thunderbird-128.12.0-1.el8_10.ML.1
エラータID: AXSA:2025-10437:13
リリース日:
2025/07/11 Friday - 15:01
題名:
thunderbird-128.12.0-1.el8_10.ML.1
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
Mozilla Thunderbird is a standalone mail and newsgroup client.
Security Fix(es):
thunderbird: Unsolicited File Download, Disk Space Exhaustion, and
Credential Leakage via mailbox:/// Links (CVE-2025-5986)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.
CVE(s):
CVE-2025-5986
解決策:
Update packages.
CVE:
CVE-2025-5986
A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. This behavior can be abused to fill the disk with garbage data (e.g. using /dev/urandom on Linux) or to leak Windows credentials via SMB links when the email is viewed in HTML mode. While user interaction is required to download the .pdf file, visual obfuscation can conceal the download trigger. Viewing the email in HTML mode is enough to load external content. This vulnerability affects Thunderbird < 128.11.1 and Thunderbird < 139.0.2.
A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. This behavior can be abused to fill the disk with garbage data (e.g. using /dev/urandom on Linux) or to leak Windows credentials via SMB links when the email is viewed in HTML mode. While user interaction is required to download the .pdf file, visual obfuscation can conceal the download trigger. Viewing the email in HTML mode is enough to load external content. This vulnerability affects Thunderbird < 128.11.1 and Thunderbird < 139.0.2.
追加情報:
N/A
ダウンロード:
SRPMS
- thunderbird-128.12.0-1.el8_10.ML.1.src.rpm
MD5: 57a865ce9f2bac8db89d7c1505671f76
SHA-256: f600dc4523c96d1e1bad8a3a2dff54660a1fd86092b990513e2f321b862b4da6
Size: 853.51 MB
Asianux Server 8 for x86_64
- thunderbird-128.12.0-1.el8_10.ML.1.x86_64.rpm
MD5: b813e260181113d252d03e94a68ed414
SHA-256: 4ff9137f25c4f2edc6e8ede42554f307bad9c70e5839d1f1b103bda7810c7ac1
Size: 123.18 MB