The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Thunderbird

computer vulnerability announce CVE-2017-7829 CVE-2017-7846 CVE-2017-7847

Thunderbird: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Thunderbird.
Impacted products: Debian, Thunderbird, openSUSE Leap, Solaris, RHEL, Slackware, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 28/12/2017.
Identifiers: bulletinjan2018, CERTFR-2017-AVI-484, CVE-2017-7829, CVE-2017-7846, CVE-2017-7847, CVE-2017-7848, DLA-1223-1, DSA-4075-1, MFSA-2017-30, openSUSE-SU-2017:3433-1, openSUSE-SU-2017:3434-1, RHSA-2018:0061-01, SSA:2017-356-01, USN-3529-1, VIGILANCE-VUL-24877.

Description of the vulnerability

An attacker can use several vulnerabilities of Thunderbird.
Full Vigil@nce bulletin... (Free trial)

vulnerability note 24664

Mail client: sender spoofing via Mailsploit

Synthesis of the vulnerability

An attacker can send an email with a special From header, which is truncated by some mail clients, in order to deceive the victim.
Impacted products: iOS by Apple, iPhone, Mac OS X, Notes, Office, Outlook, SeaMonkey, Thunderbird, Synology DSM.
Severity: 3/4.
Consequences: disguisement.
Provenance: document.
Creation date: 06/12/2017.
Identifiers: CERTFR-2017-ALE-019, Mailsploit, MFSA-2017-30, Synology-SA-17:82, VIGILANCE-VUL-24664.

Description of the vulnerability

Messaging clients interpret the From header to display the sender name.

However, using a Base64 or Quoted Printable encoding, and '\0' or '\n' characters, an attacker can force the displayed email address to be truncated.

An attacker can therefore send an email with a special From header, which is truncated by some mail clients, in order to deceive the victim.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-7826 CVE-2017-7827 CVE-2017-7828

Mozilla Firefox, Thunderbird: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Mozilla Firefox/Thunderbird.
Impacted products: Debian, Fedora, Firefox, Thunderbird, openSUSE Leap, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 4/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 15.
Creation date: 14/11/2017.
Identifiers: CERTFR-2017-AVI-412, CERTFR-2017-AVI-431, CVE-2017-7826, CVE-2017-7827, CVE-2017-7828, CVE-2017-7830, CVE-2017-7831, CVE-2017-7832, CVE-2017-7833, CVE-2017-7834, CVE-2017-7835, CVE-2017-7836, CVE-2017-7837, CVE-2017-7838, CVE-2017-7839, CVE-2017-7840, CVE-2017-7842, DLA-1172-1, DLA-1199-1, DSA-4035-1, DSA-4061-1, DSA-4075-1, FEDORA-2017-463cb2af78, FEDORA-2017-7d33609b3d, FEDORA-2017-9a6569beb6, FEDORA-2017-b410301903, FEDORA-2017-e1e3fbcd3c, MFSA-2017-24, MFSA-2017-25, MFSA-2017-26, openSUSE-SU-2017:3027-1, openSUSE-SU-2017:3108-1, openSUSE-SU-2017:3110-1, RHSA-2017:3247-01, RHSA-2017:3372-01, SSA:2017-320-02, SUSE-SU-2017:3213-1, SUSE-SU-2017:3233-1, USN-3477-1, USN-3477-2, USN-3477-3, USN-3477-4, USN-3490-1, USN-3688-1, VIGILANCE-VUL-24431.

Description of the vulnerability

An attacker can use several vulnerabilities of Mozilla Firefox/Thunderbird.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-7793 CVE-2017-7810 CVE-2017-7811

Firefox, Thunderbird: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Firefox and Thunderbird.
Impacted products: Debian, Fedora, Firefox, SeaMonkey, Thunderbird, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 4/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 17.
Creation date: 29/09/2017.
Identifiers: bulletinoct2017, CERTFR-2017-AVI-327, CERTFR-2017-AVI-340, CVE-2017-7793, CVE-2017-7810, CVE-2017-7811, CVE-2017-7812, CVE-2017-7813, CVE-2017-7814, CVE-2017-7815, CVE-2017-7816, CVE-2017-7817, CVE-2017-7818, CVE-2017-7819, CVE-2017-7820, CVE-2017-7821, CVE-2017-7822, CVE-2017-7823, CVE-2017-7824, CVE-2017-7825, DLA-1118-1, DLA-1153-1, DSA-3987-1, DSA-4014-1, FEDORA-2017-2e7badfe67, FEDORA-2017-6967efb3f0, FEDORA-2017-6e2071419d, FEDORA-2017-730e299c49, FEDORA-2017-845c543ea4, MFSA-2017-21, MFSA-2017-22, MFSA-2017-23, openSUSE-SU-2017:2615-1, openSUSE-SU-2017:2707-1, openSUSE-SU-2017:2710-1, RHSA-2017:2831-01, RHSA-2017:2885-01, SSA:2017-271-01, SUSE-SU-2017:2688-1, SUSE-SU-2017:2872-1, SUSE-SU-2017:2872-2, USN-3435-1, USN-3435-2, USN-3436-1, USN-3688-1, VIGILANCE-VUL-23970.

Description of the vulnerability

An attacker can use several vulnerabilities of Firefox and Thunderbird.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-7753 CVE-2017-7779 CVE-2017-7780

Firefox, Thunderbird: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Firefox and Thunderbird.
Impacted products: Debian, Fedora, Firefox, SeaMonkey, Thunderbird, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 4/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 29.
Creation date: 09/08/2017.
Identifiers: bulletinjul2017, CERTFR-2017-AVI-256, CERTFR-2017-AVI-271, CVE-2017-7753, CVE-2017-7779, CVE-2017-7780, CVE-2017-7781, CVE-2017-7782, CVE-2017-7783, CVE-2017-7784, CVE-2017-7785, CVE-2017-7786, CVE-2017-7787, CVE-2017-7788, CVE-2017-7789, CVE-2017-7790, CVE-2017-7791, CVE-2017-7792, CVE-2017-7794, CVE-2017-7796, CVE-2017-7797, CVE-2017-7798, CVE-2017-7799, CVE-2017-7800, CVE-2017-7801, CVE-2017-7802, CVE-2017-7803, CVE-2017-7804, CVE-2017-7806, CVE-2017-7807, CVE-2017-7808, CVE-2017-7809, DLA-1053-1, DLA-1087-1, DLA-1087-2, DSA-3928-1, DSA-3928-2, DSA-3968-1, FEDORA-2017-0dfa70ae35, FEDORA-2017-3df020e756, FEDORA-2017-bdd0b565ef, MFSA-2017-18, MFSA-2017-19, MFSA-2017-20, openSUSE-SU-2017:2151-1, openSUSE-SU-2017:2209-1, RHSA-2017:2456-01, RHSA-2017:2534-01, SSA:2017-221-02, SUSE-SU-2017:2302-1, SUSE-SU-2017:2589-1, USN-3391-1, USN-3391-2, USN-3391-3, USN-3416-1, VIGILANCE-VUL-23484.

Description of the vulnerability

An attacker can use several vulnerabilities of Firefox and Thunderbird.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2017-5470 CVE-2017-5471 CVE-2017-5472

Mozilla Firefox, Thunderbird: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Mozilla Firefox and Thunderbird.
Impacted products: Debian, Fedora, Firefox, SeaMonkey, Thunderbird, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 4/4.
Consequences: privileged access/rights, client access/rights, data reading, data creation/edition, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 31.
Creation date: 14/06/2017.
Identifiers: bulletinjul2017, CERTFR-2017-AVI-174, CERTFR-2017-AVI-182, CVE-2017-5470, CVE-2017-5471, CVE-2017-5472, CVE-2017-7749, CVE-2017-7750, CVE-2017-7751, CVE-2017-7752, CVE-2017-7754, CVE-2017-7755, CVE-2017-7756, CVE-2017-7757, CVE-2017-7758, CVE-2017-7759, CVE-2017-7760, CVE-2017-7761, CVE-2017-7762, CVE-2017-7763, CVE-2017-7764, CVE-2017-7765, CVE-2017-7766, CVE-2017-7767, CVE-2017-7768, CVE-2017-7770, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775-REJECT, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778, DLA-1007-1, DLA-1013-1, DLA-1086-1, DLA-991-1, DSA-3881-1, DSA-3894-1, DSA-3918-1, DSA-3921-1, FEDORA-2017-1dfdb04d62, FEDORA-2017-1f016389a7, FEDORA-2017-391ac5097a, FEDORA-2017-74999f2a23, FEDORA-2017-87aa9db27f, MFSA-2017-15, MFSA-2017-16, MFSA-2017-17, openSUSE-SU-2017:1579-1, openSUSE-SU-2017:1620-1, RHSA-2017:1440-01, RHSA-2017:1561-01, RHSA-2017:1793-01, RHSA-2018:2112-01, RHSA-2018:2113-01, SSA:2017-165-02, SUSE-SU-2017:1669-1, SUSE-SU-2017:2235-1, USN-3315-1, USN-3321-1, USN-3398-1, VIGILANCE-VUL-22969.

Description of the vulnerability

An attacker can use several vulnerabilities of Mozilla Firefox and Thunderbird.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-5429 CVE-2017-5430 CVE-2017-5432

Firefox: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Firefox.
Impacted products: Debian, Fedora, Firefox, SeaMonkey, Thunderbird, openSUSE Leap, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 4/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 36.
Creation date: 20/04/2017.
Revisions dates: 04/05/2017, 29/05/2017.
Identifiers: 1160, CERTFR-2017-AVI-126, CERTFR-2017-AVI-134, CVE-2017-5429, CVE-2017-5430, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5437-REJECT, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5449, CVE-2017-5450, CVE-2017-5451, CVE-2017-5452, CVE-2017-5453, CVE-2017-5454, CVE-2017-5455, CVE-2017-5456, CVE-2017-5458, CVE-2017-5459, CVE-2017-5460, CVE-2017-5463, CVE-2017-5464, CVE-2017-5465, CVE-2017-5466, CVE-2017-5467, CVE-2017-5468, CVE-2017-5469, DLA-906-1, DSA-3831-1, FEDORA-2017-31c64a0bbf, FEDORA-2017-82265ed89e, FEDORA-2017-87e23bcc34, MFSA-2017-10, MFSA-2017-11, MFSA-2017-12, MFSA-2017-13, openSUSE-SU-2017:1099-1, openSUSE-SU-2017:1196-1, openSUSE-SU-2017:1268-1, RHSA-2017:1104-01, RHSA-2017:1106-01, RHSA-2017:1201-01, SSA:2017-112-01, SSA:2017-114-01, SUSE-SU-2017:1175-1, SUSE-SU-2017:1248-1, SUSE-SU-2017:1669-1, SUSE-SU-2017:2235-1, USN-3260-1, USN-3260-2, USN-3278-1, VIGILANCE-VUL-22504, ZDI-17-320.

Description of the vulnerability

An attacker can use several vulnerabilities of Firefox.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2016-5824

libical: use after free via ICS File

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via ICS File of libical, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Thunderbird, openSUSE Leap, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 29/05/2017.
Identifiers: bulletinjul2017, CVE-2016-5824, DLA-959-1, MFSA-2019-03, openSUSE-SU-2017:2002-1, openSUSE-SU-2019:0182-1, openSUSE-SU-2019:0249-1, openSUSE-SU-2019:0251-1, RHSA-2019:0269-01, RHSA-2019:0270-01, SUSE-SU-2019:0338-1, USN-3897-1, VIGILANCE-VUL-22829.

Description of the vulnerability

An attacker can force the usage of a freed memory area via ICS File of libical, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-5436

Graphite: memory corruption via Font

Synthesis of the vulnerability

An attacker can generate a memory corruption via a malicious font read by Graphite, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, Firefox, Thunderbird, openSUSE Leap, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 03/05/2017.
Identifiers: CERTFR-2017-AVI-134, CVE-2017-5436, DLA-906-1, DSA-3831-1, FEDORA-2017-31c64a0bbf, FEDORA-2017-82265ed89e, FEDORA-2017-87e23bcc34, MFSA-2017-10, MFSA-2017-11, MFSA-2017-12, MFSA-2017-13, openSUSE-SU-2017:1099-1, openSUSE-SU-2017:1196-1, openSUSE-SU-2017:1268-1, openSUSE-SU-2017:1273-1, RHSA-2017:1104-01, RHSA-2017:1106-01, RHSA-2017:1201-01, SSA:2017-112-01, SSA:2017-114-01, SUSE-SU-2017:1149-1, SUSE-SU-2017:1175-1, SUSE-SU-2017:1248-1, SUSE-SU-2017:1669-1, SUSE-SU-2017:2235-1, USN-3260-1, USN-3260-2, USN-3278-1, VIGILANCE-VUL-22628.

Description of the vulnerability

An attacker can generate a memory corruption via a malicious font read by Graphite, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-5461 CVE-2017-5462

Mozilla NSS: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Mozilla NSS.
Impacted products: Blue Coat CAS, Debian, Fedora, Firefox, NSS, Thunderbird, openSUSE Leap, Oracle Communications, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle Identity Management, Oracle iPlanet Web Server, Solaris, Tuxedo, WebLogic, Oracle Web Tier, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, Ubuntu.
Severity: 4/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 20/04/2017.
Identifiers: bulletinapr2017, bulletinjan2019, CERTFR-2017-AVI-126, CERTFR-2017-AVI-134, cpujan2018, cpuoct2017, CVE-2017-5461, CVE-2017-5462, DLA-906-1, DLA-946-1, DSA-3831-1, DSA-3872-1, FEDORA-2017-31c64a0bbf, FEDORA-2017-82265ed89e, FEDORA-2017-87e23bcc34, FEDORA-2017-9042085060, MFSA-2017-10, MFSA-2017-11, MFSA-2017-12, MFSA-2017-13, openSUSE-SU-2017:1099-1, openSUSE-SU-2017:1196-1, openSUSE-SU-2017:1268-1, RHSA-2017:1100-01, RHSA-2017:1101-01, RHSA-2017:1102-01, RHSA-2017:1103-01, SA150, SSA:2017-112-01, SSA:2017-114-01, SUSE-SU-2017:1175-1, SUSE-SU-2017:1248-1, SUSE-SU-2017:1669-1, SUSE-SU-2017:2235-1, USN-3260-1, USN-3260-2, USN-3270-1, USN-3278-1, USN-3372-1, VIGILANCE-VUL-22505.

Description of the vulnerability

An attacker can use several vulnerabilities of Mozilla NSS.

An attacker can generate a buffer overflow via Base64 Decoding, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2017-5461]

An attacker can bypass security features via DRBG Number Generation, in order to obtain sensitive information. [severity:2/4; CVE-2017-5462]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Thunderbird: