Sylpheed Project: >> Sylpheed >> 0.4.52 Security Vulnerabilities
textview_uri_security_check in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click.
CVSS Score
6.1
EPSS Score
0.005
Published
2021-07-30
libsylph/utils.c in Sylpheed through 3.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.
CVSS Score
8.8
EPSS Score
0.006
Published
2017-12-14