The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Thunderbird

computer vulnerability note CVE-2018-5150 CVE-2018-5154 CVE-2018-5155

Thunderbird: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Thunderbird.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 13.
Creation date: 22/05/2018.
Identifiers: bulletinapr2018, CERTFR-2018-AVI-245, CVE-2018-5150, CVE-2018-5154, CVE-2018-5155, CVE-2018-5159, CVE-2018-5161, CVE-2018-5162, CVE-2018-5168, CVE-2018-5170, CVE-2018-5174, CVE-2018-5178, CVE-2018-5183, CVE-2018-5184, CVE-2018-5185, DLA-1382-1, DSA-4209-1, FEDORA-2018-ca9df6aaf1, MFSA-2018-13, openSUSE-SU-2018:1359-1, openSUSE-SU-2018:1361-1, RHSA-2018:1725-01, RHSA-2018:1726-01, SSA:2018-142-02, SUSE-SU-2018:2298-1, SUSE-SU-2019:2872-1, USN-3660-1, VIGILANCE-VUL-26170.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of Thunderbird.
Full Vigil@nce bulletin... (Free trial)

weakness alert CVE-2017-17688 CVE-2017-17689

Outlook Gpg4win, Thunderbird Enigmail: PGP and S/MIME decryption

Synthesis of the vulnerability

An attacker can use Outlook Gpg4win or Thunderbird Enigmail, in order to obtain sensitive information.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 14/05/2018.
Revision date: 14/05/2018.
Identifiers: CERTFR-2018-ALE-007, CVE-2017-17688, CVE-2017-17689, DSA-4244-1, FEDORA-2018-1f651350de, FEDORA-2018-25525a9346, FEDORA-2018-6020628437, FEDORA-2018-73e30969a4, FEDORA-2018-77fe2e20ad, FEDORA-2018-e6ee09fc50, openSUSE-SU-2018:1329-1, openSUSE-SU-2018:1330-1, openSUSE-SU-2018:1347-1, openSUSE-SU-2018:1392-1, openSUSE-SU-2018:1393-1, openSUSE-SU-2018:1451-1, openSUSE-SU-2018:1454-1, SSA:2018-191-01, VIGILANCE-VUL-26123, VU#122919.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Plugins can be installed to automatically decrypt received emails encrypted with PGP or S/MIME:
 - Apple Mail : GPGTools
 - IBM Notes : PGP Lotus Notes Plug-In
 - Outlook : Gpg4win
 - Thunderbird : Enigmail
 - etc.

However, an attacker who has an encrypted email can use these plugins in order to decrypt it, for example using an image in an HTML email.

An attacker can therefore use Outlook Gpg4win or Thunderbird Enigmail, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

threat CVE-2018-5125 CVE-2018-5126 CVE-2018-5127

Firefox/Thunderbird: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Firefox/Thunderbird.
Severity: 4/4.
Number of vulnerabilities in this bulletin: 20.
Creation date: 14/03/2018.
Identifiers: bulletinapr2018, CERTFR-2018-AVI-123, CERTFR-2018-AVI-149, CVE-2018-5125, CVE-2018-5126, CVE-2018-5127, CVE-2018-5128, CVE-2018-5129, CVE-2018-5130, CVE-2018-5131, CVE-2018-5132, CVE-2018-5133, CVE-2018-5134, CVE-2018-5135, CVE-2018-5136, CVE-2018-5137, CVE-2018-5138, CVE-2018-5140, CVE-2018-5141, CVE-2018-5142, CVE-2018-5143, CVE-2018-5144, CVE-2018-5145, DLA-1308-1, DLA-1327-1, DSA-4139-1, DSA-4155-1, FEDORA-2018-7011a8b0da, FEDORA-2018-92031bb1ed, FEDORA-2018-a39b4f76c8, FEDORA-2019-7f7489dc8c, MFSA-2018-06, MFSA-2018-07, MFSA-2018-09, openSUSE-SU-2018:0681-1, openSUSE-SU-2018:0818-1, openSUSE-SU-2018:0819-1, RHSA-2018:0526-01, RHSA-2018:0527-01, RHSA-2018:0647-01, RHSA-2018:0648-01, SSA:2018-072-01, SSA:2018-082-01, SSA:2019-247-01, USN-3545-1, USN-3596-1, USN-3596-2, USN-3688-1, VIGILANCE-VUL-25552.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of Firefox/Thunderbird.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-5089 CVE-2018-5095 CVE-2018-5096

Mozilla Thunderbird: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Mozilla Thunderbird.
Severity: 4/4.
Number of vulnerabilities in this bulletin: 10.
Creation date: 26/01/2018.
Identifiers: bulletinjan2018, CERTFR-2018-AVI-058, CVE-2018-5089, CVE-2018-5095, CVE-2018-5096, CVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5102, CVE-2018-5103, CVE-2018-5104, CVE-2018-5117, DLA-1262-1, DSA-4102-1, FEDORA-2018-74bb00f644, MFSA-2018-04, openSUSE-SU-2018:0257-1, RHSA-2018:0262-01, SSA:2018-025-01, USN-3529-1, VIGILANCE-VUL-25162.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of Mozilla Thunderbird.
Full Vigil@nce bulletin... (Free trial)

computer weakness CVE-2017-7829 CVE-2017-7846 CVE-2017-7847

Thunderbird: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Thunderbird.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 4.
Creation date: 28/12/2017.
Identifiers: bulletinjan2018, CERTFR-2017-AVI-484, CVE-2017-7829, CVE-2017-7846, CVE-2017-7847, CVE-2017-7848, DLA-1223-1, DSA-4075-1, MFSA-2017-30, openSUSE-SU-2017:3433-1, openSUSE-SU-2017:3434-1, RHSA-2018:0061-01, SSA:2017-356-01, USN-3529-1, VIGILANCE-VUL-24877.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of Thunderbird.
Full Vigil@nce bulletin... (Free trial)

security alert CVE-2017-7845

Firefox, Thunderbird: buffer overflow via ANGLE Library Using Direct 3D 9

Synthesis of the vulnerability

An attacker can generate a buffer overflow via ANGLE Library Using Direct 3D 9 of Firefox/Thunderbird, in order to trigger a denial of service, and possibly to run code.
Severity: 4/4.
Creation date: 08/12/2017.
Identifiers: CERTFR-2017-AVI-455, CVE-2017-7845, FEDORA-2018-16a76da6cc, FEDORA-2018-3ec87df5ba, FEDORA-2018-4e65ec8cc4, FEDORA-2018-e1539d9bc6, FEDORA-2019-7f7489dc8c, MFSA-2017-28, MFSA-2017-29, MFSA-2017-30, SSA:2019-247-01, VIGILANCE-VUL-24705.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a buffer overflow via ANGLE Library Using Direct 3D 9 of Firefox/Thunderbird, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

security weakness 24664

Mail client: sender spoofing via Mailsploit

Synthesis of the vulnerability

An attacker can send an email with a special From header, which is truncated by some mail clients, in order to deceive the victim.
Severity: 3/4.
Creation date: 06/12/2017.
Identifiers: CERTFR-2017-ALE-019, Mailsploit, MFSA-2017-30, Synology-SA-17:82, VIGILANCE-VUL-24664.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Messaging clients interpret the From header to display the sender name.

However, using a Base64 or Quoted Printable encoding, and '\0' or '\n' characters, an attacker can force the displayed email address to be truncated.

An attacker can therefore send an email with a special From header, which is truncated by some mail clients, in order to deceive the victim.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-7826 CVE-2017-7827 CVE-2017-7828

Mozilla Firefox, Thunderbird: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Mozilla Firefox/Thunderbird.
Severity: 4/4.
Number of vulnerabilities in this bulletin: 15.
Creation date: 14/11/2017.
Identifiers: CERTFR-2017-AVI-412, CERTFR-2017-AVI-431, CVE-2017-7826, CVE-2017-7827, CVE-2017-7828, CVE-2017-7830, CVE-2017-7831, CVE-2017-7832, CVE-2017-7833, CVE-2017-7834, CVE-2017-7835, CVE-2017-7836, CVE-2017-7837, CVE-2017-7838, CVE-2017-7839, CVE-2017-7840, CVE-2017-7842, DLA-1172-1, DLA-1199-1, DSA-4035-1, DSA-4061-1, DSA-4075-1, FEDORA-2017-463cb2af78, FEDORA-2017-7d33609b3d, FEDORA-2017-9a6569beb6, FEDORA-2017-b410301903, FEDORA-2017-e1e3fbcd3c, FEDORA-2019-7f7489dc8c, MFSA-2017-24, MFSA-2017-25, MFSA-2017-26, openSUSE-SU-2017:3027-1, openSUSE-SU-2017:3108-1, openSUSE-SU-2017:3110-1, RHSA-2017:3247-01, RHSA-2017:3372-01, SSA:2017-320-02, SSA:2019-247-01, SUSE-SU-2017:3213-1, SUSE-SU-2017:3233-1, USN-3477-1, USN-3477-2, USN-3477-3, USN-3477-4, USN-3490-1, USN-3688-1, VIGILANCE-VUL-24431.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of Mozilla Firefox/Thunderbird.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2017-7793 CVE-2017-7810 CVE-2017-7811

Firefox, Thunderbird: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Firefox and Thunderbird.
Severity: 4/4.
Number of vulnerabilities in this bulletin: 17.
Creation date: 29/09/2017.
Identifiers: bulletinoct2017, CERTFR-2017-AVI-327, CERTFR-2017-AVI-340, CVE-2017-7793, CVE-2017-7810, CVE-2017-7811, CVE-2017-7812, CVE-2017-7813, CVE-2017-7814, CVE-2017-7815, CVE-2017-7816, CVE-2017-7817, CVE-2017-7818, CVE-2017-7819, CVE-2017-7820, CVE-2017-7821, CVE-2017-7822, CVE-2017-7823, CVE-2017-7824, CVE-2017-7825, DLA-1118-1, DLA-1153-1, DSA-3987-1, DSA-4014-1, FEDORA-2017-2e7badfe67, FEDORA-2017-6967efb3f0, FEDORA-2017-6e2071419d, FEDORA-2017-730e299c49, FEDORA-2017-845c543ea4, FEDORA-2019-7f7489dc8c, MFSA-2017-21, MFSA-2017-22, MFSA-2017-23, openSUSE-SU-2017:2615-1, openSUSE-SU-2017:2707-1, openSUSE-SU-2017:2710-1, RHSA-2017:2831-01, RHSA-2017:2885-01, SSA:2017-271-01, SSA:2019-247-01, SUSE-SU-2017:2688-1, SUSE-SU-2017:2872-1, SUSE-SU-2017:2872-2, USN-3435-1, USN-3435-2, USN-3436-1, USN-3688-1, VIGILANCE-VUL-23970.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of Firefox and Thunderbird.
Full Vigil@nce bulletin... (Free trial)

threat CVE-2017-7753 CVE-2017-7779 CVE-2017-7780

Firefox, Thunderbird: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Firefox and Thunderbird.
Severity: 4/4.
Number of vulnerabilities in this bulletin: 29.
Creation date: 09/08/2017.
Identifiers: bulletinjul2017, CERTFR-2017-AVI-256, CERTFR-2017-AVI-271, CVE-2017-7753, CVE-2017-7779, CVE-2017-7780, CVE-2017-7781, CVE-2017-7782, CVE-2017-7783, CVE-2017-7784, CVE-2017-7785, CVE-2017-7786, CVE-2017-7787, CVE-2017-7788, CVE-2017-7789, CVE-2017-7790, CVE-2017-7791, CVE-2017-7792, CVE-2017-7794, CVE-2017-7796, CVE-2017-7797, CVE-2017-7798, CVE-2017-7799, CVE-2017-7800, CVE-2017-7801, CVE-2017-7802, CVE-2017-7803, CVE-2017-7804, CVE-2017-7806, CVE-2017-7807, CVE-2017-7808, CVE-2017-7809, DLA-1053-1, DLA-1087-1, DLA-1087-2, DSA-3928-1, DSA-3928-2, DSA-3968-1, FEDORA-2017-0dfa70ae35, FEDORA-2017-3df020e756, FEDORA-2017-bdd0b565ef, FEDORA-2019-7f7489dc8c, MFSA-2017-18, MFSA-2017-19, MFSA-2017-20, openSUSE-SU-2017:2151-1, openSUSE-SU-2017:2209-1, RHSA-2017:2456-01, RHSA-2017:2534-01, SSA:2017-221-02, SSA:2019-247-01, SUSE-SU-2017:2302-1, SUSE-SU-2017:2589-1, SUSE-SU-2019:2872-1, USN-3391-1, USN-3391-2, USN-3391-3, USN-3416-1, VIGILANCE-VUL-23484.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of Firefox and Thunderbird.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Thunderbird: