Veracode Vulnerability DatabaseVERACODE:18942Cross Site Scripting (XSS)
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
Mozilla Thunderbird is vulnerable to cross site scripting (XSS) vulnerability. This affects an unknown functionality of the component RSS Feed Handler. Attackers can execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website.
References
www.securityfocus.com/bid/102258
www.securitytracker.com/id/1040123
access.redhat.com/errata/RHSA-2018:0061
access.redhat.com/security/updates/classification/#important
bugzilla.mozilla.org/show_bug.cgi?id=1411716
lists.debian.org/debian-lts-announce/2017/12/msg00026.html
www.debian.org/security/2017/dsa-4075
www.mozilla.org/en-US/security/advisories/mfsa2017-30/
www.mozilla.org/security/advisories/mfsa2017-30/
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P