Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-503-1
HistoryAug 25, 2007 - 12:00 a.m.

Thunderbird vulnerabilities

2007-08-2500:00:00
ubuntu.com
66

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.4 High

AI Score

Confidence

High

0.957 High

EPSS

Percentile

99.4%

JSON

Releases

  • Ubuntu 7.04
  • Ubuntu 6.10
  • Ubuntu 6.06

Packages

  • mozilla-thunderbird -

Details

Various flaws were discovered in the layout and JavaScript engines. By
tricking a user into opening a malicious email, an attacker could execute
arbitrary code with the user’s privileges. Please note that JavaScript
is disabled by default for emails, and it is not recommended to enable it.
(CVE-2007-3734, CVE-2007-3735, CVE-2007-3844)

Jesper Johansson discovered that spaces and double-quotes were
not correctly handled when launching external programs. In rare
configurations, after tricking a user into opening a malicious email,
an attacker could execute helpers with arbitrary arguments with the
user’s privileges. (CVE-2007-3670, CVE-2007-3845)

OSVersionArchitecturePackageVersionFilename
Ubuntu7.04noarchmozilla-thunderbird< 1.5.0.13-0ubuntu0.7.04UNKNOWN
Ubuntu7.04noarchmozilla-thunderbird-dev< 1.5.0.13-0ubuntu0.7.04UNKNOWN
Ubuntu7.04noarchmozilla-thunderbird-inspector< 1.5.0.13-0ubuntu0.7.04UNKNOWN
Ubuntu7.04noarchmozilla-thunderbird-typeaheadfind< 1.5.0.13-0ubuntu0.7.04UNKNOWN
Ubuntu6.10noarchmozilla-thunderbird< 1.5.0.13-0ubuntu0.6.10UNKNOWN
Ubuntu6.10noarchmozilla-thunderbird-dev< 1.5.0.13-0ubuntu0.6.10UNKNOWN
Ubuntu6.10noarchmozilla-thunderbird-inspector< 1.5.0.13-0ubuntu0.6.10UNKNOWN
Ubuntu6.10noarchmozilla-thunderbird-typeaheadfind< 1.5.0.13-0ubuntu0.6.10UNKNOWN
Ubuntu6.06noarchmozilla-thunderbird< 1.5.0.13-0ubuntu0.6.06UNKNOWN
Ubuntu6.06noarchmozilla-thunderbird-dev< 1.5.0.13-0ubuntu0.6.06UNKNOWN
Rows per page:
1-10 of 121

Related

openvas 50
nessus 47
debian 6
osv 6
ubuntu 1
securityvulns 8
mozilla 5
gentoo 1
suse 1
checkpoint_advisories 2
seebug 2
cert 2
nvd 11
ubuntucve 6
veracode 3
freebsd 1
prion 9
cvelist 8
cve 8
chrome 1
fedora 10
redhat 3
oraclelinux 3
centos 4
redhatcve 1
openvas
openvas
Ubuntu: Security Advisory (USN-503-1)
2009-03-23 00:00:00
Ubuntu Update for mozilla-thunderbird vulnerabilities USN-503-1
2009-03-23 00:00:00
Mandriva Update for mozilla-thunderbird MDVSA-2007:047 (mozilla-thunderbird)
2009-04-09 00:00:00
nessus
nessus
Ubuntu 6.06 LTS / 6.10 / 7.04 : mozilla-thunderbird vulnerabilities (USN-503-1)
2007-11-10 00:00:00
Debian DSA-1391-1 : icedove - several vulnerabilities
2007-10-25 00:00:00
Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2008:047)
2009-04-23 00:00:00
debian
debian
[SECURITY] [DSA 1391-1] New icedove packages fix several vulnerabilities
2007-10-19 15:55:05
[SECURITY] [DSA 1346-1] New iceape packages fix several vulnerabilities
2007-08-04 11:54:19
[SECURITY] [DSA 1345-1] New xulrunner packages fix several vulnerabilities
2007-08-04 11:42:41
osv
osv
icedove - several vulnerabilities
2007-10-19 00:00:00
iceape
2007-08-04 00:00:00
xulrunner
2007-08-04 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2007-08-01 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird URL processing code execution
2007-08-01 00:00:00
Mozilla Foundation Security Advisory 2007-18
2007-07-19 00:00:00
Mozilla Foundation Security Advisory 2007-26
2007-08-01 00:00:00
mozilla
mozilla
Crashes with evidence of memory corruption (rv:1.8.1.5) — Mozilla
2007-07-17 00:00:00
Unescaped URIs passed to external programs — Mozilla
2007-07-30 00:00:00
Privilege escalation through chrome-loaded about:blank windows — Mozilla
2007-07-30 00:00:00
gentoo
gentoo
Mozilla products: Multiple vulnerabilities
2007-08-14 00:00:00
suse
suse
remote code execution in MozillaFirefox,MozillaThunderbird,Seamonkey
2007-08-02 16:31:06
checkpoint_advisories
checkpoint_advisories
Mozilla Firefox Design Mode Deleted Style Reference Memory Corruption - Ver2 (CVE-2007-3734)
2014-12-28 00:00:00
Firefox Protocol Handler Code Execution - Ver2 (CVE-2007-3845)
2014-12-28 00:00:00
seebug
seebug
Mozilla Firefox 2.0.0.4多个远程安全漏洞
2007-07-19 00:00:00
Firefox/Thunderbird/SeaMonkey Chrome加载about:blank窗口权限提升漏洞
2007-08-07 00:00:00
cert
cert
Mozilla Firefox URI filtering vulnerability
2007-07-26 00:00:00
Mozilla Firefox URL protocol handling vulnerability
2007-07-11 00:00:00
nvd
nvd
CVE-2007-3734
2007-07-18 17:30:00
CVE-2007-3670
2007-07-10 19:30:00
CVE-2007-3735
2007-07-18 17:30:00
ubuntucve
ubuntucve
CVE-2007-3734
2007-07-18 00:00:00
CVE-2007-3670
2007-07-10 00:00:00
CVE-2007-3735
2007-07-18 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:17:15
Denial Of Service (DoS)
2020-04-10 00:20:21
Arbitrary Code Execution
2020-04-10 00:17:16
freebsd
freebsd
mozilla -- multiple vulnerabilities
2007-07-17 00:00:00
prion
prion
Memory corruption
2007-07-18 17:30:00
Cross site scripting
2007-07-10 19:30:00
Memory corruption
2007-07-18 17:30:00
cvelist
cvelist
CVE-2007-3734
2007-07-18 17:00:00
CVE-2007-3670
2007-07-10 19:00:00
CVE-2007-3735
2007-07-18 17:00:00
cve
cve
CVE-2007-3734
2007-07-18 17:30:00
CVE-2007-3670
2007-07-10 19:30:00
CVE-2007-3735
2007-07-18 17:30:00
chrome
chrome
Stable and Beta Update: Incognito Mode Fix
2009-02-03 00:00:00
fedora
fedora
[SECURITY] Fedora 7 Update: thunderbird-2.0.0.5-1.fc7
2007-07-20 19:32:33
[SECURITY] Fedora Core 6 Update: thunderbird-1.5.0.12-2.fc6
2007-07-20 16:21:25
[SECURITY] Fedora Core 6 Update: firefox-1.5.0.12-4.fc6
2007-07-20 16:24:04
redhat
redhat
(RHSA-2007:0723) Moderate: thunderbird security update
2007-07-18 00:00:00
(RHSA-2007:0722) Critical: seamonkey security update
2007-07-18 00:00:00
(RHSA-2007:0724) Critical: firefox security update
2007-07-18 00:00:00
oraclelinux
oraclelinux
Moderate: thunderbird security update
2007-07-19 00:00:00
Critical: seamonkey security update
2007-07-19 00:00:00
Critical: firefox security update
2007-07-19 00:00:00
centos
centos
thunderbird security update
2007-07-19 19:16:54
seamonkey security update
2007-07-19 11:53:21
seamonkey security update
2007-07-20 05:54:56
redhatcve
redhatcve
CVE-2007-4841
2015-10-30 09:30:54

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.4 High

AI Score

Confidence

High

0.957 High

EPSS

Percentile

99.4%

JSON
Related for USN-503-1
openvas50nessus47debian6osv6ubuntu1securityvulns8mozilla5gentoo1suse1checkpoint_advisories2seebug2cert2nvd11ubuntucve6veracode3freebsd1prion9cvelist8cve8chrome1fedora10redhat3oraclelinux3centos4redhatcve1