Product:

Thunderbird

(Mozilla)
Repositories https://github.com/libevent/libevent
#Vulnerabilities 1328
Date Id Summary Products Score Patch Annotated
2011-03-11 CVE-2011-1187 Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak." Chrome, Firefox, Seamonkey, Thunderbird N/A
2020-04-24 CVE-2020-6822 On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in <code>GMPDecodeData</code>. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75. Firefox, Firefox_esr, Thunderbird N/A
2020-03-02 CVE-2020-6795 When processing a message that contains multiple S/MIME signatures, a bug in the MIME processing code caused a null pointer dereference, leading to an unexploitable crash. This vulnerability affects Thunderbird < 68.5. Thunderbird N/A
2020-03-02 CVE-2020-6798 If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer a cross-site scripting vulnerability as a result. In general, this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but is potentially a risk in browser or browser-like contexts. This vulnerability affects Thunderbird... Firefox, Firefox_esr, Thunderbird N/A
2020-01-08 CVE-2019-17008 When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. Firefox, Firefox_esr, Thunderbird, Leap N/A
2020-01-08 CVE-2019-17009 When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to locate and exploit a vulnerability in file handling in the updater service. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.*. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. Firefox, Firefox_esr, Thunderbird, Leap N/A
2016-03-13 CVE-2016-1974 The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted Unicode data in an HTML, XML, or SVG document. Firefox, Firefox_esr, Thunderbird, Leap, Opensuse, Linux, Linux_enterprise 8.8
2016-03-13 CVE-2016-1966 The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference and memory corruption) via a crafted NPAPI plugin. Firefox, Firefox_esr, Thunderbird, Opensuse, Linux 8.8
2016-03-13 CVE-2016-1964 Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging mishandling of XML transformations. Firefox, Firefox_esr, Thunderbird, Leap, Opensuse, Linux, Linux_enterprise 8.8
2016-03-13 CVE-2016-1961 Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of a root element, aka ZDI-CAN-3574. Firefox, Firefox_esr, Thunderbird, Leap, Opensuse, Linux, Linux_enterprise 8.8