SUSE CVE-2017-7829

It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient. The real sender's address is not displayed if preceded by a null character in the display string. This vulnerability affects Thunderbird 52.5.2...

SUSE CVE-2017-7846

It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View - Feed article - Website" or in the standard format of "View - Feed article - default format". This vulnerability affects Thunderbird 52.5.2...

CVE-2017-7847

Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name. This vulnerability affects Thunderbird 52.5.2...

DEBIAN-CVE-2017-7847

Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name. This vulnerability affects Thunderbird 52.5.2...

Format string

It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View - Feed article - Website" or in the standard format of "View - Feed article - default format". This vulnerability affects Thunderbird 52.5.2...

CVE-2017-7848

RSS fields can inject new lines into the created email structure, modifying the message body. This vulnerability affects Thunderbird 52.5.2...

CVE-2017-7843

When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mode sessions because it is not...

CentOS Update for thunderbird CESA-2018:0061 centos7

Check the version of thunderbird SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882825";...

Mozilla: Local path string can be leaked from RSS feed

Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name. This vulnerability affects Thunderbird 52.5.2...

Mozilla: RSS Feed vulnerable to new line Injection

RSS fields can inject new lines into the created email structure, modifying the message body. This vulnerability affects Thunderbird 52.5.2...

Mozilla: JavaScript Execution via RSS in mailbox:// origin

It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View - Feed article - Website" or in the standard format of "View - Feed article - default format". This vulnerability affects Thunderbird 52.5.2...

thunderbird security update

52.5.2-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 52.5.2-1 - Update to 52.5.2...

CVE-2017-7846

It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View - Feed article - Website" or in the standard format of "View - Feed article - default format". This vulnerability affects Thunderbird 52.5.2...

CVE-2017-7848

RSS fields can inject new lines into the created email structure, modifying the message body. This vulnerability affects Thunderbird 52.5.2...

UBUNTU-CVE-2017-7829

It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient. The real sender's address is not displayed if preceded by a null character in the display string. This vulnerability affects Thunderbird 52.5.2...

UBUNTU-CVE-2017-7846

It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View - Feed article - Website" or in the standard format of "View - Feed article - default format". This vulnerability affects Thunderbird 52.5.2...

UBUNTU-CVE-2017-7848

RSS fields can inject new lines into the created email structure, modifying the message body. This vulnerability affects Thunderbird 52.5.2...

CVE-2017-7848

RSS fields can inject new lines into the created email structure, modifying the message body. This vulnerability affects Thunderbird 52.5.2...

Debian DLA-1223-1 : thunderbird security update

Multiple security issues have been found in the Mozilla Thunderbird mail client including information leaks, unintended JavaScript execution and sender address spoofing. For Debian 7 'Wheezy', these problems have been fixed in version 1:52.5.2-1deb7u1. We recommend that you upgrade your thunderbi...

Mozilla Thunderbird Path String Vulnerability

Mozilla Thunderbird is the United States Mozilla Foundation developed from the Mozilla Application Suite independent of the e-mail client software, support for IMAP, POP mail protocol and HTML mail format. A path string vulnerability exists in Mozilla Thunderbird versions prior to 52.5.2. An...