Thunderbird - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Thunderbird
(Mozilla)

Repositories	https://github.com/libevent/libevent
#Vulnerabilities	1351

Date	Id	Summary	Products	Score	Patch	Annotated
2020-03-25	CVE-2020-6812	The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a special case that renames devices containing the substring 'AirPods' to simply 'AirPods'. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.	Ubuntu_linux, Firefox, Firefox_esr, Thunderbird	5.3
2007-10-21	CVE-2007-5339	Multiple vulnerabilities in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service (crash) via crafted HTML that triggers memory corruption or assert errors.	Firefox, Seamonkey, Thunderbird	N/A
2007-10-21	CVE-2007-5340	Multiple vulnerabilities in the Javascript engine in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service (crash) via crafted HTML that triggers memory corruption.	Firefox, Seamonkey, Thunderbird	N/A
2008-11-13	CVE-2008-5016	The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via multiple vectors that trigger an assertion failure or other consequences.	Firefox, Seamonkey, Thunderbird	N/A
2008-12-17	CVE-2008-5511	Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting (XSS) attacks via an XBL binding to an "unloaded document."	Ubuntu_linux, Debian_linux, Firefox, Seamonkey, Thunderbird	N/A
2008-12-17	CVE-2008-5513	Unspecified vulnerability in the session-restore feature in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19 allows remote attackers to bypass the same origin policy, inject content into documents associated with other domains, and conduct cross-site scripting (XSS) attacks via unknown vectors related to restoration of SessionStore data.	Ubuntu_linux, Debian_linux, Firefox, Seamonkey, Thunderbird	N/A
2009-03-05	CVE-2009-0771	The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption and assertion failures.	Firefox, Seamonkey, Thunderbird	N/A
2009-04-22	CVE-2009-1308	Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing.	Firefox, Seamonkey, Thunderbird	N/A
2020-03-25	CVE-2020-6805	When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.	Ubuntu_linux, Firefox, Firefox_esr, Thunderbird	8.8
2020-03-25	CVE-2020-6807	When a device was changed while a stream was about to be destroyed, the <code>stream-reinit</code> task may have been executed after the stream was destroyed, causing a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.	Ubuntu_linux, Firefox, Firefox_esr, Thunderbird	8.8