CVE-2005-2353 — Thunderbird vulnerability

5 documents5 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 76.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Thunderbird Debian Firefox Debian Thunderbird

Timeline

PublishedAug 5

Latest updateMay 1

Description

run-mozilla.sh in Thunderbird, with debugging enabled, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files.

CVSS vector

AV:L/AC:L/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages4 packages

▶Debianmozilla/thunderbird< 1.5.0.2-1+3

▶NVDmozilla/thunderbird1.5.0.9

▶debiandebian/thunderbird< firefox 1.5.dfsg+1.5.0.2-1 (sid)

▶debiandebian/firefox< firefox 1.5.dfsg+1.5.0.2-1 (sid)

🔴Vulnerability Details

GHSA

GHSA-79jc-343r-49r6: run-mozilla↗2022-05-01

▶

OSV

CVE-2005-2353: run-mozilla↗2005-08-05

▶

📋Vendor Advisories

Ubuntu

Mozilla Thunderbird vulnerabilities↗2005-08-01

▶

Debian

CVE-2005-2353: firefox - run-mozilla.sh in Thunderbird, with debugging enabled, allows local users to cre...↗2005

▶