CVE-2017-7829
UnknownEPSS 1.80%
Last modified
CVE-2017-7829 is a vulnerability of currently unknown severity. It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient. The real sender's address is not displayed if preceded by a null character in the display string. EPSS estimates a 1.80% chance of exploitation in the next 30 days.
Description
It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient. The real sender's address is not displayed if preceded by a null character in the display string. This vulnerability affects Thunderbird < 52.5.2.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Thunderbird | < 52.5.2 |
| Redhat | Enterprise Linux Aus | 7.4 |
| Redhat | Enterprise Linux Desktop | 6.0 |
| Redhat | Enterprise Linux Desktop | 7.0 |
| Redhat | Enterprise Linux Eus | 7.4 |
| Redhat | Enterprise Linux Eus | 7.5 |
| Redhat | Enterprise Linux Server | 6.0 |
| Redhat | Enterprise Linux Server | 7.0 |
| Redhat | Enterprise Linux Workstation | 6.0 |
| Redhat | Enterprise Linux Workstation | 7.0 |
| Debian | Debian Linux | 7.0 |
| Debian | Debian Linux | 8.0 |
| Debian | Debian Linux | 9.0 |
| Canonical | Ubuntu Linux | 14.04 |
| Canonical | Ubuntu Linux | 16.04 |
| Canonical | Ubuntu Linux | 17.10 |
References
- http://www.securityfocus.com/bid/102258Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1040123Third Party Advisory, VDB Entry
- https://access.redhat.com/errata/RHSA-2018:0061Third Party Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=1423432Exploit, Issue Tracking, Patch
- https://lists.debian.org/debian-lts-announce/2017/12/msg00026.htmlMailing List, Third Party Advisory
- https://usn.ubuntu.com/3529-1/Third Party Advisory
- https://www.debian.org/security/2017/dsa-4075Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2017-30/Vendor Advisory
- http://www.securityfocus.com/bid/102258Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1040123Third Party Advisory, VDB Entry
- https://access.redhat.com/errata/RHSA-2018:0061Third Party Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=1423432Exploit, Issue Tracking, Patch
- https://lists.debian.org/debian-lts-announce/2017/12/msg00026.htmlMailing List, Third Party Advisory
- https://usn.ubuntu.com/3529-1/Third Party Advisory
- https://www.debian.org/security/2017/dsa-4075Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2017-30/Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-7829?
It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient. The real sender's address is not displayed if preceded by a null character in the display string. This vulnerability affects Thunderbird < 52.5.2.
How severe is CVE-2017-7829?
Severity scoring for CVE-2017-7829 is pending analysis. The EPSS model estimates a 1.80% probability of exploitation in the next 30 days.
How do I fix CVE-2017-7829?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2017-7829?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST