Описание
A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird or leaking sensitive data. This vulnerability was fixed in Thunderbird 149 and Thunderbird 140.9.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | code not present |
| jammy | not-affected | code not present |
| noble | not-affected | code not present |
| questing | not-affected | code not present |
| resolute | not-affected | code not present |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-apps/noble | ignored | |
| jammy | ignored | |
| noble | ignored | |
| questing | DNE | |
| resolute | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| jammy | DNE | |
| noble | ignored | |
| questing | DNE | |
| resolute | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-apps/bionic | needs-triage | |
| jammy | DNE | |
| noble | DNE | |
| questing | DNE | |
| resolute | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-apps/focal | ignored | |
| esm-infra/bionic | ignored | |
| jammy | DNE | |
| noble | DNE | |
| questing | DNE | |
| resolute | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra/focal | ignored | |
| jammy | DNE | |
| noble | DNE | |
| questing | DNE | |
| resolute | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-apps/jammy | ignored | |
| jammy | ignored | |
| noble | DNE | |
| questing | DNE | |
| resolute | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| jammy | ignored | |
| noble | DNE | |
| questing | DNE | |
| resolute | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | code not present |
| jammy | needed | |
| noble | not-affected | code not present |
| questing | not-affected | code not present |
| resolute | not-affected | code not present |
| upstream | needs-triage |
Показывать по
Ссылки на источники
EPSS
7.4 High
CVSS3
Связанные уязвимости
A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird or leaking sensitive data. This vulnerability was fixed in Thunderbird 149 and Thunderbird 140.9.
A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird or leaking sensitive data. This vulnerability was fixed in Thunderbird 149 and Thunderbird 140.9.
A malicious mail server could send malformed strings with negative len ...
A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird or leaking sensitive data. This vulnerability affects Thunderbird < 149 and Thunderbird < 140.9.
EPSS
7.4 High
CVSS3