PT-2017-17948 · Mozilla+5 · Thunderbird+5

Cure53

Publicado

2017-12-22

Atualizado

2024-06-15

CVE-2017-7846

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 52.5.2

Description The issue allows execution of JavaScript in the parsed RSS feed when viewed as a website. This can occur through different viewing options, such as "View -> Feed article -> Website" or the standard "View -> Feed article -> default format".

Recommendations For versions prior to 52.5.2, update to version 52.5.2 or later to resolve the issue.

Correção

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-74

Identificadores relacionados

ALT-PU-2017-2838

CESA-2018_0061

CVE-2017-7846

DLA-1223-1

DSA-4075-1

MGASA-2017-0477

OPENSUSE-SU-2017:3433-1

OPENSUSE-SU-2017:3434-1

OPENSUSE-SU-2017_3434-1

OPENSUSE-SU-2024:10601-1

RHSA-2018:0061

RHSA-2018_0061

USN-3529-1

Produtos afetados

Alt Linux

Centos

Red Hat

Suse

Thunderbird

Ubuntu

PT-2017-17948 · Mozilla+5 · Thunderbird+5

CVE-2017-7846

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 440