7.5 High
AI Score
Confidence
Low
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.93 High
EPSS
Percentile
99.0%
Jeff Gilbert and Henrik Skupin discovered multiple memory safety issues
in Thunderbird. If the user were tricked in to opening a specially crafted
message with scripting enabled, an attacker could possibly exploit these
to cause a denial of service via application crash, or potentially execute
arbitrary code with the privileges of the user invoking Thunderbird.
(CVE-2013-1701)
It was discovered that a document’s URI could be set to the URI of
a different document. If a user had scripting enabled, an attacker
could potentially exploit this to conduct cross-site scripting (XSS)
attacks. (CVE-2013-1709)
A flaw was discovered when generating a CRMF request in certain
circumstances. If a user had scripting enabled, an attacker could
potentially exploit this to conduct cross-site scripting (XSS) attacks,
or execute arbitrary code with the privileges of the user invoking
Thunderbird. (CVE-2013-1710)
Cody Crews discovered that some Javascript components performed security
checks against the wrong URI, potentially bypassing same-origin policy
restrictions. If a user had scripting enabled, an attacker could exploit
this to conduct cross-site scripting (XSS) attacks or install addons
from a malicious site. (CVE-2013-1713)
Federico Lanusse discovered that web workers could bypass cross-origin
checks when using XMLHttpRequest. If a user had scripting enabled, an
attacker could potentially exploit this to conduct cross-site scripting
(XSS) attacks. (CVE-2013-1714)
Georgi Guninski and John Schoenick discovered that Java applets could
access local files under certain circumstances. If a user had scripting
enabled, an attacker could potentially exploit this to steal confidential
data. (CVE-2013-1717)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 13.04 | noarch | thunderbird | < 17.0.8+build1-0ubuntu0.13.04.1 | UNKNOWN |
Ubuntu | 13.04 | noarch | thunderbird-dbg | < 17.0.8+build1-0ubuntu0.13.04.1 | UNKNOWN |
Ubuntu | 13.04 | noarch | thunderbird-dev | < 17.0.8+build1-0ubuntu0.13.04.1 | UNKNOWN |
Ubuntu | 13.04 | noarch | thunderbird-globalmenu | < 17.0.8+build1-0ubuntu0.13.04.1 | UNKNOWN |
Ubuntu | 13.04 | noarch | thunderbird-gnome-support | < 17.0.8+build1-0ubuntu0.13.04.1 | UNKNOWN |
Ubuntu | 13.04 | noarch | thunderbird-gnome-support-dbg | < 17.0.8+build1-0ubuntu0.13.04.1 | UNKNOWN |
Ubuntu | 13.04 | noarch | thunderbird-locale-af | < 1:17.0.8+build1-0ubuntu0.13.04.1 | UNKNOWN |
Ubuntu | 13.04 | noarch | thunderbird-locale-ar | < 1:17.0.8+build1-0ubuntu0.13.04.1 | UNKNOWN |
Ubuntu | 13.04 | noarch | thunderbird-locale-ast | < 1:17.0.8+build1-0ubuntu0.13.04.1 | UNKNOWN |
Ubuntu | 13.04 | noarch | thunderbird-locale-be | < 1:17.0.8+build1-0ubuntu0.13.04.1 | UNKNOWN |