Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-ebzs-h9p8-tbb4
Vulnerability ID VCID-ebzs-h9p8-tbb4
Aliases CVE-2017-7830
Summary Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
System Score Found at
cvssv3 6.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7830.json
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2017-7830
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2017-7830
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2017-7830
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2017-7830
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2017-7830
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2017-7830
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2017-7830
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2017-7830
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2017-7830
epss 0.00862 https://api.first.org/data/v1/epss?cve=CVE-2017-7830
cvssv2 5.1 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2017-7830
cvssv3 6.5 https://nvd.nist.gov/vuln/detail/CVE-2017-7830
archlinux Critical https://security.archlinux.org/AVG-494
archlinux Critical https://security.archlinux.org/AVG-530
generic_textual critical https://www.mozilla.org/en-US/security/advisories/mfsa2017-24
generic_textual critical https://www.mozilla.org/en-US/security/advisories/mfsa2017-25
generic_textual critical https://www.mozilla.org/en-US/security/advisories/mfsa2017-26
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7830.json
https://api.first.org/data/v1/epss?cve=CVE-2017-7830
https://bugzilla.mozilla.org/show_bug.cgi?id=1408990
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7826
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7828
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7829
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7830
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7846
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7847
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7848
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://lists.debian.org/debian-lts-announce/2017/11/msg00018.html
https://lists.debian.org/debian-lts-announce/2017/12/msg00001.html
https://www.debian.org/security/2017/dsa-4035
https://www.debian.org/security/2017/dsa-4061
https://www.debian.org/security/2017/dsa-4075
https://www.mozilla.org/security/advisories/mfsa2017-24/
https://www.mozilla.org/security/advisories/mfsa2017-25/
https://www.mozilla.org/security/advisories/mfsa2017-26/
http://www.securityfocus.com/bid/101832
http://www.securitytracker.com/id/1039803
1513311 https://bugzilla.redhat.com/show_bug.cgi?id=1513311
ASA-201711-23 https://security.archlinux.org/ASA-201711-23
ASA-201711-43 https://security.archlinux.org/ASA-201711-43
AVG-494 https://security.archlinux.org/AVG-494
AVG-530 https://security.archlinux.org/AVG-530
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
CVE-2017-7830 https://nvd.nist.gov/vuln/detail/CVE-2017-7830
GLSA-201803-14 https://security.gentoo.org/glsa/201803-14
mfsa2017-24 https://www.mozilla.org/en-US/security/advisories/mfsa2017-24
mfsa2017-25 https://www.mozilla.org/en-US/security/advisories/mfsa2017-25
mfsa2017-26 https://www.mozilla.org/en-US/security/advisories/mfsa2017-26
RHSA-2017:3247 https://access.redhat.com/errata/RHSA-2017:3247
RHSA-2017:3372 https://access.redhat.com/errata/RHSA-2017:3372
USN-3477-1 https://usn.ubuntu.com/3477-1/
USN-3490-1 https://usn.ubuntu.com/3490-1/
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7830.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2017-7830
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2017-7830
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.75012
EPSS Score 0.00862
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:04:42.941595+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/201803-14 38.0.0