Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Thunderbird
(Mozilla)| Repositories | https://github.com/libevent/libevent |
| #Vulnerabilities | 1351 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2008-02-12 | CVE-2008-0416 | Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allow remote attackers to inject arbitrary web script or HTML via certain character encodings, including (1) a backspace character that is treated as whitespace, (2) 0x80 with Shift_JIS encoding, and (3) "zero-length non-ASCII sequences" in certain Asian character sets. | Firefox, Seamonkey, Thunderbird | N/A | ||
| 2008-02-08 | CVE-2008-0415 | Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to execute script outside of the sandbox and conduct cross-site scripting (XSS) attacks via multiple vectors including the XMLDocument.load function, aka "JavaScript privilege escalation bugs." | Firefox, Seamonkey, Thunderbird | N/A | ||
| 2008-02-08 | CVE-2008-0413 | The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via (1) a large switch statement, (2) certain uses of watch and eval, (3) certain uses of the mousedown event listener, and other vectors. | Firefox, Seamonkey, Thunderbird | N/A | ||
| 2008-02-08 | CVE-2008-0412 | The browser engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to the (1) nsTableFrame::GetFrameAtOrBefore, (2) nsAccessibilityService::GetAccessible, (3) nsBindingManager::GetNestedInsertionPoint, (4) nsXBLPrototypeBinding::AttributeChanged, (5) nsColumnSetFrame::GetContentInsertionFrame, and (6)... | Firefox, Seamonkey, Thunderbird | N/A | ||
| 2008-11-13 | CVE-2008-5012 | Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon. | Firefox, Seamonkey, Thunderbird | N/A | ||
| 2010-06-30 | CVE-2010-1205 | Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. | Iphone_os, Itunes, Mac_os_x, Mac_os_x_server, Safari, Ubuntu_linux, Debian_linux, Fedora, Chrome, Libpng, Firefox, Seamonkey, Thunderbird, Opensuse, Linux_enterprise_server, Player, Workstation | 9.8 | ||
| 2021-09-06 | CVE-2021-40529 | The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP. | Botan, Fedora, Thunderbird | 5.9 | ||
| 2023-06-02 | CVE-2023-23605 | Memory safety bugs present in Firefox 108 and Firefox ESR 102.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7. | Firefox, Firefox_esr, Thunderbird | 8.8 | ||
| 2023-06-02 | CVE-2023-25746 | Memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.8 and Firefox ESR < 102.8. | Firefox_esr, Thunderbird | 8.8 | ||
| 2023-06-02 | CVE-2023-28176 | Memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. | Firefox, Firefox_esr, Thunderbird | 8.8 |