8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.966 High
EPSS
Percentile
99.4%
Mozilla Thunderbird is a standalone mail and newsgroup client.
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Thunderbird to crash or,
potentially, execute arbitrary code with the privileges of the user running
Thunderbird. (CVE-2016-1952, CVE-2016-1954, CVE-2016-1957, CVE-2016-1960,
CVE-2016-1961, CVE-2016-1974, CVE-2016-1964, CVE-2016-1966)
Multiple security flaws were found in the graphite2 font library shipped
with Thunderbird. A web page containing malicious content could cause
Thunderbird to crash or, potentially, execute arbitrary code with the
privileges of the user running Thunderbird. (CVE-2016-1977, CVE-2016-2790,
CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795,
CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800,
CVE-2016-2801, CVE-2016-2802)
Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Bob Clary, Christoph Diehl, Christian Holler, Andrew
McCreight, Daniel Holbert, Jesse Ruderman, Randell Jesup, Nicolas
Golubovic, Jose Martinez, Romina Santillan, ca0nguyen, lokihardt, Nicolas
Gregoire, the Communications Electronics Security Group (UK) of the GCHQ,
Holger Fuhrmannek, Ronald Crane, and Tyson Smith as the original reporters
of these issues.
For technical details regarding these flaws, refer to the Mozilla security
advisories for Thunderbird 38.7.0. You can find a link to the Mozilla
advisories in the References section of this erratum.
All Thunderbird users should upgrade to this updated package, which
contains Thunderbird version 38.7.0, which corrects these issues. After
installing the update, Thunderbird must be restarted for the changes to
take effect.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | x86_64 | thunderbird-debuginfo | < 38.7.0-1.el6_7 | thunderbird-debuginfo-38.7.0-1.el6_7.x86_64.rpm |
RedHat | 6 | i686 | thunderbird | < 38.7.0-1.el6_7 | thunderbird-38.7.0-1.el6_7.i686.rpm |
RedHat | 6 | src | thunderbird | < 38.7.0-1.el6_7 | thunderbird-38.7.0-1.el6_7.src.rpm |
RedHat | 6 | s390x | thunderbird | < 38.7.0-1.el6_7 | thunderbird-38.7.0-1.el6_7.s390x.rpm |
RedHat | 5 | x86_64 | thunderbird-debuginfo | < 38.7.0-1.el5_11 | thunderbird-debuginfo-38.7.0-1.el5_11.x86_64.rpm |
RedHat | 6 | ppc64 | thunderbird-debuginfo | < 38.7.0-1.el6_7 | thunderbird-debuginfo-38.7.0-1.el6_7.ppc64.rpm |
RedHat | 7 | ppc64le | thunderbird | < 38.7.0-1.el7_2 | thunderbird-38.7.0-1.el7_2.ppc64le.rpm |
RedHat | 7 | ppc64le | thunderbird-debuginfo | < 38.7.0-1.el7_2 | thunderbird-debuginfo-38.7.0-1.el7_2.ppc64le.rpm |
RedHat | 6 | s390x | thunderbird-debuginfo | < 38.7.0-1.el6_7 | thunderbird-debuginfo-38.7.0-1.el6_7.s390x.rpm |
RedHat | 6 | ppc64 | thunderbird | < 38.7.0-1.el6_7 | thunderbird-38.7.0-1.el6_7.ppc64.rpm |
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.966 High
EPSS
Percentile
99.4%