Remote Code Execution (RCE)

2021-04-2312:04:52

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

30.4%

JSON

thunderbird is vulnerable to remote code execution. The vulnerability exists due to the system attempting to open a shared library that provides OTR protocol implementation using a filename that is not distributed by Thunderbird.

CPENameOperatorVersion
thunderbird:sideq1:78.5.0-1
thunderbird:bustereq1:60.9.0-1~deb10u1
thunderbird:bustereq1:78.6.0-1~deb10u1
thunderbird:bustereq1:78.5.0-1~deb10u1
thunderbird:bustereq1:68.12.0-1~deb10u1
thunderbird:stretcheq1:68.10.0-1~deb9u1
thunderbird:stretcheq1:52.9.1-1~deb9u1
thunderbird:stretcheq1:60.9.0-1~deb9u1
thunderbirdeq78.8.0__1.el7.centos
thunderbirdeq31.6.0__1.ael7b_1

Name	Operator	Version
thunderbird:sid	eq	1:78.5.0-1
thunderbird:buster	eq	1:60.9.0-1~deb10u1
thunderbird:buster	eq	1:78.6.0-1~deb10u1
thunderbird:buster	eq	1:78.5.0-1~deb10u1
thunderbird:buster	eq	1:68.12.0-1~deb10u1
thunderbird:stretch	eq	1:68.10.0-1~deb9u1
thunderbird:stretch	eq	1:52.9.1-1~deb9u1
thunderbird:stretch	eq	1:60.9.0-1~deb9u1
thunderbird	eq	78.8.0__1.el7.centos
thunderbird	eq	31.6.0__1.ael7b_1