CVE-2025-3875: 
Mozilla Thunderbird vulnerability analysis and mitigation

CVE-2025-3875 is a security vulnerability discovered in Mozilla Thunderbird that affects versions prior to 128.10.1 and 138.0.1. The vulnerability was disclosed on May 14, 2025, and was discovered by security researcher xh4vm. The issue involves Thunderbird's email address parsing mechanism that can allow sender spoofing when the server permits invalid From addresses to be used (Mozilla Advisory, NVD).

The vulnerability stems from a flaw in how Thunderbird parses email addresses in the From header. When processing email headers containing multiple email addresses in an invalid format, Thunderbird's parser fails to properly validate the address structure. For example, if the From header contains an invalid value like 'Spoofed Name spoofed@example.com legitimate@example.com', Thunderbird incorrectly treats spoofed@example.com as the actual address. The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating network accessibility with low attack complexity and no required privileges or user interaction (Wiz).

The vulnerability enables attackers to conduct email sender spoofing attacks, potentially allowing them to impersonate legitimate senders. This could lead to successful phishing attempts or other social engineering attacks by making malicious emails appear to come from trusted sources (Wiz).

Mozilla has addressed this vulnerability by releasing patches in Thunderbird versions 128.10.1 and 138.0.1. Users are strongly advised to update to these or later versions to protect against potential attacks. No alternative workarounds are available for this vulnerability (Mozilla Advisory, Mozilla Advisory).