CVE-2017-7847
published 2018-06-11CVE-2017-7847: Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name. This vulnerability affects Thunderbird < 52.5.2.
medium4.3CVSS 3.0
AVNACLPRNUIRSUCLINAN
Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name. This vulnerability affects Thunderbird < 52.5.2.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | thunderbird | < thunderbird 1:52.5.2-1 (bookworm) | thunderbird 1:52.5.2-1 (bookworm) |
| mozilla | thunderbird | < 52.5.2 | 52.5.2 |
| mozilla | thunderbird | >= 0 < 1:52.5.2-1 | 1:52.5.2-1 |
| mozilla | thunderbird | >= 0 < 1:52.5.2-1 | 1:52.5.2-1 |
| mozilla | thunderbird | >= 0 < 1:52.5.2-1 | 1:52.5.2-1 |
| mozilla | thunderbird | >= 0 < 1:52.5.2-1 | 1:52.5.2-1 |
| mozilla | thunderbird | >= 0 < 1:52.6.0+build1-0ubuntu0.14.04.1 | 1:52.6.0+build1-0ubuntu0.14.04.1 |
| mozilla | thunderbird | >= 0 < 1:52.6.0+build1-0ubuntu0.16.04.1 | 1:52.6.0+build1-0ubuntu0.16.04.1 |
| mozilla | thunderbird | >= unspecified < 52.5.2 | 52.5.2 |
| redhat | enterprise_linux_aus | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_workstation | — | — |
| redhat | enterprise_linux_workstation | — | — |
CVSS provenance
nvdv3.04.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
osv5.3MEDIUM