UBUNTU-CVE-2025-3875

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2025-3875

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-3875.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-3875

Related

CVE-2025-3875

Published

2025-05-15T00:00:00Z

Modified

2025-05-15T16:37:19Z

Summary

[none]

Details

Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From address to be used. For example, if the From header contains an (invalid) value "Spoofed Name ", Thunderbird treats spoofed@example.com as the actual address. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1.

References

Affected packages

Ubuntu:20.04:LTS / thunderbird

Package

Name: thunderbird
Purl: pkg:deb/ubuntu/thunderbird@1:115.18.0+build1-0ubuntu0.20.04.1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:68.*

1:68.1.2+build1-0ubuntu1

1:68.1.2+build1-0ubuntu2

1:68.2.1+build1-0ubuntu1

1:68.2.2+build1-0ubuntu1

1:68.3.0+build2-0ubuntu1

1:68.3.1+build1-0ubuntu2

1:68.4.1+build1-0ubuntu1

1:68.4.2+build2-0ubuntu1

1:68.5.0+build1-0ubuntu1

1:68.6.0+build2-0ubuntu1

1:68.7.0+build1-0ubuntu1

1:68.7.0+build1-0ubuntu2

1:68.8.0+build2-0ubuntu0.20.04.2

1:68.10.0+build1-0ubuntu0.20.04.1

1:78.*

1:78.7.1+build1-0ubuntu0.20.04.1

1:78.8.1+build1-0ubuntu0.20.04.1

1:78.11.0+build1-0ubuntu0.20.04.2

1:78.13.0+build1-0ubuntu0.20.04.2

1:78.14.0+build1-0ubuntu0.20.04.1

1:78.14.0+build1-0ubuntu0.20.04.2

1:91.*

1:91.5.0+build1-0ubuntu0.20.04.1

1:91.7.0+build2-0ubuntu0.20.04.1

1:91.8.1+build1-0ubuntu0.20.04.1

1:91.9.1+build1-0ubuntu0.20.04.1

1:91.11.0+build2-0ubuntu0.20.04.1

1:102.*

1:102.2.2+build1-0ubuntu0.20.04.1

1:102.4.2+build2-0ubuntu0.20.04.1

1:102.7.1+build2-0ubuntu0.20.04.1

1:102.8.0+build2-0ubuntu0.20.04.1

1:102.9.0+build1-0ubuntu0.20.04.1

1:102.10.0+build2-0ubuntu0.20.04.1

1:102.11.0+build1-0ubuntu0.20.04.1

1:102.13.0+build1-0ubuntu0.20.04.1

1:102.15.0+build1-0ubuntu0.20.04.1

1:102.15.1+build1-0ubuntu0.20.04.1

1:115.*

1:115.3.1+build1-0ubuntu0.20.04.1

1:115.4.1+build1-0ubuntu0.20.04.1

1:115.5.0+build1-0ubuntu0.20.04.1

1:115.6.0+build2-0ubuntu0.20.04.1

1:115.8.1+build1-0ubuntu0.20.04.1

1:115.9.0+build1-0ubuntu0.20.04.1

1:115.10.1+build1-0ubuntu0.20.04.1

1:115.11.0+build2-0ubuntu0.20.04.1

1:115.12.0+build3-0ubuntu0.20.04.1

1:115.13.0+build5-0ubuntu0.20.04.1

1:115.15.0+build1-0ubuntu0.20.04.1

1:115.16.0+build2-0ubuntu0.20.04.1

1:115.18.0+build1-0ubuntu0.20.04.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / thunderbird

Package

Name: thunderbird
Purl: pkg:deb/ubuntu/thunderbird@1:115.18.0+build1-0ubuntu0.22.04.1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:91.*

1:91.1.2+build1-0ubuntu1

1:91.3.0+build2-0ubuntu1

1:91.3.1+build1-0ubuntu1

1:91.3.2+build1-0ubuntu1

1:91.4.0+build1.1-0ubuntu1

1:91.4.0+build2-0ubuntu1

1:91.5.0+build1-0ubuntu1

1:91.5.1+build1-0ubuntu1

1:91.6.1+build1-0ubuntu1

1:91.7.0+build1-0ubuntu1

1:91.7.0+build2-0ubuntu1

1:91.8.0+build2-0ubuntu1

1:91.9.1+build1-0ubuntu0.22.04.1

1:91.11.0+build2-0ubuntu0.22.04.1

1:102.*

1:102.2.2+build1-0ubuntu0.22.04.1

1:102.4.2+build2-0ubuntu0.22.04.1

1:102.7.1+build2-0ubuntu0.22.04.1

1:102.8.0+build2-0ubuntu0.22.04.1

1:102.9.0+build1-0ubuntu0.22.04.1

1:102.10.0+build2-0ubuntu0.22.04.1

1:102.11.0+build1-0ubuntu0.22.04.1

1:102.13.0+build1-0ubuntu0.22.04.1

1:102.15.0+build1-0ubuntu0.22.04.1

1:102.15.1+build1-0ubuntu0.22.04.1

1:115.*

1:115.3.1+build1-0ubuntu0.22.04.2

1:115.4.1+build1-0ubuntu0.22.04.1

1:115.5.0+build1-0ubuntu0.22.04.1

1:115.6.0+build2-0ubuntu0.22.04.1

1:115.8.1+build1-0ubuntu0.22.04.1

1:115.9.0+build1-0ubuntu0.22.04.1

1:115.10.1+build1-0ubuntu0.22.04.1

1:115.11.0+build2-0ubuntu0.22.04.1

1:115.12.0+build3-0ubuntu0.22.04.1

1:115.13.0+build5-0ubuntu0.22.04.1

1:115.15.0+build1-0ubuntu0.22.04.1

1:115.16.0+build2-0ubuntu0.22.04.1

1:115.18.0+build1-0ubuntu0.22.04.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / thunderbird

Package

Name: thunderbird
Purl: pkg:deb/ubuntu/thunderbird@2:1snap1-0ubuntu3?arch=source&distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

Other

2:1snap1-0ubuntu3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / thunderbird

Package

Name: thunderbird
Purl: pkg:deb/ubuntu/thunderbird@2:1snap1-0ubuntu3?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:115.*

1:115.3.1+build1-0ubuntu1

1:115.4.1+build1-0ubuntu1

1:115.4.3+build1-0ubuntu1

1:115.5.0+build1-0ubuntu1

1:115.5.1+build1-0ubuntu1

1:115.5.2+build2-0ubuntu1

1:115.6.0+build1-0ubuntu1

1:115.6.0+build2-0ubuntu1

1:115.6.1+build1-0ubuntu1

1:115.8.0+build1-0ubuntu1

1:115.8.1+build1+snap2

1:115.8.1+build1+snap3

Other

2:1snap1-0ubuntu1

2:1snap1-0ubuntu3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:25.04 / thunderbird

Package

Name: thunderbird
Purl: pkg:deb/ubuntu/thunderbird@2:1snap1-0ubuntu3?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

Other

2:1snap1-0ubuntu3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}