General : Mozilla Thunderbird Security Update (mfsa_2017-30_2017-30)

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.812274

Kategorie: General

Titel: Mozilla Thunderbird Security Update (mfsa_2017-30_2017-30) - Windows

Zusammenfassung: Mozilla Thunderbird is prone to multiple vulnerabilities.

Beschreibung: Summary:
Mozilla Thunderbird is prone to multiple vulnerabilities.

Vulnerability Insight:
Multiple flaws exist due to:

- Buffer overflow error when drawing and validating elements with ANGLE library
using Direct 3D 9.

- JavaScript Execution via RSS in mailbox:// origin.

- Local path string can be leaked from RSS feed.

- RSS Feed vulnerable to new line Injection.

- Mailsploit part 1: From address with encoded null character is cut off in message header display.

Vulnerability Impact:
Successful exploitation of these
vulnerabilities will allow remote attacker to execute arbitrary script, obtain
sensitive information, conduct spoofing attack and cause denial of service
condition.

Affected Software/OS:
Mozilla Thunderbird versions before 52.5.2.

Solution:
Update to version 52.5.2 or later.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Querverweis: BugTraq ID: 102115
BugTraq ID: 102258
Common Vulnerability Exposure (CVE) ID: CVE-2017-7845
http://www.securityfocus.com/bid/102115
http://www.securitytracker.com/id/1040123
Common Vulnerability Exposure (CVE) ID: CVE-2017-7846
http://www.securityfocus.com/bid/102258
Debian Security Information: DSA-4075 (Google Search)
https://www.debian.org/security/2017/dsa-4075
https://lists.debian.org/debian-lts-announce/2017/12/msg00026.html
RedHat Security Advisories: RHSA-2018:0061
https://access.redhat.com/errata/RHSA-2018:0061
Common Vulnerability Exposure (CVE) ID: CVE-2017-7847
Common Vulnerability Exposure (CVE) ID: CVE-2017-7848
Common Vulnerability Exposure (CVE) ID: CVE-2017-7829
https://usn.ubuntu.com/3529-1/

Copyright Copyright (C) 2017 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.812274
Kategorie:	General
Titel:	Mozilla Thunderbird Security Update (mfsa_2017-30_2017-30) - Windows
Zusammenfassung:	Mozilla Thunderbird is prone to multiple vulnerabilities.
Beschreibung:	Summary: Mozilla Thunderbird is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws exist due to: - Buffer overflow error when drawing and validating elements with ANGLE library using Direct 3D 9. - JavaScript Execution via RSS in mailbox:// origin. - Local path string can be leaked from RSS feed. - RSS Feed vulnerable to new line Injection. - Mailsploit part 1: From address with encoded null character is cut off in message header display. Vulnerability Impact: Successful exploitation of these vulnerabilities will allow remote attacker to execute arbitrary script, obtain sensitive information, conduct spoofing attack and cause denial of service condition. Affected Software/OS: Mozilla Thunderbird versions before 52.5.2. Solution: Update to version 52.5.2 or later. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	BugTraq ID: 102115 BugTraq ID: 102258 Common Vulnerability Exposure (CVE) ID: CVE-2017-7845 http://www.securityfocus.com/bid/102115 http://www.securitytracker.com/id/1040123 Common Vulnerability Exposure (CVE) ID: CVE-2017-7846 http://www.securityfocus.com/bid/102258 Debian Security Information: DSA-4075 (Google Search) https://www.debian.org/security/2017/dsa-4075 https://lists.debian.org/debian-lts-announce/2017/12/msg00026.html RedHat Security Advisories: RHSA-2018:0061 https://access.redhat.com/errata/RHSA-2018:0061 Common Vulnerability Exposure (CVE) ID: CVE-2017-7847 Common Vulnerability Exposure (CVE) ID: CVE-2017-7848 Common Vulnerability Exposure (CVE) ID: CVE-2017-7829 https://usn.ubuntu.com/3529-1/
Copyright	Copyright (C) 2017 Greenbone Networks GmbH