CVE-2025-0510
Description
Thunderbird displayed an incorrect sender address if the From field of an email used the invalid group name syntax that is described in CVE-2024-49040. This vulnerability was fixed in Thunderbird 128.7 and Thunderbird 135.
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
0.376
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities are fixed in Mozilla Thunderbird (128.7.0) | Windows |
| Multiple vulnerabilities are fixed in Mozilla Thunderbird (x64) (128.7.0) | Windows |
| Vulnerabilities CVE-2025-0510,CVE-2025-1015 are affected in Mozilla Thunderbird 128.6.99 | Windows |
| Vulnerabilities CVE-2025-0510 are affected in Mozilla Thunderbird 134.99 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Thunderbird 128.6.99 | Windows |
| Multiple Vulnerabilities are affected in Mozilla Thunderbird 134.99 | Windows |
| Multiple vulnerabilities are fixed in Mozilla Thunderbird For Mac (128.7.0) | Mac |
| Multiple vulnerabilities are fixed in Mozilla Thunderbird For Mac (128.7.1) | Mac |
| Multiple vulnerabilities are fixed in Mozilla Thunderbird For Mac 135 | Mac |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-en-ca_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-en-gb_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-es-ar_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-es-es_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-es-mx_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-et_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-eu_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-hu_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-fr_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-fy-nl_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-ga-ie_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-gd_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-gl_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-he_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-hr_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-hsb_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-fi_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird_128.7.0esr-1~deb12u1_amd64.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird_128.7.0esr-1~deb12u1_i386.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-af_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-all_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-ar_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-ast_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-be_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-el_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-br_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-ca_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-cak_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-cs_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-cy_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-da_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-de_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-dsb_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-bg_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-pt-br_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-pt-pt_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-rm_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-ro_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-ru_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-sk_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-sl_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-pl_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-sr_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-sv-se_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-th_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-tr_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-uk_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-uz_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-vi_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-zh-cn_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-sq_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-zh-tw_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-id_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-is_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-it_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-ja_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-ka_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-kab_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-kk_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-ko_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-lt_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-lv_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-ms_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-nb-no_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-nl_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-nn-no_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-hy-am_128.7.0esr-1~deb12u1_all.deb | Linux |
| thunderbird security update(DSA-5860-1) thunderbird-l10n-pa-in_128.7.0esr-1~deb12u1_all.deb | Linux |
| Thunderbird update (ELSA-2025-1184) thunderbird-128.7.0-1.0.1.el9_5.x86_64.rpm | Linux |
| (RHSA-2025:1184)Important: security update thunderbird-128.7.0-1.el9_5.x86_64.rpm | Linux |
| Thunderbird update (ELSA-2025-1292) thunderbird-128.7.0-1.0.1.el8_10.x86_64.rpm | Linux |
| (RHSA-2025:1292)Important: security update thunderbird-128.7.0-1.el8_10.x86_64.rpm | Linux |
| thunderbird security update (RLSA-2025:1292) thunderbird-128.7.0-1.el8_10.x86_64.rpm | Linux |
| thunderbird Security Update (ALAS-2025-2765) thunderbird-128.7.0-1.amzn2.0.1.x86_64.rpm | Linux |
| thunderbird Security Update (ALAS-2025-2789) thunderbird-128.7.0-1.amzn2.0.2.x86_64.rpm | Linux |
| Mozilla Open Source mail and newsgroup client (USN-7663-1) USN-7663-1 thunderbird_128.12.0+build1-0ubuntu0.22.04.1_amd64.deb | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-345122 | Mozilla Thunderbird (128.7.0) |
| PATCH-345123 | Mozilla Thunderbird (x64) (128.7.0) |
| PATCH-611353 | Mozilla Thunderbird For Mac (128.12.0) |
| PATCH-611353 | Mozilla Thunderbird For Mac (128.12.0) |
| PATCH-611807 | Mozilla Thunderbird For Mac (142.0) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234