VYPR

rpm package

opensuse/MozillaThunderbird&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Tumbleweed

Vulnerabilities (1,600)

  • CVE-2015-2721Jul 6, 2015
    affected < 45.5.1-1.1fixed 45.5.1-1.1

    Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-i

  • CVE-2015-4000LowMay 21, 2015
    affected < 45.5.1-1.1fixed 45.5.1-1.1

    The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by D

  • CVE-2015-2716May 14, 2015
    affected < 45.5.1-1.1fixed 45.5.1-1.1

    Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.

  • CVE-2015-2713May 14, 2015
    affected < 45.5.1-1.1fixed 45.5.1-1.1

    Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a document containing craft

  • CVE-2015-2710May 14, 2015
    affected < 45.5.1-1.1fixed 45.5.1-1.1

    Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code via crafted SVG graphics data in conjunction with a crafted Cascading Style Sheets (CSS

  • CVE-2015-2708May 14, 2015
    affected < 45.5.1-1.1fixed 45.5.1-1.1

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code vi

  • CVE-2015-0816Apr 1, 2015
    affected < 45.5.1-1.1fixed 45.5.1-1.1

    Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Orig

  • CVE-2015-0815Apr 1, 2015
    affected < 45.5.1-1.1fixed 45.5.1-1.1

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code vi

  • CVE-2015-0813Apr 1, 2015
    affected < 45.5.1-1.1fixed 45.5.1-1.1

    Use-after-free vulnerability in the AppendElements function in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 on Linux, when the Fluendo MP3 plugin for GStreamer is used, allows remote attackers to execute arbitrary code or cause a denial o

  • CVE-2015-0807Apr 1, 2015
    affected < 45.5.1-1.1fixed 45.5.1-1.1

    The navigator.sendBeacon implementation in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 processes HTTP 30x status codes for redirects after a preflight request has occurred, which allows remote attackers to bypass intended CORS access-con

  • CVE-2015-0801Apr 1, 2015
    affected < 45.5.1-1.1fixed 45.5.1-1.1

    Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818.

  • CVE-2015-0836Feb 25, 2015
    affected < 45.5.1-1.1fixed 45.5.1-1.1

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code vi

  • CVE-2015-0833Feb 25, 2015
    affected < 45.5.1-1.1fixed 45.5.1-1.1

    Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 on Windows, when the Maintenance Service is not used, allow local users to gain privileges via a Trojan horse DLL in (1) the cur

  • CVE-2015-0831Feb 25, 2015
    affected < 45.5.1-1.1fixed 45.5.1-1.1

    Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory

  • CVE-2015-0827Feb 25, 2015
    affected < 45.5.1-1.1fixed 45.5.1-1.1

    Heap-based buffer overflow in the mozilla::gfx::CopyRect function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to obtain sensitive information from uninitialized process memory via a malformed SVG graphic.

  • CVE-2015-0822Feb 25, 2015
    affected < 45.5.1-1.1fixed 45.5.1-1.1

    The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to read arbitrary files via crafted JavaScript code.

  • CVE-2014-8639Jan 14, 2015
    affected < 45.5.1-1.1fixed 45.5.1-1.1

    Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 (aka Proxy Authentication Required) status code, which allows remote HTTP proxy servers to c

  • CVE-2014-8638Jan 14, 2015
    affected < 45.5.1-1.1fixed 45.5.1-1.1

    The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-sit

  • CVE-2014-8635Jan 14, 2015
    affected < 45.5.1-1.1fixed 45.5.1-1.1

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

  • CVE-2014-8634Jan 14, 2015
    affected < 45.5.1-1.1fixed 45.5.1-1.1

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly ex

Page 58 of 80