Lucene search

K
redosRedosROS-20230127-01
HistoryJan 27, 2023 - 12:00 a.m.

ROS-20230127-01

2023-01-2700:00:00
redos.red-soft.ru
14
mozilla thunderbird
email client
data spoofing
remote attacks
vulnerable library

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

72.0%

A vulnerability in the Mozilla Thunderbird email client is related to the fact that the browser’s full-screen notification could have been
delayed or suppressed, which could lead to data spoofing. Exploitation of the vulnerability could allow
an attacker acting remotely to direct a user to a vulnerable page and perform a spoofing
attack

A vulnerability in the Mozilla Thunderbird email client is related to the fact that a deprecated library (libusrsctp) contained a vulnerability that could potentially be exploited.
vulnerabilities that could potentially be exploited. Exploitation of the vulnerability could allow
an attacker acting remotely to cause exploitation of the vulnerable library and launch an attack on a
device

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64thunderbird<= 102.7.0-1UNKNOWN

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

72.0%