4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.228 Low
EPSS
Percentile
96.5%
Mozilla tester Stephen Donner reported that only users who installed Thunderbird 1.5.0.13 using the install package received the fix for MFSA 2007-23. Users who upgraded to Thunderbird 1.5.0.13 from an earlier version using the automatic update mechanism were not protected. If those users browsed the internet using Internet Explorer or another similarly affected program and clicked on a malicious mailto: link the attacker could potentially execute arbitrary code.
CPE | Name | Operator | Version |
---|---|---|---|
thunderbird | lt | 1.5.0.14 |