Email Spoofing Vulnerability in Mozilla Thunderbird Software
CVE-2025-0510

6.5MEDIUM

Key Information:

Vendor: Mozilla
Status: Thunderbird
Vendor: CVE Published:; 4 February 2025

Summary

A vulnerability has been identified in Mozilla Thunderbird where an incorrect sender address can be displayed if the From field of an email utilizes improper group name syntax. This issue impacts versions of Thunderbird prior to 128.7 and 135, potentially misleading users by obscuring the true origin of an email. Such email spoofing can lead to phishing attempts and unauthorized access to sensitive information, emphasizing the importance of utilizing updated software to mitigate security risks.

Affected Version(s)

Thunderbird < 128.7

Thunderbird < 135

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1940570

https://www.mozilla.org/security/advisories/mfsa2025-10/

https://www.mozilla.org/security/advisories/mfsa2025-11/

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 4, 2025
Vulnerability Reserved
Jan 15, 2025

Credit

Fabian Densborn