CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
77.8%
Vulnerability in Mozilla Thunderbird email client is related to improper handling of sandbox header
CSP without the “allow scripts” parameter. Exploitation of the vulnerability could allow an attacker acting remotely to use an iframe to bypass an implemented restriction.
remotely, use an iframe to bypass the implemented CSP restriction and execute scripts if the
a user clicks on a javascript link
The vulnerability in the Mozilla Thunderbird email client is related to improper error handling when processing the
an inaccessible PAC file. Exploitation of the vulnerability could allow an attacker acting remotely,
specify the URL of a PAC, and then if the server hosting the PAC is unavailable, OCSP requests are
requests are blocked, resulting in the display of invalid error pages.
A vulnerability in the Mozilla Thunderbird email client is related to improper handling of a pop-up window resizing event.
pop-up window size event. Exploitation of the vulnerability could allow an attacker, acting remotely,
create a customized website that could create a resized pop-up window to
Overlay the address bar with their own content and perform a spoofing attack
The vulnerability in Mozilla Thunderbird email client is related to improper input validation when processing JavaScript attributes.
JavaScript attributes. Exploitation of the vulnerability could allow an attacker acting remotely,
pass unwanted attributes to a JavaScript object, execute a prototype infection, and execute arbitrary JavaScript marriage code.
arbitrary JavaScript code in the browser
A vulnerability in the Mozilla Thunderbird email client is related to an integer overflow in the function
nsTArray_Impl::ReplaceElementsAt(). Exploitation of the vulnerability could allow an attacker acting
remotely, force a victim to visit a specially crafted website, trigger an integer overflow, and
execute arbitrary code on the target system
A vulnerability in the Mozilla Thunderbird email client is related to a boundary error in the processing of content of
HTML. Exploitation of the vulnerability could allow an attacker acting remotely to create a customized
website, trick the victim into opening it, cause memory corruption, and execute arbitrary code
on the target system
The vulnerability in the Mozilla Thunderbird email client is related to a bug in the processing of CSS stylesheets,
accessible via internal URIs as “resource:”. Exploitation of the vulnerability could allow an attacker,
acting remotely, to bypass the implemented content security policy
A vulnerability in the Mozilla Thunderbird email client is related to a memory release error in nsSHistory during the
XML documents. Exploitation of the vulnerability could allow an attacker acting remotely,
cause a post-release usage error and execute arbitrary code on the system
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
redos | 7.3 | x86_64 | thunderbird | < 91.11.0-1 | UNKNOWN |