CVE-2017-7847

moderate-risk

Published 2018-06-11

Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name. This vulnerability affects Thunderbird < 52.5.2.

Do I need to act?

0.88% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.3/10 Medium

NETWORK / LOW complexity

Debian Linux

Enterprise Linux Aus

Enterprise Linux Desktop

Enterprise Linux Eus

Enterprise Linux Server

Enterprise Linux Workstation

Thunderbird

Debian Redhat Mozilla

Third Party Advisory http://www.securityfocus.com/bid/102258

Third Party Advisory http://www.securitytracker.com/id/1040123

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:0061

Issue Tracking https://bugzilla.mozilla.org/show_bug.cgi?id=1411708

Mailing List https://lists.debian.org/debian-lts-announce/2017/12/msg00026.html

Third Party Advisory https://www.debian.org/security/2017/dsa-4075

Vendor Advisory https://www.mozilla.org/security/advisories/mfsa2017-30/

Third Party Advisory http://www.securityfocus.com/bid/102258

Third Party Advisory http://www.securitytracker.com/id/1040123

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:0061

Issue Tracking https://bugzilla.mozilla.org/show_bug.cgi?id=1411708

Mailing List https://lists.debian.org/debian-lts-announce/2017/12/msg00026.html

Third Party Advisory https://www.debian.org/security/2017/dsa-4075

Vendor Advisory https://www.mozilla.org/security/advisories/mfsa2017-30/

/ 100

moderate-risk

Severity 18/34 · Moderate

Exploitability 3/34 · Minimal

Exposure 17/34 · Moderate