Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Thunderbird
(Mozilla)Repositories | https://github.com/libevent/libevent |
#Vulnerabilities | 1363 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2020-03-25 | CVE-2020-6807 | When a device was changed while a stream was about to be destroyed, the <code>stream-reinit</code> task may have been executed after the stream was destroyed, causing a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. | Ubuntu_linux, Firefox, Firefox_esr, Thunderbird | 8.8 | ||
2020-03-25 | CVE-2020-6806 | By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. | Ubuntu_linux, Firefox, Firefox_esr, Thunderbird | 8.8 | ||
2020-01-08 | CVE-2019-11763 | Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could have led to XSS in a web application under certain conditions. It could have also led to HTML entities being masked from filters - enabling the use of entities to mask the actual characters of interest from filters. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. | Ubuntu_linux, Firefox, Firefox_esr, Thunderbird | 6.1 | ||
2020-08-10 | CVE-2020-15654 | When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. | Ubuntu_linux, Firefox, Firefox_esr, Thunderbird | 6.5 | ||
2020-08-10 | CVE-2020-15653 | An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed popups and hosted arbitrary content. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. | Ubuntu_linux, Firefox, Firefox_esr, Thunderbird | 6.5 | ||
2020-08-10 | CVE-2020-15656 | JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate severity. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. | Ubuntu_linux, Firefox, Firefox_esr, Thunderbird, Leap | 8.8 | ||
2020-08-10 | CVE-2020-15658 | The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown in the dialog. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. | Ubuntu_linux, Firefox, Firefox_esr, Thunderbird | 6.5 | ||
2019-07-23 | CVE-2019-11705 | A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in icalrecur_add_bydayrules when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1. | Thunderbird | 9.8 | ||
2019-07-23 | CVE-2019-11706 | A flaw in Thunderbird's implementation of iCal causes a type confusion in icaltimezone_get_vtimezone_properties when processing certain email messages, resulting in a crash. This vulnerability affects Thunderbird < 60.7.1. | Thunderbird | 7.5 | ||
2020-01-08 | CVE-2019-11757 | When following the value's prototype chain, it was possible to retain a reference to a locale, delete it, and subsequently reference it. This resulted in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. | Ubuntu_linux, Firefox, Firefox_esr, Thunderbird | 8.8 |