9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.935 High
EPSS
Percentile
99.1%
Multiple memory safety issues were discovered in Thunderbird. If a user were
tricked in to opening a specially crafted message, an attacker could
potentially exploit these to cause a denial of service via application
crash, or execute arbitrary code. (CVE-2016-9893, CVE-2017-5373)
Andrew Krasichkov discovered that event handlers on elements
were executed despite a Content Security Policy (CSP) that disallowed
inline JavaScript. If a user were tricked in to opening a specially
crafted website in a browsing context, an attacker could potentially
exploit this to conduct cross-site scripting (XSS) attacks.
(CVE-2016-9895)
A memory corruption issue was discovered in WebGL in some circumstances.
If a user were tricked in to opening a specially crafted website in a
browsing context, an attacker could potentially exploit this to cause a
denial of service via application crash, or execute arbitrary code.
(CVE-2016-9897)
A use-after-free was discovered when manipulating DOM subtrees in the
Editor. If a user were tricked in to opening a specially crafted website
in a browsing context, an attacker could potentially exploit this to
cause a denial of service via application crash, or execute arbitrary
code. (CVE-2016-9898)
A use-after-free was discovered when manipulating DOM events and audio
elements. If a user were tricked in to opening a specially crafted website
in a browsing context, an attacker could potentially exploit this to
cause a denial of service via application crash, or execute arbitrary
code. (CVE-2016-9899)
It was discovered that external resources that should be blocked when
loading SVG images can bypass security restrictions using data: URLs. An
attacker could potentially exploit this to obtain sensitive information.
(CVE-2016-9900)
Jann Horn discovered that JavaScript Map/Set were vulnerable to timing
attacks. If a user were tricked in to opening a specially crafted website
in a browsing context, an attacker could potentially exploit this to
obtain sensitive information across domains. (CVE-2016-9904)
A crash was discovered in EnumerateSubDocuments while adding or removing
sub-documents. If a user were tricked in to opening a specially crafted
website in a browsing context, an attacker could potentially exploit this
to execute arbitrary code. (CVE-2016-9905)
JIT code allocation can allow a bypass of ASLR protections in some
circumstances. If a user were tricked in to opening a specially crafted
website in a browsing context, an attacker could potentially exploit this
to cause a denial of service via application crash, or execute arbitrary
code. (CVE-2017-5375)
Nicolas Grégoire discovered a use-after-free when manipulating XSL in
XSLT documents in some circumstances. If a user were tricked in to opening
a specially crafted website in a browsing context, an attacker could
potentially exploit this to cause a denial of service via application
crash, or execute arbitrary code. (CVE-2017-5376)
Jann Horn discovered that an object’s address could be discovered through
hashed codes of JavaScript objects shared between pages. If a user were
tricked in to opening a specially crafted website in a browsing context,
an attacker could potentially exploit this to obtain sensitive
information. (CVE-2017-5378)
A use-after-free was discovered during DOM manipulation of SVG content in
some circumstances. If a user were tricked in to opening a specially
crafted website in a browsing context, an attacker could potentially
exploit this to cause a denial of service via application crash, or
execute arbitrary code. (CVE-2017-5380)
Armin Razmjou discovered that certain unicode glyphs do not trigger
punycode display. If a user were tricked in to opening a specially crafted
website in a browsing context, an attacker could potentially exploit this
to spoof the URL bar contents. (CVE-2017-5383)
Jerri Rice discovered insecure communication methods in the Dev Tools JSON
Viewer. An attacker could potentially exploit this to gain additional
privileges. (CVE-2017-5390)
Filipe Gomes discovered a use-after-free in the media decoder in some
circumstances. If a user were tricked in to opening a specially crafted
website in a browsing context, an attacker could potentially exploit this
to cause a denial of service via application crash, or execute arbitrary
code. (CVE-2017-5396)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 16.10 | noarch | thunderbird | < 1:45.7.0+build1-0ubuntu0.16.10.1 | UNKNOWN |
Ubuntu | 16.10 | noarch | thunderbird-dbg | < 1:45.7.0+build1-0ubuntu0.16.10.1 | UNKNOWN |
Ubuntu | 16.10 | noarch | thunderbird-dbgsym | < 1:45.7.0+build1-0ubuntu0.16.10.1 | UNKNOWN |
Ubuntu | 16.10 | noarch | thunderbird-dev | < 1:45.7.0+build1-0ubuntu0.16.10.1 | UNKNOWN |
Ubuntu | 16.10 | noarch | thunderbird-dev-dbgsym | < 1:45.7.0+build1-0ubuntu0.16.10.1 | UNKNOWN |
Ubuntu | 16.10 | noarch | thunderbird-globalmenu | < 1:45.7.0+build1-0ubuntu0.16.10.1 | UNKNOWN |
Ubuntu | 16.10 | noarch | thunderbird-gnome-support | < 1:45.7.0+build1-0ubuntu0.16.10.1 | UNKNOWN |
Ubuntu | 16.10 | noarch | thunderbird-gnome-support-dbg | < 1:45.7.0+build1-0ubuntu0.16.10.1 | UNKNOWN |
Ubuntu | 16.10 | noarch | thunderbird-locale-af | < 1:45.7.0+build1-0ubuntu0.16.10.1 | UNKNOWN |
Ubuntu | 16.10 | noarch | thunderbird-locale-ar | < 1:45.7.0+build1-0ubuntu0.16.10.1 | UNKNOWN |
ubuntu.com/security/CVE-2016-9893
ubuntu.com/security/CVE-2016-9895
ubuntu.com/security/CVE-2016-9897
ubuntu.com/security/CVE-2016-9898
ubuntu.com/security/CVE-2016-9899
ubuntu.com/security/CVE-2016-9900
ubuntu.com/security/CVE-2016-9904
ubuntu.com/security/CVE-2016-9905
ubuntu.com/security/CVE-2017-5373
ubuntu.com/security/CVE-2017-5375
ubuntu.com/security/CVE-2017-5376
ubuntu.com/security/CVE-2017-5378
ubuntu.com/security/CVE-2017-5380
ubuntu.com/security/CVE-2017-5383
ubuntu.com/security/CVE-2017-5390
ubuntu.com/security/CVE-2017-5396
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.935 High
EPSS
Percentile
99.1%