4 matches found
Format string
It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View - Feed article - Website" or in the standard format of "View - Feed article - default format". This vulnerability affects Thunderbird 52.5.2...
CVE-2017-7848
RSS fields can inject new lines into the created email structure, modifying the message body. This vulnerability affects Thunderbird 52.5.2...
CVE-2017-7848
RSS fields can inject new lines into the created email structure, modifying the message body. This vulnerability affects Thunderbird 52.5.2...
Security fix for the ALT Linux 10 package thunderbird version 52.5.2-alt1
Dec. 25, 2017 Andrey Cherepanov 52.5.2-alt1 - New version 52.5.2 - Enigmail 1.9.9 - Fixes: + CVE-2017-7846 JavaScript Execution via RSS in mailbox:// origin + CVE-2017-7847 Local path string can be leaked from RSS feed + CVE-2017-7848 RSS Feed vulnerable to new line Injection + CVE-2017-7829...