JavaScript Execution Vulnerability in Thunderbird RSS Feed Viewer

JavaScript Execution Vulnerability in Thunderbird RSS Feed Viewer

CVE-2017-7846 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View -> Feed article -> Website" or in the standard format of "View -> Feed article -> default format". This vulnerability affects Thunderbird < 52.5.2.

Learn more about our Web App Pen Testing.