CVE-2025-4084 | Mozilla Thunderbird ESR up to 115.22/128.9 on Windows Copy as cURL Remote Code Execution

A vulnerability classified as problematic has been found in Mozilla Thunderbird ESR up to 115.22/128.9 on Windows. Affected is an unknown function of the component Copy as cURL Handler. The manipulation leads to Remote Code Execution.

This vulnerability is traded as CVE-2025-4084. It is possible to launch the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More