It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient. The real sender's address is not displayed if preceded by a null character in the display string. This vulnerability affects Thunderbird < 52.5.2.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N
Vendors Products
Canonical
  • Ubuntu Linux
Redhat
  • Enterprise Linux Aus
  • Enterprise Linux Desktop
  • Enterprise Linux Workstation
  • Enterprise Linux Server
  • Enterprise Linux Eus
Mozilla
  • Thunderbird
Debian
  • Debian Linux

Configuration 1 [-]

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:redhat:enterprise_linux_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 4 [-]

OR cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
References
Link Resource
http://www.securityfocus.com/bid/102258 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1040123 Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2018:0061 Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1423432 Exploit Issue Tracking Patch
https://lists.debian.org/debian-lts-announce/2017/12/msg00026.html Mailing List Third Party Advisory
https://usn.ubuntu.com/3529-1/ Third Party Advisory
https://www.debian.org/security/2017/dsa-4075 Third Party Advisory
https://www.mozilla.org/security/advisories/mfsa2017-30/ Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mozilla

Published: 2018-06-11T21:00:00

Updated: 2018-06-12T09:57:01

Reserved: 2017-04-12T00:00:00

Link: CVE-2017-7829

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2018-06-11T21:29:11.343

Modified: 2018-08-07T12:28:12.087

Link: CVE-2017-7829

JSON object: View

cve-icon Redhat Information

No data.

CWE