Email Spoofing Vulnerability in Mozilla Thunderbird Software
CVE-2025-0510

Currently unrated

Key Information:

Vendor
Mozilla
Status
Thunderbird
Vendor
CVE Published:
4 February 2025

Summary

A vulnerability has been identified in Mozilla Thunderbird where an incorrect sender address can be displayed if the From field of an email utilizes improper group name syntax. This issue impacts versions of Thunderbird prior to 128.7 and 135, potentially misleading users by obscuring the true origin of an email. Such email spoofing can lead to phishing attempts and unauthorized access to sensitive information, emphasizing the importance of utilizing updated software to mitigate security risks.

Affected Version(s)

Thunderbird < 128.7

Thunderbird < 135

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1940570
https://www.mozilla.org/security/advisories/mfsa2025-10/
https://www.mozilla.org/security/advisories/mfsa2025-11/

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Fabian Densborn
.