CVE-2017-7847

Published: Jun 11, 2018Modified: Nov 21, 2024

4.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name. This vulnerability affects Thunderbird < 52.5.2.

Affected (13)

Products: Debian: Debian Linux · Redhat: Enterprise Linux Aus, Enterprise Linux Desktop, Enterprise Linux Eus, Enterprise Linux Server, Enterprise Linux Workstation · Mozilla: Thunderbird

1 product

5 products

Enterprise Linux Aus

Enterprise Linux Desktop

Enterprise Linux Eus

Enterprise Linux Server

Enterprise Linux Workstation

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 7.0
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0

Configuration B

9 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Aus	Version 7.4
Redhat Enterprise Linux Desktop	Version 6.0
Redhat Enterprise Linux Desktop	Version 7.0
Redhat Enterprise Linux Eus	Version 7.4
Redhat Enterprise Linux Eus	Version 7.5
Redhat Enterprise Linux Server	Version 6.0
Redhat Enterprise Linux Server	Version 7.0
Redhat Enterprise Linux Workstation	Version 6.0
Redhat Enterprise Linux Workstation	Version 7.0

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Mozilla Thunderbird	Before 52.5.2

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (14)

http://www.securityfocus.com/bid/102258

Source: security@mozilla.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1040123

Source: security@mozilla.org

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2018:0061

Source: security@mozilla.org

Third Party Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=1411708

Source: security@mozilla.org

Issue TrackingPermissions Required

https://lists.debian.org/debian-lts-announce/2017/12/msg00026.html

Source: security@mozilla.org

Mailing ListThird Party Advisory

https://www.debian.org/security/2017/dsa-4075

Source: security@mozilla.org

Third Party Advisory

https://www.mozilla.org/security/advisories/mfsa2017-30/

Source: security@mozilla.org

Vendor Advisory

http://www.securityfocus.com/bid/102258

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1040123

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2018:0061

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=1411708

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPermissions Required

https://lists.debian.org/debian-lts-announce/2017/12/msg00026.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://www.debian.org/security/2017/dsa-4075

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.mozilla.org/security/advisories/mfsa2017-30/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.