Remote Code Execution (RCE)

2020-04-1000:56:33

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON

Mozilla Thunderbird is vulnerable to remote code execution (RCE). An integer overflow flaw was found in the way Thunderbird handled the HTML frameset tag. An HTML mail message with a frameset tag containing large values for the “rows” and “cols” attributes could trigger this flaw, possibly leading to arbitrary code execution with the privileges of the user running Thunderbird.

CPENameOperatorVersion
thunderbirdeq2.0.0.24__10.el5_5
thunderbirdeq1.5.0.12__34.el4
thunderbirdeq2.0.0.18__1.el5
thunderbirdeq1.5.0.5__0.el4.2
thunderbirdeq3.1.9__3.el6_0
thunderbirdeq1.5.0.9__0.1.el4
thunderbirdeq1.5.0.12__36.el4
thunderbirdeq1.5.0.12__30.el4
thunderbirdeq2.0.0.24__8.el5
thunderbirdeq1.5.0.12__14.el4

Name	Operator	Version
thunderbird	eq	2.0.0.24__10.el5_5
thunderbird	eq	1.5.0.12__34.el4
thunderbird	eq	2.0.0.18__1.el5
thunderbird	eq	1.5.0.5__0.el4.2
thunderbird	eq	3.1.9__3.el6_0
thunderbird	eq	1.5.0.9__0.1.el4
thunderbird	eq	1.5.0.12__36.el4
thunderbird	eq	1.5.0.12__30.el4
thunderbird	eq	2.0.0.24__8.el5
thunderbird	eq	1.5.0.12__14.el4