The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Thunderbird

computer vulnerability announce CVE-2017-7829 CVE-2017-7846 CVE-2017-7847

Thunderbird: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Thunderbird.
Impacted products: Debian, Thunderbird, openSUSE Leap, Solaris, RHEL, Slackware, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 28/12/2017.
Identifiers: bulletinjan2018, CERTFR-2017-AVI-484, CVE-2017-7829, CVE-2017-7846, CVE-2017-7847, CVE-2017-7848, DLA-1223-1, DSA-4075-1, MFSA-2017-30, openSUSE-SU-2017:3433-1, openSUSE-SU-2017:3434-1, RHSA-2018:0061-01, SSA:2017-356-01, USN-3529-1, VIGILANCE-VUL-24877.

Description of the vulnerability

An attacker can use several vulnerabilities of Thunderbird.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-7845

Firefox, Thunderbird: buffer overflow via ANGLE Library Using Direct 3D 9

Synthesis of the vulnerability

An attacker can generate a buffer overflow via ANGLE Library Using Direct 3D 9 of Firefox/Thunderbird, in order to trigger a denial of service, and possibly to run code.
Impacted products: Fedora, Firefox, Thunderbird.
Severity: 4/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 08/12/2017.
Identifiers: CERTFR-2017-AVI-455, CVE-2017-7845, FEDORA-2018-16a76da6cc, FEDORA-2018-3ec87df5ba, FEDORA-2018-4e65ec8cc4, FEDORA-2018-e1539d9bc6, MFSA-2017-28, MFSA-2017-29, MFSA-2017-30, VIGILANCE-VUL-24705.

Description of the vulnerability

An attacker can generate a buffer overflow via ANGLE Library Using Direct 3D 9 of Firefox/Thunderbird, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note 24664

Mail client: sender spoofing via Mailsploit

Synthesis of the vulnerability

An attacker can send an email with a special From header, which is truncated by some mail clients, in order to deceive the victim.
Impacted products: iOS by Apple, iPhone, Mac OS X, Notes, Office, Outlook, SeaMonkey, Thunderbird, Synology DSM.
Severity: 3/4.
Consequences: disguisement.
Provenance: document.
Creation date: 06/12/2017.
Identifiers: CERTFR-2017-ALE-019, Mailsploit, MFSA-2017-30, Synology-SA-17:82, VIGILANCE-VUL-24664.

Description of the vulnerability

Messaging clients interpret the From header to display the sender name.

However, using a Base64 or Quoted Printable encoding, and '\0' or '\n' characters, an attacker can force the displayed email address to be truncated.

An attacker can therefore send an email with a special From header, which is truncated by some mail clients, in order to deceive the victim.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-7826 CVE-2017-7827 CVE-2017-7828

Mozilla Firefox, Thunderbird: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Mozilla Firefox/Thunderbird.
Impacted products: Debian, Fedora, Firefox, Thunderbird, openSUSE Leap, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 4/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 15.
Creation date: 14/11/2017.
Identifiers: CERTFR-2017-AVI-412, CERTFR-2017-AVI-431, CVE-2017-7826, CVE-2017-7827, CVE-2017-7828, CVE-2017-7830, CVE-2017-7831, CVE-2017-7832, CVE-2017-7833, CVE-2017-7834, CVE-2017-7835, CVE-2017-7836, CVE-2017-7837, CVE-2017-7838, CVE-2017-7839, CVE-2017-7840, CVE-2017-7842, DLA-1172-1, DLA-1199-1, DSA-4035-1, DSA-4061-1, DSA-4075-1, FEDORA-2017-463cb2af78, FEDORA-2017-7d33609b3d, FEDORA-2017-9a6569beb6, FEDORA-2017-b410301903, FEDORA-2017-e1e3fbcd3c, MFSA-2017-24, MFSA-2017-25, MFSA-2017-26, openSUSE-SU-2017:3027-1, openSUSE-SU-2017:3108-1, openSUSE-SU-2017:3110-1, RHSA-2017:3247-01, RHSA-2017:3372-01, SSA:2017-320-02, SUSE-SU-2017:3213-1, SUSE-SU-2017:3233-1, USN-3477-1, USN-3477-2, USN-3477-3, USN-3477-4, USN-3490-1, USN-3688-1, VIGILANCE-VUL-24431.

Description of the vulnerability

An attacker can use several vulnerabilities of Mozilla Firefox/Thunderbird.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-7793 CVE-2017-7810 CVE-2017-7811

Firefox, Thunderbird: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Firefox and Thunderbird.
Impacted products: Debian, Fedora, Firefox, SeaMonkey, Thunderbird, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 4/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 17.
Creation date: 29/09/2017.
Identifiers: bulletinoct2017, CERTFR-2017-AVI-327, CERTFR-2017-AVI-340, CVE-2017-7793, CVE-2017-7810, CVE-2017-7811, CVE-2017-7812, CVE-2017-7813, CVE-2017-7814, CVE-2017-7815, CVE-2017-7816, CVE-2017-7817, CVE-2017-7818, CVE-2017-7819, CVE-2017-7820, CVE-2017-7821, CVE-2017-7822, CVE-2017-7823, CVE-2017-7824, CVE-2017-7825, DLA-1118-1, DLA-1153-1, DSA-3987-1, DSA-4014-1, FEDORA-2017-2e7badfe67, FEDORA-2017-6967efb3f0, FEDORA-2017-6e2071419d, FEDORA-2017-730e299c49, FEDORA-2017-845c543ea4, MFSA-2017-21, MFSA-2017-22, MFSA-2017-23, openSUSE-SU-2017:2615-1, openSUSE-SU-2017:2707-1, openSUSE-SU-2017:2710-1, RHSA-2017:2831-01, RHSA-2017:2885-01, SSA:2017-271-01, SUSE-SU-2017:2688-1, SUSE-SU-2017:2872-1, SUSE-SU-2017:2872-2, USN-3435-1, USN-3435-2, USN-3436-1, USN-3688-1, VIGILANCE-VUL-23970.

Description of the vulnerability

An attacker can use several vulnerabilities of Firefox and Thunderbird.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-7753 CVE-2017-7779 CVE-2017-7780

Firefox, Thunderbird: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Firefox and Thunderbird.
Impacted products: Debian, Fedora, Firefox, SeaMonkey, Thunderbird, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 4/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 29.
Creation date: 09/08/2017.
Identifiers: bulletinjul2017, CERTFR-2017-AVI-256, CERTFR-2017-AVI-271, CVE-2017-7753, CVE-2017-7779, CVE-2017-7780, CVE-2017-7781, CVE-2017-7782, CVE-2017-7783, CVE-2017-7784, CVE-2017-7785, CVE-2017-7786, CVE-2017-7787, CVE-2017-7788, CVE-2017-7789, CVE-2017-7790, CVE-2017-7791, CVE-2017-7792, CVE-2017-7794, CVE-2017-7796, CVE-2017-7797, CVE-2017-7798, CVE-2017-7799, CVE-2017-7800, CVE-2017-7801, CVE-2017-7802, CVE-2017-7803, CVE-2017-7804, CVE-2017-7806, CVE-2017-7807, CVE-2017-7808, CVE-2017-7809, DLA-1053-1, DLA-1087-1, DLA-1087-2, DSA-3928-1, DSA-3928-2, DSA-3968-1, FEDORA-2017-0dfa70ae35, FEDORA-2017-3df020e756, FEDORA-2017-bdd0b565ef, MFSA-2017-18, MFSA-2017-19, MFSA-2017-20, openSUSE-SU-2017:2151-1, openSUSE-SU-2017:2209-1, RHSA-2017:2456-01, RHSA-2017:2534-01, SSA:2017-221-02, SUSE-SU-2017:2302-1, SUSE-SU-2017:2589-1, USN-3391-1, USN-3391-2, USN-3391-3, USN-3416-1, VIGILANCE-VUL-23484.

Description of the vulnerability

An attacker can use several vulnerabilities of Firefox and Thunderbird.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2017-5470 CVE-2017-5471 CVE-2017-5472

Mozilla Firefox, Thunderbird: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Mozilla Firefox and Thunderbird.
Impacted products: Debian, Fedora, Firefox, SeaMonkey, Thunderbird, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 4/4.
Consequences: privileged access/rights, client access/rights, data reading, data creation/edition, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 31.
Creation date: 14/06/2017.
Identifiers: bulletinjul2017, CERTFR-2017-AVI-174, CERTFR-2017-AVI-182, CVE-2017-5470, CVE-2017-5471, CVE-2017-5472, CVE-2017-7749, CVE-2017-7750, CVE-2017-7751, CVE-2017-7752, CVE-2017-7754, CVE-2017-7755, CVE-2017-7756, CVE-2017-7757, CVE-2017-7758, CVE-2017-7759, CVE-2017-7760, CVE-2017-7761, CVE-2017-7762, CVE-2017-7763, CVE-2017-7764, CVE-2017-7765, CVE-2017-7766, CVE-2017-7767, CVE-2017-7768, CVE-2017-7770, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775-REJECT, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778, DLA-1007-1, DLA-1013-1, DLA-1086-1, DLA-991-1, DSA-3881-1, DSA-3894-1, DSA-3918-1, DSA-3921-1, FEDORA-2017-1dfdb04d62, FEDORA-2017-1f016389a7, FEDORA-2017-391ac5097a, FEDORA-2017-74999f2a23, FEDORA-2017-87aa9db27f, MFSA-2017-15, MFSA-2017-16, MFSA-2017-17, openSUSE-SU-2017:1579-1, openSUSE-SU-2017:1620-1, RHSA-2017:1440-01, RHSA-2017:1561-01, RHSA-2017:1793-01, RHSA-2018:2112-01, RHSA-2018:2113-01, SSA:2017-165-02, SUSE-SU-2017:1669-1, SUSE-SU-2017:2235-1, USN-3315-1, USN-3321-1, USN-3398-1, VIGILANCE-VUL-22969.

Description of the vulnerability

An attacker can use several vulnerabilities of Mozilla Firefox and Thunderbird.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-5429 CVE-2017-5430 CVE-2017-5432

Firefox: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Firefox.
Impacted products: Debian, Fedora, Firefox, SeaMonkey, Thunderbird, openSUSE Leap, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 4/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 36.
Creation date: 20/04/2017.
Revisions dates: 04/05/2017, 29/05/2017.
Identifiers: 1160, CERTFR-2017-AVI-126, CERTFR-2017-AVI-134, CVE-2017-5429, CVE-2017-5430, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5437-REJECT, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5449, CVE-2017-5450, CVE-2017-5451, CVE-2017-5452, CVE-2017-5453, CVE-2017-5454, CVE-2017-5455, CVE-2017-5456, CVE-2017-5458, CVE-2017-5459, CVE-2017-5460, CVE-2017-5463, CVE-2017-5464, CVE-2017-5465, CVE-2017-5466, CVE-2017-5467, CVE-2017-5468, CVE-2017-5469, DLA-906-1, DSA-3831-1, FEDORA-2017-31c64a0bbf, FEDORA-2017-82265ed89e, FEDORA-2017-87e23bcc34, MFSA-2017-10, MFSA-2017-11, MFSA-2017-12, MFSA-2017-13, openSUSE-SU-2017:1099-1, openSUSE-SU-2017:1196-1, openSUSE-SU-2017:1268-1, RHSA-2017:1104-01, RHSA-2017:1106-01, RHSA-2017:1201-01, SSA:2017-112-01, SSA:2017-114-01, SUSE-SU-2017:1175-1, SUSE-SU-2017:1248-1, SUSE-SU-2017:1669-1, SUSE-SU-2017:2235-1, USN-3260-1, USN-3260-2, USN-3278-1, VIGILANCE-VUL-22504, ZDI-17-320.

Description of the vulnerability

An attacker can use several vulnerabilities of Firefox.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2016-5824

libical: use after free via ICS File

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via ICS File of libical, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Thunderbird, openSUSE Leap, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 29/05/2017.
Identifiers: bulletinjul2017, CVE-2016-5824, DLA-959-1, MFSA-2019-03, openSUSE-SU-2017:2002-1, openSUSE-SU-2019:0182-1, openSUSE-SU-2019:0249-1, openSUSE-SU-2019:0251-1, RHSA-2019:0269-01, RHSA-2019:0270-01, SUSE-SU-2019:0338-1, USN-3897-1, VIGILANCE-VUL-22829.

Description of the vulnerability

An attacker can force the usage of a freed memory area via ICS File of libical, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-5436

Graphite: memory corruption via Font

Synthesis of the vulnerability

An attacker can generate a memory corruption via a malicious font read by Graphite, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, Firefox, Thunderbird, openSUSE Leap, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 03/05/2017.
Identifiers: CERTFR-2017-AVI-134, CVE-2017-5436, DLA-906-1, DSA-3831-1, FEDORA-2017-31c64a0bbf, FEDORA-2017-82265ed89e, FEDORA-2017-87e23bcc34, MFSA-2017-10, MFSA-2017-11, MFSA-2017-12, MFSA-2017-13, openSUSE-SU-2017:1099-1, openSUSE-SU-2017:1196-1, openSUSE-SU-2017:1268-1, openSUSE-SU-2017:1273-1, RHSA-2017:1104-01, RHSA-2017:1106-01, RHSA-2017:1201-01, SSA:2017-112-01, SSA:2017-114-01, SUSE-SU-2017:1149-1, SUSE-SU-2017:1175-1, SUSE-SU-2017:1248-1, SUSE-SU-2017:1669-1, SUSE-SU-2017:2235-1, USN-3260-1, USN-3260-2, USN-3278-1, VIGILANCE-VUL-22628.

Description of the vulnerability

An attacker can generate a memory corruption via a malicious font read by Graphite, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Thunderbird: