CVE-2017-7846
published 2018-06-11CVE-2017-7846: It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View -> Feed article -> Website" or in the standard…
high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View -> Feed article -> Website" or in the standard format of "View -> Feed article -> default format". This vulnerability affects Thunderbird < 52.5.2.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | thunderbird | < thunderbird 1:52.5.2-1 (bookworm) | thunderbird 1:52.5.2-1 (bookworm) |
| mozilla | thunderbird | < 52.5.2 | 52.5.2 |
| mozilla | thunderbird | >= 0 < 1:52.5.2-1 | 1:52.5.2-1 |
| mozilla | thunderbird | >= 0 < 1:52.5.2-1 | 1:52.5.2-1 |
| mozilla | thunderbird | >= 0 < 1:52.5.2-1 | 1:52.5.2-1 |
| mozilla | thunderbird | >= 0 < 1:52.5.2-1 | 1:52.5.2-1 |
| mozilla | thunderbird | >= 0 < 1:52.6.0+build1-0ubuntu0.14.04.1 | 1:52.6.0+build1-0ubuntu0.14.04.1 |
| mozilla | thunderbird | >= 0 < 1:52.6.0+build1-0ubuntu0.16.04.1 | 1:52.6.0+build1-0ubuntu0.16.04.1 |
| mozilla | thunderbird | >= unspecified < 52.5.2 | 52.5.2 |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_eus | — | — |
| redhat | enterprise_linux_server_eus | — | — |
| redhat | enterprise_linux_workstation | — | — |
| redhat | enterprise_linux_workstation | — | — |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv8.8HIGH