CVE-2025-3932 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2025-3932 Interim 1 10 2025-06-12T23:18:55Z current 2025-05-15T23:15:34Z 2025-06-12T23:18:55Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2025-3932 It was possible to craft an email that showed a tracking link as an attachment. If the user attempted to open the attachment, Thunderbird automatically accessed the link. The configuration to block remote content did not prevent that. Thunderbird has been fixed to no longer allow access to web pages listed in the X-Mozilla-External-Attachment-URL header of an email. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/suse-liberty-linux-updates/2025-June/001550.html E-Mail link for RHSA-2025:8203 https://lists.suse.com/pipermail/suse-liberty-linux-updates/2025-June/001647.html E-Mail link for RHSA-2025:8756 https://lists.suse.com/pipermail/sle-updates/2025-May/039318.html E-Mail link for SUSE-SU-2025:01660-1 https://lists.suse.com/pipermail/sle-updates/2025-May/039396.html E-Mail link for SUSE-SU-2025:01660-2 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DSFDWDAINA2OZWCXINCXQQLCGCNKIVEK/ E-Mail link for openSUSE-SU-2025:15131-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Liberty Linux 8 SUSE Liberty Linux 9 SUSE Linux Enterprise Workstation Extension 15 SP6 SUSE Linux Enterprise Workstation Extension 15 SP7 SUSE Linux Enterprise Module for Package Hub 15 SP6 SUSE Linux Enterprise Module for Package Hub 15 SP7 SUSE Linux Enterprise Workstation Extension 15 SP6 SUSE Linux Enterprise Workstation Extension 15 SP7 SUSE Linux Enterprise Workstation Extension 15 SP6 SUSE Linux Enterprise Workstation Extension 15 SP7 openSUSE Leap 15.6 openSUSE Tumbleweed MozillaThunderbird-128.10.1-1.1 MozillaThunderbird-128.10.1-150200.8.215.1 MozillaThunderbird-openpgp-librnp-128.10.1-1.1 MozillaThunderbird-translations-common-128.10.1-1.1 MozillaThunderbird-translations-common-128.10.1-150200.8.215.1 MozillaThunderbird-translations-other-128.10.1-1.1 MozillaThunderbird-translations-other-128.10.1-150200.8.215.1 thunderbird-128.10.1-1.el9_6 thunderbird-128.11.0-1.el8_10 thunderbird-128.11.0-1.el8_10 as a component of SUSE Liberty Linux 8 thunderbird-128.10.1-1.el9_6 as a component of SUSE Liberty Linux 9 MozillaThunderbird-128.10.1-150200.8.215.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 MozillaThunderbird-translations-common-128.10.1-150200.8.215.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 MozillaThunderbird-translations-other-128.10.1-150200.8.215.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 MozillaThunderbird-128.10.1-150200.8.215.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 MozillaThunderbird-translations-common-128.10.1-150200.8.215.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 MozillaThunderbird-translations-other-128.10.1-150200.8.215.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 MozillaThunderbird-128.10.1-150200.8.215.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP6 MozillaThunderbird-translations-common-128.10.1-150200.8.215.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP6 MozillaThunderbird-translations-other-128.10.1-150200.8.215.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP6 MozillaThunderbird-128.10.1-150200.8.215.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP7 MozillaThunderbird-translations-common-128.10.1-150200.8.215.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP7 MozillaThunderbird-translations-other-128.10.1-150200.8.215.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP7 MozillaThunderbird-128.10.1-150200.8.215.1 as a component of openSUSE Leap 15.6 MozillaThunderbird-translations-common-128.10.1-150200.8.215.1 as a component of openSUSE Leap 15.6 MozillaThunderbird-translations-other-128.10.1-150200.8.215.1 as a component of openSUSE Leap 15.6 MozillaThunderbird-128.10.1-1.1 as a component of openSUSE Tumbleweed MozillaThunderbird-openpgp-librnp-128.10.1-1.1 as a component of openSUSE Tumbleweed MozillaThunderbird-translations-common-128.10.1-1.1 as a component of openSUSE Tumbleweed MozillaThunderbird-translations-other-128.10.1-1.1 as a component of openSUSE Tumbleweed It was possible to craft an email that showed a tracking link as an attachment. If the user attempted to open the attachment, Thunderbird automatically accessed the link. The configuration to block remote content did not prevent that. Thunderbird has been fixed to no longer allow access to web pages listed in the X-Mozilla-External-Attachment-URL header of an email. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1. CVE-2025-3932 SUSE Liberty Linux 8:thunderbird-128.11.0-1.el8_10 SUSE Liberty Linux 9:thunderbird-128.10.1-1.el9_6 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-128.10.1-150200.8.215.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-common-128.10.1-150200.8.215.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:MozillaThunderbird-translations-other-128.10.1-150200.8.215.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-128.10.1-150200.8.215.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-common-128.10.1-150200.8.215.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:MozillaThunderbird-translations-other-128.10.1-150200.8.215.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-128.10.1-150200.8.215.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-common-128.10.1-150200.8.215.1 SUSE Linux Enterprise Workstation Extension 15 SP6:MozillaThunderbird-translations-other-128.10.1-150200.8.215.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-128.10.1-150200.8.215.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-common-128.10.1-150200.8.215.1 SUSE Linux Enterprise Workstation Extension 15 SP7:MozillaThunderbird-translations-other-128.10.1-150200.8.215.1 openSUSE Leap 15.6:MozillaThunderbird-128.10.1-150200.8.215.1 openSUSE Leap 15.6:MozillaThunderbird-translations-common-128.10.1-150200.8.215.1 openSUSE Leap 15.6:MozillaThunderbird-translations-other-128.10.1-150200.8.215.1 openSUSE Tumbleweed:MozillaThunderbird-128.10.1-1.1 openSUSE Tumbleweed:MozillaThunderbird-openpgp-librnp-128.10.1-1.1 openSUSE Tumbleweed:MozillaThunderbird-translations-common-128.10.1-1.1 openSUSE Tumbleweed:MozillaThunderbird-translations-other-128.10.1-1.1 important