Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From address to be used. For example, if the From header contains an (invalid) value Spoofed Name , Thunderbird treats spoofed@example.com as the actual address. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1.
This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Red Hat Enterprise Linux 10 | RedHat | thunderbird-0:128.10.1-1.el10_0 | * |
Red Hat Enterprise Linux 8.2 Advanced Update Support | RedHat | thunderbird-0:128.10.1-1.el8_2 | * |
Red Hat Enterprise Linux 9 | RedHat | thunderbird-0:128.10.1-1.el9_6 | * |
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | RedHat | thunderbird-0:128.10.1-1.el9_0 | * |
Red Hat Enterprise Linux 9.2 Extended Update Support | RedHat | thunderbird-0:128.10.1-1.el9_2 | * |
Red Hat Enterprise Linux 9.4 Extended Update Support | RedHat | thunderbird-0:128.10.1-1.el9_4 | * |
Thunderbird | Ubuntu | focal | * |