Lucene search

K

Veracode Vulnerability DatabaseVERACODE:24534

HistoryApr 10, 2020 - 12:56 a.m.

Remote Code Execution (RCE)

2020-04-1000:56:33

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7

EPSS

0.275

Percentile

96.8%

Mozilla Thunderbird is vulnerable to remote code execution (RCE). An integer overflow flaw was found in the way Thunderbird handled the HTML frameset tag. An HTML mail message with a frameset tag containing large values for the “rows” and “cols” attributes could trigger this flaw, possibly leading to arbitrary code execution with the privileges of the user running Thunderbird.

References

blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird

downloads.avaya.com/css/P8/documents/100134543

downloads.avaya.com/css/P8/documents/100144158

www.debian.org/security/2011/dsa-2227

www.debian.org/security/2011/dsa-2228

www.debian.org/security/2011/dsa-2235

www.mandriva.com/security/advisories?name=MDVSA-2011:079

www.mandriva.com/security/advisories?name=MDVSA-2011:080

www.mozilla.org/security/announce/2011/mfsa2011-12.html

www.securityfocus.com/bid/47648

access.redhat.com/errata/RHSA-2011:0475

access.redhat.com/security/updates/classification/#critical

bugzilla.mozilla.org/show_bug.cgi?id=623998

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14193

EPSS

0.275

Percentile

96.8%

Related for VERACODE:24534

prion5 nvd5 cve5 cvelist5 ubuntucve5 nessus47 openvas60 redhat4 centos3 oraclelinux4 securityvulns2 mozilla1 debian4 osv3 ubuntu5 suse2 gentoo1