Lucene search

K

China National Vulnerability DatabaseCNVD-2021-90099

HistoryAug 25, 2021 - 12:00 a.m.

Mozilla Thunderbird Command Injection Vulnerability

2021-08-2500:00:00

China National Vulnerability Database

www.cnvd.org.cn

8

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

Mozilla Thunderbird is an open source email client. A command injection vulnerability exists in the Mozilla Thunderbird product, which stems from a problem in the way Thunderbird handles IMAP server responses sent prior to the STARTTLS process. An attacker could exploit this vulnerability to send arbitrary IMAP commands before the STARTTLS handshake and execute them after the handshake completes.

CPENameOperatorVersion
mozilla thunderbirdlt78.12

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

Related for CNVD-2021-90099

debiancve1 prion1 cve1 ubuntucve1 redhatcve1 alpinelinux1 nessus19 oraclelinux2 osv4 archlinux1 redhat4 mozilla1 mageia1 altlinux1 suse2 redos15 kaspersky1 debian2 almalinux1 rocky1 ubuntu1 amazon1 gentoo1