Product:

Thunderbird

(Mozilla)
Repositories https://github.com/libevent/libevent
#Vulnerabilities 1328
Date Id Summary Products Score Patch Annotated
2020-03-02 CVE-2020-6792 When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents. This vulnerability affects Thunderbird < 68.5. Ubuntu_linux, Thunderbird 4.3
2020-03-02 CVE-2020-6794 If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Thunderbird 60. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Thunderbird < 68.5. Ubuntu_linux, Thunderbird 6.5
2020-03-02 CVE-2020-6793 When processing an email message with an ill-formed envelope, Thunderbird could read data from a random memory location. This vulnerability affects Thunderbird < 68.5. Thunderbird 6.5
2020-03-02 CVE-2020-6800 Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts. This vulnerability affects... Ubuntu_linux, Firefox, Firefox_esr, Thunderbird 8.8
2020-05-26 CVE-2020-12387 A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. Firefox, Firefox_esr, Thunderbird 8.1
2021-12-08 CVE-2021-38505 Microsoft introduced a new feature in Windows 10 known as Cloud Clipboard which, if enabled, will record data copied to the clipboard to the cloud, and make it available on other computers in certain scenarios. Applications that wish to prevent copied data from being recorded in Cloud History must use specific clipboard formats; and Firefox before versions 94 and ESR 91.3 did not implement them. This could have caused sensitive data to be recorded to a user's Microsoft account. *This bug... Firefox, Firefox_esr, Thunderbird 6.5
2021-11-03 CVE-2021-29991 Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3. This vulnerability affects Firefox < 91.0.1 and Thunderbird < 91.0.1. Firefox, Thunderbird 8.1
2021-11-03 CVE-2021-38497 Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2. Firefox, Firefox_esr, Thunderbird 6.5
2021-11-03 CVE-2021-38498 During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2. Firefox, Firefox_esr, Thunderbird 7.5
2021-11-03 CVE-2021-38501 Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2. Firefox, Firefox_esr, Thunderbird 8.8