6.5
CVE-2025-4086 - Specially crafted filename could be used to obscure download type
A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. *This bug only affects Thunderbird for Android. Other versions of Thunderbird are unaffected.*. This vulnerability was fixed in Firefox 138 β¦
7.1
CVE-2025-4085 - Potential information leakage and privilege escalation in UITour actor
An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. This vulnerability was fixed in Firefox 138 and Thunderbird 138.
5.7
CVE-2025-4084 - Potential local code execution in "copy as cURL" command
Due to insufficient escaping of the special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. *This bug only affects Firefox for Windows. Other versions of Firefox are unaffected.*. Thiβ¦
9.1
CVE-2025-4083 - Process isolation bypass using "javascript:" URI links in cross-origin frames
A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape. This vulnerability was fixed in Firefox 138, Firefox ESβ¦
5.9
CVE-2025-4082 - WebGL shader attribute memory corruption in Thunderbird for macOS
Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges. *This bug only affects Thunderbird for macOS. Other versions of Thunderbird are unaffected.*. This vulnerability was fixed in Fβ¦
8.8
CVE-2025-2817 - Privilege escalation in Thunderbird Updater
Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations oβ¦
4.8
CVE-2025-4061 - code-projects Clothing Store Management System add_item stack-based overflow
A vulnerability, which was classified as critical, was found in code-projects Clothing Store Management System up to 1.0. Affected is the function add_item. The manipulation of the argument st.productname leads to stack-based buffer overflow. Attacking locally is a requirement. The exploit has beenβ¦
6.9
CVE-2025-4060 - PHPGurukul Notice Board System category.php sql injection
A vulnerability, which was classified as critical, has been found in PHPGurukul Notice Board System 1.0. This issue affects some unknown processing of the file /category.php. The manipulation of the argument catname leads to sql injection. The attack may be initiated remotely. The exploit has been β¦
4.8
CVE-2025-4059 - code-projects Prison Management System Prison_Mgmt_Sys addrecord stack-based overflow
A vulnerability classified as critical was found in code-projects Prison Management System 1.0. This vulnerability affects the function addrecord of the component Prison_Mgmt_Sys. The manipulation of the argument filename leads to stack-based buffer overflow. An attack has to be approached locally.β¦
7.5
CVE-2025-3891 - Mod_auth_openidc: dos via empty post in mod_auth_openidc with oidcpreservepost enabled
A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability.