Search Results (Refine Search)
- CPE Product Version: cpe:/a:mozilla:thunderbird:52.5.0
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2017-7847 |
Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name. This vulnerability affects Thunderbird < 52.5.2. Published: June 11, 2018; 5:29:12 PM -0400 |
V3.0: 4.3 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-7846 |
It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View -> Feed article -> Website" or in the standard format of "View -> Feed article -> default format". This vulnerability affects Thunderbird < 52.5.2. Published: June 11, 2018; 5:29:12 PM -0400 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-7845 |
A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Thunderbird < 52.5.2, Firefox ESR < 52.5.2, and Firefox < 57.0.2. Published: June 11, 2018; 5:29:12 PM -0400 |
V3.0: 8.8 HIGH V2.0: 9.3 HIGH |
CVE-2017-7829 |
It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient. The real sender's address is not displayed if preceded by a null character in the display string. This vulnerability affects Thunderbird < 52.5.2. Published: June 11, 2018; 5:29:11 PM -0400 |
V3.0: 5.3 MEDIUM V2.0: 5.0 MEDIUM |