Remote Code Execution (RCE)

2022-01-0515:28:38

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

JSON

thunderbird is vulnerable to remote code execution. The vulnerability exists due to a boundary error when handling DER-encoded DSA or RSA-PSS signatures within Mozilla NSS library

CPENameOperatorVersion
thunderbird:bullseyeeq1:78.5.0-1
thunderbird:bustereq1:68.12.0-1~deb10u1
thunderbird:bustereq1:78.5.0-1~deb10u1
thunderbird:bustereq1:60.9.0-1~deb10u1
thunderbird:bustereq1:78.6.0-1~deb10u1
thunderbird:stretcheq1:68.10.0-1~deb9u1
thunderbird:stretcheq1:60.9.0-1~deb9u1
thunderbird:stretcheq1:52.9.1-1~deb9u1
thunderbird:focaleq1:68.10.0+build1-0ubuntu0.20.04.1
thunderbird:focaleq1:78.13.0+build1-0ubuntu0.20.04.2

Name	Operator	Version
thunderbird:bullseye	eq	1:78.5.0-1
thunderbird:buster	eq	1:68.12.0-1~deb10u1
thunderbird:buster	eq	1:78.5.0-1~deb10u1
thunderbird:buster	eq	1:60.9.0-1~deb10u1
thunderbird:buster	eq	1:78.6.0-1~deb10u1
thunderbird:stretch	eq	1:68.10.0-1~deb9u1
thunderbird:stretch	eq	1:60.9.0-1~deb9u1
thunderbird:stretch	eq	1:52.9.1-1~deb9u1
thunderbird:focal	eq	1:68.10.0+build1-0ubuntu0.20.04.1
thunderbird:focal	eq	1:78.13.0+build1-0ubuntu0.20.04.2