Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-3875
PUBLISHED
More InfoOfficial Page
Assigner-mozilla
Assigner Org ID-f16b083a-5664-49f3-a51e-8d479e5ed7fe
View Known Exploited Vulnerability (KEV) details
Published At-14 May, 2025 | 16:56
Updated At-15 May, 2025 | 14:52
Rejected At-
▼CVE Numbering Authority (CNA)

Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From address to be used. For example, if the From header contains an (invalid) value "Spoofed Name ", Thunderbird treats spoofed@example.com as the actual address. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1.

Affected Products
Vendor
Mozilla CorporationMozilla
Product
Thunderbird
Versions
Affected
  • From unspecified before 128.10.1 (custom)
Vendor
Mozilla CorporationMozilla
Product
Thunderbird
Versions
Affected
  • From unspecified before 138.0.1 (custom)
Problem Types
TypeCWE IDDescription
textN/ASender Spoofing via Malformed From Header in Thunderbird
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
xh4vm
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://bugzilla.mozilla.org/show_bug.cgi?id=1950629
N/A
https://www.mozilla.org/security/advisories/mfsa2025-34/
N/A
https://www.mozilla.org/security/advisories/mfsa2025-35/
N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-290CWE-290 Authentication Bypass by Spoofing
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found