Table of Contents
In general, this flaw be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.
CVSS v3 metrics
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
|CVSS3 Base Score||8.8|
|CVSS3 Base Metrics||CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H|
Red Hat Security Errata
|Red Hat Enterprise Linux 6 (thunderbird)||RHSA-2019:0159||2019-01-24|
|Red Hat Enterprise Linux 7 (thunderbird)||RHSA-2019:0160||2019-01-24|
|Red Hat Enterprise Linux 6 (firefox)||RHSA-2018:3831||2018-12-17|
|Red Hat Enterprise Linux 7 (firefox)||RHSA-2018:3833||2018-12-17|
AcknowledgementsRed Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Christian Holler, Diego Calleja, Andrew McCreight, Jon Coppeard, Natalia Csoregi, Nicolas B. Pierron, and Tyson Smith as the original reporters.
CVE description copyright © 2017, The MITRE Corporation