CVE-2017-7829 (GCVE-0-2017-7829)
Vulnerability from cvelistv5
Published
2018-06-11 21:00
Modified
2024-08-05 16:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Mailsploit part 1: From address with encoded null character is cut off in message header display
Summary
It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient. The real sender's address is not displayed if preceded by a null character in the display string. This vulnerability affects Thunderbird < 52.5.2.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mozilla | Thunderbird |
Version: unspecified < 52.5.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:19:27.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20171227 [SECURITY] [DLA 1223-1] thunderbird security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00026.html"
},
{
"name": "USN-3529-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3529-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1423432"
},
{
"name": "102258",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102258"
},
{
"name": "1040123",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040123"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2017-30/"
},
{
"name": "DSA-4075",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-4075"
},
{
"name": "RHSA-2018:0061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0061"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "52.5.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2017-12-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "It is possible to spoof the sender\u0027s email address and display an arbitrary sender address to the email recipient. The real sender\u0027s address is not displayed if preceded by a null character in the display string. This vulnerability affects Thunderbird \u003c 52.5.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Mailsploit part 1: From address with encoded null character is cut off in message header display",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-12T09:57:01",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "[debian-lts-announce] 20171227 [SECURITY] [DLA 1223-1] thunderbird security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00026.html"
},
{
"name": "USN-3529-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3529-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1423432"
},
{
"name": "102258",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102258"
},
{
"name": "1040123",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040123"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2017-30/"
},
{
"name": "DSA-4075",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-4075"
},
{
"name": "RHSA-2018:0061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0061"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2017-7829",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "52.5.2"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It is possible to spoof the sender\u0027s email address and display an arbitrary sender address to the email recipient. The real sender\u0027s address is not displayed if preceded by a null character in the display string. This vulnerability affects Thunderbird \u003c 52.5.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Mailsploit part 1: From address with encoded null character is cut off in message header display"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20171227 [SECURITY] [DLA 1223-1] thunderbird security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00026.html"
},
{
"name": "USN-3529-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3529-1/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1423432",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1423432"
},
{
"name": "102258",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102258"
},
{
"name": "1040123",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040123"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-30/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-30/"
},
{
"name": "DSA-4075",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4075"
},
{
"name": "RHSA-2018:0061",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0061"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2017-7829",
"datePublished": "2018-06-11T21:00:00",
"dateReserved": "2017-04-12T00:00:00",
"dateUpdated": "2024-08-05T16:19:27.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…