CVE-2025-3875 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2025-3875 Interim 1 10 2025-06-12T23:18:57Z current 2025-05-15T23:15:36Z 2025-06-12T23:18:57Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2025-3875 Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From address to be used. For example, if the From header contains an (invalid) value "Spoofed Name ", Thunderbird treats spoofed@example.com as the actual address. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/suse-liberty-linux-updates/2025-June/001550.html E-Mail link for RHSA-2025:8203 https://lists.suse.com/pipermail/suse-liberty-linux-updates/2025-June/001647.html E-Mail link for RHSA-2025:8756 https://lists.suse.com/pipermail/sle-updates/2025-May/039318.html E-Mail link for SUSE-SU-2025:01660-1 https://lists.suse.com/pipermail/sle-updates/2025-May/039396.html E-Mail link for SUSE-SU-2025:01660-2 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DSFDWDAINA2OZWCXINCXQQLCGCNKIVEK/ E-Mail link for openSUSE-SU-2025:15131-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Liberty Linux 8 SUSE Liberty Linux 9 SUSE Linux Enterprise Workstation Extension 15 SP6 SUSE Linux Enterprise Workstation Extension 15 SP7 SUSE Linux Enterprise Module for Package Hub 15 SP6 SUSE Linux Enterprise Module for Package Hub 15 SP7 SUSE Linux Enterprise Workstation Extension 15 SP6 SUSE Linux Enterprise Workstation Extension 15 SP7 SUSE Linux Enterprise Workstation Extension 15 SP6 SUSE Linux Enterprise Workstation Extension 15 SP7 openSUSE Leap 15.6 openSUSE Tumbleweed MozillaThunderbird-128.10.1-1.1 MozillaThunderbird-128.10.1-150200.8.215.1 MozillaThunderbird-openpgp-librnp-128.10.1-1.1 MozillaThunderbird-translations-common-128.10.1-1.1 MozillaThunderbird-translations-common-128.10.1-150200.8.215.1 MozillaThunderbird-translations-other-128.10.1-1.1 MozillaThunderbird-translations-other-128.10.1-150200.8.215.1 thunderbird-128.10.1-1.el9_6 thunderbird-128.11.0-1.el8_10 thunderbird-128.11.0-1.el8_10 as a component of SUSE Liberty Linux 8 thunderbird-128.10.1-1.el9_6 as a component of SUSE Liberty Linux 9 MozillaThunderbird-128.10.1-150200.8.215.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 MozillaThunderbird-translations-common-128.10.1-150200.8.215.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 MozillaThunderbird-translations-other-128.10.1-150200.8.215.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 MozillaThunderbird-128.10.1-150200.8.215.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 MozillaThunderbird-translations-common-128.10.1-150200.8.215.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 MozillaThunderbird-translations-other-128.10.1-150200.8.215.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 MozillaThunderbird-128.10.1-150200.8.215.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP6 MozillaThunderbird-translations-common-128.10.1-150200.8.215.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP6 MozillaThunderbird-translations-other-128.10.1-150200.8.215.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP6 MozillaThunderbird-128.10.1-150200.8.215.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP7 MozillaThunderbird-translations-common-128.10.1-150200.8.215.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP7 MozillaThunderbird-translations-other-128.10.1-150200.8.215.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP7 MozillaThunderbird-128.10.1-150200.8.215.1 as a component of openSUSE Leap 15.6 MozillaThunderbird-translations-common-128.10.1-150200.8.215.1 as a component of openSUSE Leap 15.6 MozillaThunderbird-translations-other-128.10.1-150200.8.215.1 as a component of openSUSE Leap 15.6 MozillaThunderbird-128.10.1-1.1 as a component of openSUSE Tumbleweed MozillaThunderbird-openpgp-librnp-128.10.1-1.1 as a component of openSUSE Tumbleweed MozillaThunderbird-translations-common-128.10.1-1.1 as a component of openSUSE Tumbleweed MozillaThunderbird-translations-other-128.10.1-1.1 as a component of openSUSE Tumbleweed Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From address to be used. For example, if the From header contains an (invalid) value "Spoofed Name ", Thunderbird treats spoofed@example.com as the actual address. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1. CVE-2025-3875 SUSE Liberty Linux 8:thunderbird-128.11.0-1.el8_10 SUSE Liberty Linux 9:thunderbird-128.10.1-1.el9_6 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.10.1-150200.8.215.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.10.1-150200.8.215.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.10.1-150200.8.215.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-128.10.1-150200.8.215.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-128.10.1-150200.8.215.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-128.10.1-150200.8.215.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-128.10.1-150200.8.215.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-128.10.1-150200.8.215.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-128.10.1-150200.8.215.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-128.10.1-150200.8.215.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-128.10.1-150200.8.215.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-128.10.1-150200.8.215.1 openSUSE Leap 15.6:MozillaThunderbird-128.10.1-150200.8.215.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.10.1-150200.8.215.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.10.1-150200.8.215.1 openSUSE Tumbleweed:MozillaThunderbird-128.10.1-1.1 openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.10.1-1.1 openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.10.1-1.1 openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.10.1-1.1 important