Primary

Context

Mozilla Thunderbird Sender Address Spoofing Vulnerability

Vulnerability

Patched

A vulnerability in Mozilla Thunderbird allows for the spoofing of sender addresses in emails. This issue arises when the From field uses an invalid group name syntax, as detailed in CVE-2024-49040. The vulnerability is present in Thunderbird versions prior to 128.7 and prior to 135.

Impact

Exploitation of this vulnerability can lead to the incorrect representation of sender addresses, potentially causing confusion or misrepresentation in email communications.

Remediation

Users can upgrade to Thunderbird 128.7 or Thunderbird 135 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

0.6

exploitability

4.7

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

0.6

exploitability

4.7

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mozilla Thunderbird Sender Address Spoofing Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Mozilla Thunderbird

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating