Updated thunderbird packages fix security vulnerabilities

Multiple vulnerabilities have been fixed in thunderbird. JavaScript Execution via RSS in mailbox:// origin CVE-2017-7846. Local path string can be leaked from RSS feed CVE-2017-7847. RSS Feed vulnerable to new line Injection CVE-2017-7848. Mailsploit From address with encoded null character is cu...

MGASA-2017-0477 Updated thunderbird packages fix security vulnerabilities

Multiple vulnerabilities have been fixed in thunderbird. JavaScript Execution via RSS in mailbox:// origin CVE-2017-7846. Local path string can be leaked from RSS feed CVE-2017-7847. RSS Feed vulnerable to new line Injection CVE-2017-7848. Mailsploit From address with encoded null character is cu...

UBUNTU-CVE-2017-7846

It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View - Feed article - Website" or in the standard format of "View - Feed article - default format". This vulnerability affects Thunderbird 52.5.2...

Debian DLA-1223-1 : thunderbird security update

Multiple security issues have been found in the Mozilla Thunderbird mail client including information leaks, unintended JavaScript execution and sender address spoofing. For Debian 7 'Wheezy', these problems have been fixed in version 1:52.5.2-1deb7u1. We recommend that you upgrade your thunderbi...

[SECURITY] [DLA 1223-1] thunderbird security update

Package : thunderbird Version : 1:52.5.2-1deb7u1 CVE ID : CVE-2017-7829 CVE-2017-7846 CVE-2017-7847 CVE-2017-7848 Multiple security issues have been found in the Mozilla Thunderbird mail client including information leaks, unintended JavaScript execution and sender address spoofing. For Debian 7...

Mozilla Thunderbird Security Advisories (MFSA2017-30, MFSA2017-30) - Mac OS X

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...

Mozilla Thunderbird Security Advisories (MFSA2017-30, MFSA2017-30) - Windows

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...

openSUSE Security Update : Mozilla Thunderbird (openSUSE-2017-1419)

This update for Mozilla Thunderbird to version 52.5.2 fixes the following vulnerabilities : - CVE-2017-7846: JavaScript Execution via RSS in mailbox:// origin bsc1074043 - CVE-2017-7847: Local path string can be leaked from RSS feed bsc1074044 - CVE-2017-7848: RSS Feed vulnerable to new line...

Security update for Mozilla Thunderbird (important)

This update for Mozilla Thunderbird to version 52.5.2 fixes the following vulnerabilities: - CVE-2017-7846: JavaScript Execution via RSS in mailbox:// origin bsc1074043 - CVE-2017-7847: Local path string can be leaked from RSS feed bsc1074044 - CVE-2017-7848: RSS Feed vulnerable to new line...

Security update for Mozilla Thunderbird (important)

This update for Mozilla Thunderbird to version 52.5.2 fixes the following vulnerabilities: - CVE-2017-7846: JavaScript Execution via RSS in mailbox:// origin bsc1074043 - CVE-2017-7847: Local path string can be leaked from RSS feed bsc1074044 - CVE-2017-7848: RSS Feed vulnerable to new line...

ServersCheck Monitoring Software Cross-Site Scripting Vulnerability

ServersCheck Monitoring Software is a suite of browser-based network inspection tools from ServersCheck Belgium. The tool monitors, reports, and provides early warning of problems with system performance and reliability. A cross-site scripting vulnerability exists in ServersCheck Monitoring...

openSUSE: Security Advisory for Mozilla (openSUSE-SU-2017:3434-1)

The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2017:3434-1 Security update for Mozilla Thunderbird

This update for Mozilla Thunderbird to version 52.5.2 fixes the following vulnerabilities: - CVE-2017-7846: JavaScript Execution via RSS in mailbox:// origin bsc1074043 - CVE-2017-7847: Local path string can be leaked from RSS feed bsc1074044 - CVE-2017-7848: RSS Feed vulnerable to new line...

OPENSUSE-SU-2017:3433-1 Security update for Mozilla Thunderbird

This update for Mozilla Thunderbird to version 52.5.2 fixes the following vulnerabilities: - CVE-2017-7846: JavaScript Execution via RSS in mailbox:// origin bsc1074043 - CVE-2017-7847: Local path string can be leaked from RSS feed bsc1074044 - CVE-2017-7848: RSS Feed vulnerable to new line...

Code-Crafters Ability Mail Server Cross-Site Scripting Vulnerability

Code-Crafters Ability Mail Server is a set of mail server software from Code-Crafters Software UK. The software provides SMTP, POP3, WebMail and other common functions, and supports remote management, virus protection, content filtering and so on. A cross-site scripting vulnerability exists in...

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2017-7845: Buffer overflow when drawing and validating elements with ANGLE library using Direct 3D 9 CVE-2017-7846: JavaScript Execution via RSS in mailbox:// origin CVE-2017-7847: Local path string can be leaked from RSS feed CVE-2017-7848: RSS Feed vulnerable to...

The vulnerability of the Bookmarks component in Google Chrome allows a hacker to execute a JavaScript script on pages with the URL chrome://.

The vulnerability of the Bookmarks component in Google Chrome browser is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to execute a JavaScript script on the chrome:// page remotely, using a specially crafted tab...

Vmware ESXi Host Client Cross-Site Scripting Vulnerability

VMware ESXi is a bare-metal virtualization hypervisor from VMware that is installed directly on a physical server and divides the physical server into multiple virtual machines. The program features less disk space, higher reliability and security. A cross-site scripting vulnerability exists in...

Cross site scripting

October CMS build 412 is vulnerable to stored WCI a.k.a XSS in brand logo image name resulting in JavaScript code execution in the victim's browser...

CVE-2017-1000193

October CMS build 412 is vulnerable to stored WCI a.k.a XSS in brand logo image name resulting in JavaScript code execution in the victim's browser...