Описание
It is possible to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening a remote attachment which is a different file type than expected. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | released | 1:52.8.0+build1-0ubuntu0.17.10.1 |
| bionic | released | 1:52.8.0+build1-0ubuntu0.18.04.1 |
| devel | released | 1:60.2.1+build1-0ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [1:52.8.0+build1-0ubuntu0.14.04.1]] |
| precise/esm | DNE | |
| trusty | released | 1:52.8.0+build1-0ubuntu0.14.04.1 |
| trusty/esm | DNE | trusty was released [1:52.8.0+build1-0ubuntu0.14.04.1] |
| upstream | released | 52.8.0 |
| xenial | released | 1:52.8.0+build1-0ubuntu0.16.04.1 |
Показывать по
EPSS
4.3 Medium
CVSS2
4.3 Medium
CVSS3
Связанные уязвимости
It is possible to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening a remote attachment which is a different file type than expected. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
It is possible to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening a remote attachment which is a different file type than expected. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
It is possible to spoof the filename of an attachment and display an a ...
It is possible to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening a remote attachment which is a different file type than expected. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
Уязвимость почтового клиента Thunderbird, существующая из-за недостаточной проверки входных данных, позволяющая нарушителю отобразить произвольное имя вложения
EPSS
4.3 Medium
CVSS2
4.3 Medium
CVSS3