CVE-2017-7829
Description
It is possible to spoof the senders email address and display an arbitrary sender address to the email recipient. The real senders address is not displayed if preceded by a null character in the display string. This vulnerability affects Thunderbird < 52.5.2.
Risk Information
Base Score
5.3
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score
Exploitation Probability
1.597
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Mozilla Open Source mail and newsgroup client (USN-3529-1) thunderbird_52.6.0+build1-0ubuntu0.14.04.1_i386.deb | Linux |
| Mozilla Open Source mail and newsgroup client (USN-3529-1) thunderbird_52.6.0+build1-0ubuntu0.14.04.1_amd64.deb | Linux |
| Mozilla Open Source mail and newsgroup client (USN-3529-1) thunderbird_52.6.0+build1-0ubuntu0.16.04.1_i386.deb | Linux |
| Mozilla Open Source mail and newsgroup client (USN-3529-1) thunderbird_52.6.0+build1-0ubuntu0.16.04.1_amd64.deb | Linux |
| Mozilla Open Source mail and newsgroup client (USN-3529-1) thunderbird_52.6.0+build1-0ubuntu0.17.10.1_i386.deb | Linux |
| Mozilla Open Source mail and newsgroup client (USN-3529-1) thunderbird_52.6.0+build1-0ubuntu0.17.10.1_amd64.deb | Linux |
| thunderbird security update(DSA-4075-1) thunderbird_52.5.2-2~deb8u1_i386.deb | Linux |
| thunderbird security update(DSA-4075-1) thunderbird_52.5.2-2~deb8u1_amd64.deb | Linux |
| thunderbird security update(DSA-4075-1) thunderbird_52.5.2-2~deb9u1_i386.deb | Linux |
| thunderbird security update(DSA-4075-1) thunderbird_52.5.2-2~deb9u1_amd64.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234