HTML Email Trigger Leading to Unsolicited File Downloads in Thunderbird
CVE-2025-5986

6.5MEDIUM

Key Information:

Vendor: Mozilla
Status: Thunderbird
Vendor: CVE Published:; 11 June 2025

What is CVE-2025-5986?

An exploited vulnerability within Thunderbird enables attackers to craft HTML emails that automatically prompt the download of PDF files to users' systems. This occurs even when auto-saving features are disabled, which poses a significant risk. Users could unintentionally accumulate vast amounts of unwanted data or expose sensitive information, such as Windows credentials, via SMB links simply by viewing HTML emails. The visual obfuscation of download triggers further complicates user awareness, making proactive security measures vital for organization and personal security.

Affected Version(s)

Thunderbird < 128.11.1

Thunderbird < 139.0.2

References

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1958580%2...

https://www.mozilla.org/security/advisories/mfsa2025-49/

https://www.mozilla.org/security/advisories/mfsa2025-50/

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 11, 2025
Vulnerability Reserved
Jun 10, 2025

Credit

Dario Weißer

Mozilla

What is CVE-2025-5986?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit