MS-ISAC consultancy number:
2025-064
Published date (s):
09/07/2025
PREVIEW:
Several vulnerabilities have been discovered in Mozilla Thunderbird, the most serious of which could allow arbitrary execution of code. Mozilla Thunderbird is a messaging client. The successful exploitation of these most serious vulnerabilities could allow arbitrary execution of code. According to the privileges associated with the user, an attacker could then install programs; Show, modify or delete data; Or create new accounts with complete user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those that operate with administrative user rights.
Threat intelligence:
There is currently no report of these vulnerabilities exploited in the wild.
Affected systems:
- Thunderbird versions prior to 140
Large and medium government entities
Small government
Large and medium business entities
Small business entities
