VDB
GCVE-110-MAGEIA-2017-477
GCVE-110-MAGEIA-2017-477
Advisory Published
Multiple vulnerabilies have been fixed in thunderbird.
* JavaScript Execution via RSS in mailbox:// origin (CVE-2017-7846).
* Local path string can be leaked from RSS feed (CVE-2017-7847).
* RSS Feed vulnerable to new line Injection (CVE-2017-7848).
* Mailsploit From address with encoded null character is cut off in
message header display (CVE-2017-7829).
Multiple vulnerabilies have been fixed in the bundled enigmail package.
* An issue was discovered that allows remote attackers to trigger use of
an intended public key for encryption, because incorrect regular
expressions are used for extraction of an e-mail address from a
comma-separated list (CVE-2017-17843).
* A remote attacker can obtain cleartext content by sending an encrypted
data block to a victim, and relying on the victim to automatically
decrypt that block and then send it back to the attacker as quoted text
(CVE-2017-17844).
* An issue was discovered where Improper Random Secret Generation occurs
because Math.Random() is used by pretty Easy privacy (pEp)
(CVE-2017-17845).
* An issue was discovered where regular expressions are exploitable for
Denial of Service, because of attempts to match arbitrarily long strings
(CVE-2017-17846).
* An issue was discovered that signature spoofing is possible because
the UI does not properly distinguish between an attachment signature,
and a signature that applies to the entire containing message
(CVE-2017-17847).
* In a variant of CVE-2017-17847, signature spoofing is possible for
multipart/related messages because a signed message part can be
referenced with a cid: URI but not actually displayed (CVE-2017-17848)
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | thunderbird | 0 (affected), 52.5.2-1.mga5 (unaffected) | — |
| Mageia | thunderbird-l10n | 52.5.2-1.mga6 (unaffected), 0 (affected) | — |
| Mageia | thunderbird | 0 (affected), 52.5.2-1.mga6 (unaffected) | — |
| Mageia | thunderbird-l10n | 0 (affected), 52.5.2-1.mga5 (unaffected) | — |
Browse GCVE Records
73,685 records in the GCVE database · Updated July 18, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.