Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Thunderbird
(Mozilla)Repositories | https://github.com/libevent/libevent |
#Vulnerabilities | 1345 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2011-03-11 | CVE-2011-1187 | Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak." | Chrome, Firefox, Seamonkey, Thunderbird | N/A | ||
2020-04-24 | CVE-2020-6822 | On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in <code>GMPDecodeData</code>. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75. | Firefox, Firefox_esr, Thunderbird | N/A | ||
2020-03-02 | CVE-2020-6795 | When processing a message that contains multiple S/MIME signatures, a bug in the MIME processing code caused a null pointer dereference, leading to an unexploitable crash. This vulnerability affects Thunderbird < 68.5. | Thunderbird | N/A | ||
2020-03-02 | CVE-2020-6798 | If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer a cross-site scripting vulnerability as a result. In general, this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but is potentially a risk in browser or browser-like contexts. This vulnerability affects Thunderbird... | Firefox, Firefox_esr, Thunderbird | N/A | ||
2020-01-08 | CVE-2019-17008 | When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. | Firefox, Firefox_esr, Thunderbird, Leap | N/A | ||
2020-01-08 | CVE-2019-17009 | When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to locate and exploit a vulnerability in file handling in the updater service. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.*. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. | Firefox, Firefox_esr, Thunderbird, Leap | N/A | ||
2016-03-13 | CVE-2016-1974 | The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted Unicode data in an HTML, XML, or SVG document. | Firefox, Firefox_esr, Thunderbird, Leap, Opensuse, Linux, Linux_enterprise | 8.8 | ||
2016-03-13 | CVE-2016-1966 | The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference and memory corruption) via a crafted NPAPI plugin. | Firefox, Firefox_esr, Thunderbird, Opensuse, Linux | 8.8 | ||
2016-03-13 | CVE-2016-1964 | Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging mishandling of XML transformations. | Firefox, Firefox_esr, Thunderbird, Leap, Opensuse, Linux, Linux_enterprise | 8.8 | ||
2016-03-13 | CVE-2016-1961 | Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of a root element, aka ZDI-CAN-3574. | Firefox, Firefox_esr, Thunderbird, Leap, Opensuse, Linux, Linux_enterprise | 8.8 |