trigger. Viewing the email in HTML mode is enough to load external content. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1.
References		https://bugzilla.mozilla.org/show_bug.cgi?id=1958580 https://www.mozilla.org/security/advisories/mfsa2025-34/ https://www.mozilla.org/security/advisories/mfsa2025-35/

MITRE

Status: REJECTED

Assigner: mozilla

Published: 2025-05-14T16:56:43.402Z

Updated: 2025-06-11T12:10:53.177Z

Reserved: 2025-04-22T17:02:56.161Z

Link: CVE-2025-3877

Vulnrichment

Updated:

NVD

Status : Rejected

Published: 2025-05-14T17:15:48.567

Modified: 2025-06-11T13:15:24.007

Link: CVE-2025-3877

Redhat

Severity :

Publid Date: 2025-05-14T16:56:43Z

Links: CVE-2025-3877 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact Low

User Interaction Required

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object