Lucene search

K

Veracode Vulnerability DatabaseVERACODE:18353

HistoryMay 02, 2019 - 6:37 a.m.

Cross-site Scripting (XSS)

2019-05-0206:37:16

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7

EPSS

0.003

Percentile

70.8%

Mozilla Thunderbird is vulnerable to cross-site scripting (XSS) attacks. This is because the content security policy (CSP) “sandbox” directive did not create a unique origin for the document, causing it to behave as if the “allow-same-origin” keyword were always specified allowing a malicious attacker to launch an attack from unsafe content.

References

www.securityfocus.com/bid/101059

www.securitytracker.com/id/1039465

access.redhat.com/errata/RHSA-2017:2831

access.redhat.com/errata/RHSA-2017:2885

access.redhat.com/security/updates/classification/#important

bugzilla.mozilla.org/show_bug.cgi?id=1396320

lists.debian.org/debian-lts-announce/2017/11/msg00000.html

security.gentoo.org/glsa/201803-14

www.debian.org/security/2017/dsa-3987

www.debian.org/security/2017/dsa-4014

www.mozilla.org/en-US/security/advisories/mfsa2017-23/

www.mozilla.org/security/advisories/mfsa2017-21/

www.mozilla.org/security/advisories/mfsa2017-22/

www.mozilla.org/security/advisories/mfsa2017-23/

EPSS

0.003

Percentile

70.8%

Related for VERACODE:18353

prion1 cvelist1 nvd1 cve1 redhatcve1 ubuntucve1 debiancve1 nessus33 oraclelinux2 openvas29 redhat2 centos2 mageia2 osv4 ubuntu3 debian4 suse6 archlinux1 kaspersky2 mozilla3 altlinux2 freebsd1 gentoo2