CVE-2017-7829

Sažetak

It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient. The real sender's address is not displayed if preceded by a null character in the display string. This vulnerability affects Thunderbird < 52.5.2.

Reference

http://www.securityfocus.com/bid/102258
http://www.securitytracker.com/id/1040123
https://access.redhat.com/errata/RHSA-2018:0061
https://bugzilla.mozilla.org/show_bug.cgi?id=1423432
https://lists.debian.org/debian-lts-announce/2017/12/msg00026.html
https://usn.ubuntu.com/3529-1/
https://www.debian.org/security/2017/dsa-4075
https://www.mozilla.org/security/advisories/mfsa2017-30/

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

07-08-2018 - 12:28

Objavljeno

11-06-2018 - 21:29