9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.028 Low
EPSS
Percentile
90.5%
Severity: Critical
Date : 2017-10-12
CVE-ID : CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7814
CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824
Package : thunderbird
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-441
The package thunderbird before version 52.4.0-1 is vulnerable to
multiple issues including arbitrary code execution, access restriction
bypass and cross-site scripting.
Upgrade to 52.4.0-1.
The problems have been fixed upstream in version 52.4.0.
None.
A use-after-free vulnerability can occur in the Fetch API of
Thunderbird < 52.4, when the worker or the associated window are freed
when still in use, resulting in a potentially exploitable crash.
A security issue has been found in Thunderbird < 52.4. During TLS 1.2
exchanges, handshake hashes are generated which point to a message
buffer. This saved data is used for later messages but in some cases,
the handshake transcript can exceed the space available in the current
buffer, causing the allocation of a new buffer. This leaves a pointer
pointing to the old, freed buffer, resulting in a use-after-free when
handshake hashes are then calculated afterwards. This can result in a
potentially exploitable crash.
Mozilla developers and community members Christoph Diehl, Jan de Mooij,
Jason Kratzer, Randell Jesup, Tom Ritter, Tyson Smith, and Sebastian
Hengst reported memory safety bugs present in Firefox <= 55, Firefox
ESR <= 52.3, and Thunderbird <= 52.3. Some of these bugs showed
evidence of memory corruption and we presume that with enough effort
that some of these could be exploited to run arbitrary code.
A security issue has been found in Thunderbird < 52.4. File downloads
encoded with blob: and data: URL elements bypassed normal file download
checks though the Phishing and Malware Protection feature and its block
lists of suspicious sites and files. This would allow malicious sites
to lure users into downloading executables that would otherwise be
detected as suspicious.
A use-after-free vulnerability can occur when manipulating arrays of
Accessible Rich Internet Applications (ARIA) elements within containers
through the DOM, in Thunderbird < 52.4. This results in a potentially
exploitable crash.
A use-after-free vulnerability can occur in design mode when image
objects are resized if objects referenced during the resizing have been
freed from memory, in Thunderbird < 52.4. This results in a potentially
exploitable crash.
The content security policy (CSP) sandbox directive in Thunderbird <
52.4 did not create a unique origin for the document, causing it to
behave as if the allow-same-origin keyword were always specified. This
could allow a Cross-Site Scripting (XSS) attack to be launched from
unsafe content.
A buffer overflow occurs when drawing and validating elements with the
ANGLE graphics library, used for WebGL content in Thunderbird < 52.4.
This is due to an incorrect value being passed within the library
during checks and results in a potentially exploitable crash.
A remote attacker can bypass security measures like the phishing and
malware protection or a content security policy, and execute arbitrary
code on the affected host.
https://www.mozilla.org/en-US/security/advisories/mfsa2017-23
https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7793
https://bugzilla.mozilla.org/show_bug.cgi?id=1371889
https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7805
https://bugzilla.mozilla.org/show_bug.cgi?id=1377618
https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7810
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1386787%2C1389974%2C1371657%2C1360334%2C1390550%2C1380824%2C1387918%2C1395598
https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7814
https://bugzilla.mozilla.org/show_bug.cgi?id=1376036
https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7818
https://bugzilla.mozilla.org/show_bug.cgi?id=1363723
https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7819
https://bugzilla.mozilla.org/show_bug.cgi?id=1380292
https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7823
https://bugzilla.mozilla.org/show_bug.cgi?id=1396320
https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7824
https://bugzilla.mozilla.org/show_bug.cgi?id=1398381
https://security.archlinux.org/CVE-2017-7793
https://security.archlinux.org/CVE-2017-7805
https://security.archlinux.org/CVE-2017-7810
https://security.archlinux.org/CVE-2017-7814
https://security.archlinux.org/CVE-2017-7818
https://security.archlinux.org/CVE-2017-7819
https://security.archlinux.org/CVE-2017-7823
https://security.archlinux.org/CVE-2017-7824
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ArchLinux | any | any | thunderbird | < 52.4.0-1 | UNKNOWN |
bugzilla.mozilla.org/buglist.cgi?bug_id=1386787%2C1389974%2C1371657%2C1360334%2C1390550%2C1380824%2C1387918%2C1395598
bugzilla.mozilla.org/show_bug.cgi?id=1363723
bugzilla.mozilla.org/show_bug.cgi?id=1371889
bugzilla.mozilla.org/show_bug.cgi?id=1376036
bugzilla.mozilla.org/show_bug.cgi?id=1377618
bugzilla.mozilla.org/show_bug.cgi?id=1380292
bugzilla.mozilla.org/show_bug.cgi?id=1396320
bugzilla.mozilla.org/show_bug.cgi?id=1398381
security.archlinux.org/AVG-441
security.archlinux.org/CVE-2017-7793
security.archlinux.org/CVE-2017-7805
security.archlinux.org/CVE-2017-7810
security.archlinux.org/CVE-2017-7814
security.archlinux.org/CVE-2017-7818
security.archlinux.org/CVE-2017-7819
security.archlinux.org/CVE-2017-7823
security.archlinux.org/CVE-2017-7824
www.mozilla.org/en-US/security/advisories/mfsa2017-23
www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7793
www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7805
www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7810
www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7814
www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7818
www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7819
www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7823
www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7824
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.028 Low
EPSS
Percentile
90.5%