Can you explain this vulnerability to me?

This vulnerability involves crafted HTML emails containing mailbox:/// links that can cause automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without any prompt, even if auto-saving is disabled. Viewing the email in HTML mode is enough to load external content, and visual obfuscation can hide the download trigger. On Windows, it can also leak credentials via SMB links. User interaction is required to download the .pdf file, but the trigger can be concealed. [1, 2]

Useful 0 Not Useful 0

How can this vulnerability impact me? :

This vulnerability can be exploited to fill the disk with large amounts of unwanted data, potentially exhausting disk space by downloading garbage data such as from /dev/urandom on Linux. It can also lead to leakage of Windows credentials via SMB links when viewing the email in HTML mode. The automatic downloads happen without prompting the user, which can cause unexpected system behavior and security risks. [1, 2]

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, update Thunderbird to version 139.0.2 or later (for versions below 139.0.2) or to version 128.11.1 or later (for versions below 128.11.1). Avoid viewing emails in HTML mode from untrusted sources, as simply viewing the email in HTML mode can trigger the vulnerability. Additionally, be cautious of emails containing mailbox:/// links and disable automatic loading of external content if possible. [1, 2]

Useful 0 Not Useful 0