Primary

Context

Mozilla Thunderbird Unsanitized Address Book URI Fields Vulnerability

Vulnerability

Patched

A vulnerability exists in Mozilla Thunderbird versions prior to 128.7 and in the 134 series, where the Address Book URI fields contained unsanitized links. This flaw could allow an attacker to create and export an address book with a malicious payload embedded in a field, such as the 'Other' field in the Instant Messaging section. If another user imported this address book and clicked on the link, it could open a web page within Thunderbird that executes unprivileged JavaScript.

Impact

Exploitation of this vulnerability could lead to the execution of unprivileged JavaScript in Thunderbird.

Remediation

Users can upgrade to Thunderbird 128.7 or 135 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

1.7

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.6

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

1.7

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.6

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mozilla Thunderbird Unsanitized Address Book URI Fields Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Mozilla Thunderbird

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating