Showing 1 - 2 of 2

CVE-2017-7848

Status Candidate

Overview

RSS fields can inject new lines into the created email structure, modifying the message body. This vulnerability affects Thunderbird < 52.5.2.

Ubuntu Security Notice USN-3529-1: Posted Jan 30, 2018; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 3529-1 - It was discovered that a From address encoded with a null character is cut off in the message header display. An attacker could potentially exploit this to spoof the sender address. It was discovered that it is possible to execute JavaScript in RSS feeds in some circumstances. If a user were tricked in to opening a specially crafted RSS feed, an attacker could potentially exploit this in combination with another vulnerability, in order to cause unspecified problems. Various other issues were also addressed.; tags | advisory, spoof, javascript; systems | linux, ubuntu; advisories | CVE-2017-7829, CVE-2017-7846, CVE-2017-7847, CVE-2017-7848, CVE-2018-5013, CVE-2018-5089, CVE-2018-5095, CVE-2018-5096, CVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5102, CVE-2018-5103, CVE-2018-5104, CVE-2018-5117; SHA-256 | 718720eddc43ffd427e0bb22018bf540e10c1d9368bd32c4736cf3bca8bf3ad0; Download | Favorite | View

Red Hat Security Advisory 2018-0061-01: Posted Jan 8, 2018; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2018-0061-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.5.2. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.; tags | advisory, web, arbitrary; systems | linux, redhat; advisories | CVE-2017-7829, CVE-2017-7846, CVE-2017-7847, CVE-2017-7848; SHA-256 | 9391dc9240444a0f31ab3382c91b063b903412d893af681d0bf45657b9de00e4; Download | Favorite | View

Page 1 of 1 Back 1 Next