Remote Code Execution (RCE)

2020-04-1000:56:31

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON

Mozilla Thunderbird is vulnerable to remote code execution (RCE). A flaw was found in the way Thunderbird handled the nsTreeSelection element. Malformed content could cause Thunderbird to execute arbitrary code with the privileges of the user running Thunderbird.

CPENameOperatorVersion
thunderbirdeq2.0.0.24__10.el5_5
thunderbirdeq1.5.0.12__34.el4
thunderbirdeq2.0.0.18__1.el5
thunderbirdeq1.5.0.5__0.el4.2
thunderbirdeq3.1.9__3.el6_0
thunderbirdeq1.5.0.9__0.1.el4
thunderbirdeq1.5.0.12__36.el4
thunderbirdeq1.5.0.12__30.el4
thunderbirdeq2.0.0.24__8.el5
thunderbirdeq1.5.0.12__14.el4

Name	Operator	Version
thunderbird	eq	2.0.0.24__10.el5_5
thunderbird	eq	1.5.0.12__34.el4
thunderbird	eq	2.0.0.18__1.el5
thunderbird	eq	1.5.0.5__0.el4.2
thunderbird	eq	3.1.9__3.el6_0
thunderbird	eq	1.5.0.9__0.1.el4
thunderbird	eq	1.5.0.12__36.el4
thunderbird	eq	1.5.0.12__30.el4
thunderbird	eq	2.0.0.24__8.el5
thunderbird	eq	1.5.0.12__14.el4