{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-0510", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2025-01-15T21:26:50.144Z", "datePublished": "2025-02-04T13:58:55.320Z", "dateUpdated": "2026-04-13T14:30:38.919Z"}, "containers": {"cna": {"affected": [{"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "128.7", "lessThanOrEqual": "128.*", "versionType": "rpm"}, {"status": "unaffected", "version": "135", "lessThanOrEqual": "*", "versionType": "rpm"}]}], "descriptions": [{"lang": "en", "value": "Thunderbird displayed an incorrect sender address if the From field of an email used the invalid group name syntax that is described in CVE-2024-49040. This vulnerability was fixed in Thunderbird 128.7 and Thunderbird 135.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Thunderbird displayed an incorrect sender address if the From field of an email used the invalid group name syntax that is described in CVE-2024-49040. This vulnerability was fixed in Thunderbird 128.7 and Thunderbird 135."}]}], "title": "Address of e-mail sender can be spoofed by malicious email", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1940570"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-10/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-11/"}], "credits": [{"lang": "en", "value": "Fabian Densborn"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:30:38.919Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-345", "lang": "en", "description": "CWE-345 Insufficient Verification of Data Authenticity"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-02-06T21:01:31.786685Z", "id": "CVE-2025-0510", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-06T21:02:54.085Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-0510", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-06T21:01:31.786685Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-345", "description": "CWE-345 Insufficient Verification of Data Authenticity"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-06T21:02:47.727Z"}}], "cna": {"title": "Address of e-mail sender can be spoofed by malicious email", "credits": [{"lang": "en", "value": "Fabian Densborn"}], "affected": [{"vendor": "Mozilla", "product": "Thunderbird", "versions": [{"status": "unaffected", "version": "128.7", "versionType": "rpm", "lessThanOrEqual": "128.*"}, {"status": "unaffected", "version": "135", "versionType": "rpm", "lessThanOrEqual": "*"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1940570"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-10/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-11/"}], "descriptions": [{"lang": "en", "value": "Thunderbird displayed an incorrect sender address if the From field of an email used the invalid group name syntax that is described in CVE-2024-49040. This vulnerability was fixed in Thunderbird 128.7 and Thunderbird 135.", "supportingMedia": [{"type": "text/html", "value": "Thunderbird displayed an incorrect sender address if the From field of an email used the invalid group name syntax that is described in CVE-2024-49040. This vulnerability was fixed in Thunderbird 128.7 and Thunderbird 135.", "base64": false}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:30:38.919Z"}}}, "cveMetadata": {"cveId": "CVE-2025-0510", "state": "PUBLISHED", "dateUpdated": "2026-04-13T14:30:38.919Z", "dateReserved": "2025-01-15T21:26:50.144Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2025-02-04T13:58:55.320Z", "assignerShortName": "mozilla"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*", "matchCriteriaId": "0504330C-A82A-4E1E-9774-38CCB3DF8D92", "versionEndExcluding": "128.7.0", "versionStartIncluding": "128.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*", "matchCriteriaId": "B5DC3260-2056-4C30-BCBA-AD45537FF0F5", "versionEndExcluding": "135.0", "versionStartIncluding": "131.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Thunderbird displayed an incorrect sender address if the From field of an email used the invalid group name syntax that is described in CVE-2024-49040. This vulnerability was fixed in Thunderbird 128.7 and Thunderbird 135."}, {"lang": "es", "value": "Thunderbird mostraba una direcci\u00f3n de remitente incorrecta si el campo De de un correo electr\u00f3nico utilizaba la sintaxis de nombre de grupo no v\u00e1lida que se describe en CVE-2024-49040. Esta vulnerabilidad afecta a Thunderbird < 128.7 y Thunderbird < 135."}], "id": "CVE-2025-0510", "lastModified": "2026-04-13T15:16:35.363", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-02-04T14:15:31.550", "references": [{"source": "security@mozilla.org", "tags": ["Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1940570"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-10/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-11/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-345"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2025:1292", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "thunderbird-0:128.7.0-1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-02-11T00:00:00Z"}, {"advisory": "RHSA-2025:1348", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "thunderbird-0:128.7.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1339", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "thunderbird-0:128.7.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1339", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "thunderbird-0:128.7.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1339", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "thunderbird-0:128.7.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1341", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "thunderbird-0:128.7.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1341", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "thunderbird-0:128.7.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1341", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "thunderbird-0:128.7.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1340", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "thunderbird-0:128.7.0-1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1184", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "thunderbird-0:128.7.0-1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-02-10T00:00:00Z"}, {"advisory": "RHSA-2025:1319", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "thunderbird-0:128.7.0-1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-02-11T00:00:00Z"}, {"advisory": "RHSA-2025:1317", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "thunderbird-0:128.7.0-1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2025-02-11T00:00:00Z"}, {"advisory": "RHSA-2025:1318", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "thunderbird-0:128.7.0-1.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-02-11T00:00:00Z"}], "bugzilla": {"description": "thunderbird: Address of e-mail sender can be spoofed by malicious email", "id": "2343762", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2343762"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N", "status": "verified"}, "cwe": "CWE-451", "details": ["Thunderbird displayed an incorrect sender address if the From field of an email used the invalid group name syntax that is described in CVE-2024-49040. This vulnerability affects Thunderbird < 128.7 and Thunderbird < 135.", "A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird displayed an incorrect sender address if the From field of an email used the invalid group name syntax that is described in CVE-2024-49040."], "name": "CVE-2025-0510", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "thunderbird-flatpak-container", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "thunderbird-flatpak-container", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-02-04T13:58:55Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-0510\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-0510\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1940570\nhttps://www.mozilla.org/security/advisories/mfsa2025-10/\nhttps://www.mozilla.org/security/advisories/mfsa2025-11/"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "threat_severity": "Important"}

{"analysis": {"en": {"generated_at": "2026-04-20T23:52:47.751114+00:00", "value": {"mitigation_remediation": ["Upgrade Mozilla Thunderbird to version 128.7 or later, such as the 135 release, to apply the official fix.", "Configure your mail system or email client to reject or flag emails that contain malformed From headers so that potentially spoofed messages are identified before display.", "Maintain regular updates for all email clients and monitor message headers for suspicious patterns to ensure ongoing protection against similar spoofing techniques."], "summary": {"action": "Patch", "impact": "Email Spoofing"}, "threat_synthesis": {"affected_systems": "All Mozilla Thunderbird installations older than version 128.7 are affected, as the fix was applied in releases 128.7 and 135. No explicit operating system restrictions are listed, so the issue is present on all platforms supported by Thunderbird.", "description_and_impact": "Thunderbird will display an incorrect sender address when the From field uses an invalid group name syntax, allowing an attacker to spoof the return address of an email. The flaw is a result of improper validation of the From header and can be used to trick users into believing a message originates from a legitimate sender, potentially leading to phishing or social engineering attacks. This weakness is reflected in the CWE identifiers CWE-345 and CWE-451.", "risk_and_exploitability": "The CVSS score of 6.5 indicates a moderate impact. The EPSS score of < 1% shows a very low probability of exploitation, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, an attacker would need to send a crafted email containing a malformed From header to a user running an affected Thunderbird version, relying on the user to open or view the message. The lack of a known public exploit and the low exploitation probability suggest that the risk is moderate, but it remains advisable to apply the available patch promptly."}}}}, "created": "2026-04-21T00:00:13.385197+00:00", "updated": "2026-04-21T00:00:13.385218+00:00", "vendors": []}