CVE-2017-7829

It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient. The real sender's address is not displayed if preceded by a null character in the display string. This vulnerability affects Thunderbird < 52.5.2.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
mozillaCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
VendorProductVersion
mozillathunderbird
𝑥
< 52.5.2
redhatenterprise_linux_aus
7.4
redhatenterprise_linux_desktop
6.0
redhatenterprise_linux_desktop
7.0
redhatenterprise_linux_eus
7.4
redhatenterprise_linux_eus
7.5
redhatenterprise_linux_server
6.0
redhatenterprise_linux_server
7.0
redhatenterprise_linux_workstation
6.0
redhatenterprise_linux_workstation
7.0
debiandebian_linux
7.0
debiandebian_linux
8.0
debiandebian_linux
9.0
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
canonicalubuntu_linux
17.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
thunderbird
bullseye
1:115.12.0-1~deb11u1
fixed
bullseye (security)
1:128.4.0esr-1~deb11u1
fixed
bookworm
1:115.12.0-1~deb12u1
fixed
bookworm (security)
1:128.4.0esr-1~deb12u1
fixed
sid
1:128.4.0esr-1
fixed
trixie
1:128.4.0esr-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
thunderbird
artful
Fixed 1:52.6.0+build1-0ubuntu0.17.10.1
released
zesty
ignored
xenial
Fixed 1:52.6.0+build1-0ubuntu0.16.04.1
released
trusty
Fixed 1:52.6.0+build1-0ubuntu0.14.04.1
released
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/102258
http://www.securitytracker.com/id/1040123
https://access.redhat.com/errata/RHSA-2018:0061
https://bugzilla.mozilla.org/show_bug.cgi?id=1423432
https://lists.debian.org/debian-lts-announce/2017/12/msg00026.html
https://usn.ubuntu.com/3529-1/
https://www.debian.org/security/2017/dsa-4075
https://www.mozilla.org/security/advisories/mfsa2017-30/
http://www.securityfocus.com/bid/102258
http://www.securitytracker.com/id/1040123
https://access.redhat.com/errata/RHSA-2018:0061
https://bugzilla.mozilla.org/show_bug.cgi?id=1423432
https://lists.debian.org/debian-lts-announce/2017/12/msg00026.html
https://usn.ubuntu.com/3529-1/
https://www.debian.org/security/2017/dsa-4075
https://www.mozilla.org/security/advisories/mfsa2017-30/