CVE-2025-2830
MEDIUMThunderbird < 128.9.2 and 128.9.2-137.0.2 - Path Traversal and Information Disclosure via Malformed Attachment Filename
Title source: llmDescription
By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a new message. This vulnerability could allow attackers to disclose sensitive information from the victim's system. This vulnerability is not limited to Linux; similar behavior has been observed on Windows as well. This vulnerability was fixed in Thunderbird 137.0.2 and Thunderbird 128.9.2.
References (3)
Core 3
Core References
Permissions Required
https://bugzilla.mozilla.org/show_bug.cgi?id=1956379
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2025-26/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2025-27/
Scores
CVSS v3
6.3
EPSS
0.0010
EPSS Percentile
27.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-22
Status
published
Products (3)
mozilla/thunderbird
< 128.9.2
Mozilla/Thunderbird
128.9.2 - 128.*
Mozilla/Thunderbird
137.0.2
Published
Apr 15, 2025
Tracked Since
Feb 18, 2026