CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
98.8%
Multiple memory safety issues were discovered in Thunderbird. If the user
were tricked into opening a specially crafted message with scripting
enabled, an attacker could possibly exploit these to cause a denial of
service via application crash, or potentially execute code with the
privileges of the user invoking Thunderbird. (CVE-2013-0801,
CVE-2013-1669)
Cody Crews discovered that some constructors could be used to bypass
restrictions enforced by their Chrome Object Wrapper (COW). If a user had
scripting enabled, an attacker could exploit this to conduct cross-site
scripting (XSS) attacks. (CVE-2013-1670)
A use-after-free was discovered when resizing video content whilst it is
playing. If a user had scripting enabled, an attacker could potentially
exploit this to execute code with the privileges of the user invoking
Thunderbird. (CVE-2013-1674)
It was discovered that some DOMSVGZoomEvent functions could be used
without being properly initialized, which could lead to information
leakage. (CVE-2013-1675)
Abhishek Arya discovered multiple memory safety issues in Thunderbird. If
the user were tricked into opening a specially crafted message, an
attacker could possibly exploit these to cause a denial of service via
application crash, or potentially execute code with the privileges of
the user invoking Thunderbird. (CVE-2013-1676, CVE-2013-1677,
CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 13.04 | noarch | thunderbird | < 17.0.6+build1-0ubuntu0.13.04.1 | UNKNOWN |
Ubuntu | 13.04 | noarch | thunderbird-dbg | < 17.0.6+build1-0ubuntu0.13.04.1 | UNKNOWN |
Ubuntu | 13.04 | noarch | thunderbird-dev | < 17.0.6+build1-0ubuntu0.13.04.1 | UNKNOWN |
Ubuntu | 13.04 | noarch | thunderbird-globalmenu | < 17.0.6+build1-0ubuntu0.13.04.1 | UNKNOWN |
Ubuntu | 13.04 | noarch | thunderbird-gnome-support | < 17.0.6+build1-0ubuntu0.13.04.1 | UNKNOWN |
Ubuntu | 13.04 | noarch | thunderbird-gnome-support-dbg | < 17.0.6+build1-0ubuntu0.13.04.1 | UNKNOWN |
Ubuntu | 13.04 | noarch | thunderbird-locale-af | < 1:17.0.6+build1-0ubuntu0.13.04.1 | UNKNOWN |
Ubuntu | 13.04 | noarch | thunderbird-locale-ar | < 1:17.0.6+build1-0ubuntu0.13.04.1 | UNKNOWN |
Ubuntu | 13.04 | noarch | thunderbird-locale-ast | < 1:17.0.6+build1-0ubuntu0.13.04.1 | UNKNOWN |
Ubuntu | 13.04 | noarch | thunderbird-locale-be | < 1:17.0.6+build1-0ubuntu0.13.04.1 | UNKNOWN |
launchpad.net/bugs/1178649
ubuntu.com/security/CVE-2013-0801
ubuntu.com/security/CVE-2013-1669
ubuntu.com/security/CVE-2013-1670
ubuntu.com/security/CVE-2013-1674
ubuntu.com/security/CVE-2013-1675
ubuntu.com/security/CVE-2013-1676
ubuntu.com/security/CVE-2013-1677
ubuntu.com/security/CVE-2013-1678
ubuntu.com/security/CVE-2013-1679
ubuntu.com/security/CVE-2013-1680
ubuntu.com/security/CVE-2013-1681
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
98.8%