CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
90.6%
Bobby Holley discovered vulnerabilities in Chrome Object Wrappers (COW) and
System Only Wrappers (SOW). If a user were tricked into opening a specially
crafted page and had scripting enabled, a remote attacker could exploit
this to bypass security protections to obtain sensitive information or
potentially execute code with the privileges of the user invoking
Thunderbird. (CVE-2013-0773)
Frederik Braun discovered that Thunderbird made the location of the active
browser profile available to JavaScript workers. Scripting for Thunderbird
is disabled by default in Ubuntu. (CVE-2013-0774)
A use-after-free vulnerability was discovered in Thunderbird. An attacker
could potentially exploit this to execute code with the privileges of the
user invoking Thunderbird if scripting were enabled. (CVE-2013-0775)
Michal Zalewski discovered that Thunderbird would not always show the
correct address when cancelling a proxy authentication prompt. A remote
attacker could exploit this to conduct URL spoofing and phishing attacks
if scripting were enabled.
(CVE-2013-0776)
Abhishek Arya discovered several problems related to memory handling. If
the user were tricked into opening a specially crafted page, an attacker
could possibly exploit these to cause a denial of service via application
crash, or potentially execute code with the privileges of the user invoking
Thunderbird. (CVE-2013-0777, CVE-2013-0778, CVE-2013-0779, CVE-2013-0780,
CVE-2013-0781, CVE-2013-0782)
Olli Pettay, Christoph Diehl, Gary Kwong, Jesse Ruderman, Andrew McCreight,
Joe Drew, Wayne Mery, Alon Zakai, Christian Holler, Gary Kwong, Luke
Wagner, Terrence Cole, Timothy Nikkel, Bill McCloskey, and Nicolas Pierron
discovered multiple memory safety issues affecting Thunderbird. If a user
had scripting enabled and was tricked into opening a specially crafted
page, an attacker could possibly exploit these to cause a denial of service
via application crash. (CVE-2013-0783, CVE-2013-0784)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 12.10 | noarch | thunderbird | < 17.0.3+build1-0ubuntu0.12.10.1 | UNKNOWN |
Ubuntu | 12.10 | noarch | thunderbird-dbg | < 17.0.3+build1-0ubuntu0.12.10.1 | UNKNOWN |
Ubuntu | 12.10 | noarch | thunderbird-dev | < 17.0.3+build1-0ubuntu0.12.10.1 | UNKNOWN |
Ubuntu | 12.10 | noarch | thunderbird-globalmenu | < 17.0.3+build1-0ubuntu0.12.10.1 | UNKNOWN |
Ubuntu | 12.10 | noarch | thunderbird-gnome-support | < 17.0.3+build1-0ubuntu0.12.10.1 | UNKNOWN |
Ubuntu | 12.10 | noarch | thunderbird-gnome-support-dbg | < 17.0.3+build1-0ubuntu0.12.10.1 | UNKNOWN |
Ubuntu | 12.10 | noarch | thunderbird-locale-af | < 1:17.0.3+build1-0ubuntu0.12.10.1 | UNKNOWN |
Ubuntu | 12.10 | noarch | thunderbird-locale-ar | < 1:17.0.3+build1-0ubuntu0.12.10.1 | UNKNOWN |
Ubuntu | 12.10 | noarch | thunderbird-locale-ast | < 1:17.0.3+build1-0ubuntu0.12.10.1 | UNKNOWN |
Ubuntu | 12.10 | noarch | thunderbird-locale-be | < 1:17.0.3+build1-0ubuntu0.12.10.1 | UNKNOWN |
launchpad.net/bugs/1131110
ubuntu.com/security/CVE-2013-0773
ubuntu.com/security/CVE-2013-0774
ubuntu.com/security/CVE-2013-0775
ubuntu.com/security/CVE-2013-0776
ubuntu.com/security/CVE-2013-0777
ubuntu.com/security/CVE-2013-0778
ubuntu.com/security/CVE-2013-0779
ubuntu.com/security/CVE-2013-0780
ubuntu.com/security/CVE-2013-0781
ubuntu.com/security/CVE-2013-0782
ubuntu.com/security/CVE-2013-0783
ubuntu.com/security/CVE-2013-0784