rpm package
opensuse/MozillaThunderbird&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Tumbleweed
Vulnerabilities (1,600)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2008-5012 | — | < 91.1.1-1.1 | 91.1.1-1.1 | Nov 13, 2008 | Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary i | ||
| CVE-2008-4070 | — | < 91.1.1-1.1 | 91.1.1-1.1 | Sep 27, 2008 | Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long header in a news article, related to "canceling [a] newsgroup messa | ||
| CVE-2008-4067 | — | < 91.1.1-1.1 | 91.1.1-1.1 | Sep 24, 2008 | Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 on Linux allows remote attackers to read arbitrary files via a .. (dot dot) and URL-encoded / (slash) characters in a resource: URI. | ||
| CVE-2008-4065 | — | < 91.1.1-1.1 | 91.1.1-1.1 | Sep 24, 2008 | Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via byte order mark (BOM) characters that are removed from Java | ||
| CVE-2008-4064 | — | < 91.1.1-1.1 | 91.1.1-1.1 | Sep 24, 2008 | Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to graphics rendering and (1) handling of a long alert mes | ||
| CVE-2008-4061 | — | < 91.1.1-1.1 | 91.1.1-1.1 | Sep 24, 2008 | Integer overflow in the MathML component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary | ||
| CVE-2008-4058 | — | < 91.1.1-1.1 | 91.1.1-1.1 | Sep 24, 2008 | The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to (1) chrome XBL | ||
| CVE-2008-3835 | — | < 91.1.1-1.1 | 91.1.1-1.1 | Sep 24, 2008 | The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors. | ||
| CVE-2008-0016 | — | < 91.1.1-1.1 | 91.1.1-1.1 | Sep 24, 2008 | Stack-based buffer overflow in the URL parsing implementation in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to execute arbitrary code via a crafted UTF-8 URL in a link. | ||
| CVE-2008-1236 | — | < 91.1.1-1.1 | 91.1.1-1.1 | Mar 27, 2008 | Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to the layout engine. | ||
| CVE-2008-1233 | — | < 91.1.1-1.1 | 91.1.1-1.1 | Mar 27, 2008 | Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via "XPCNativeWrapper pollution." | ||
| CVE-2007-3738 | — | < 91.1.1-1.1 | 91.1.1-1.1 | Jul 18, 2007 | Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.5 allow remote attackers to execute arbitrary code via a crafted XPCNativeWrapper. | ||
| CVE-2007-3737 | — | < 91.1.1-1.1 | 91.1.1-1.1 | Jul 18, 2007 | Mozilla Firefox before 2.0.0.5 allows remote attackers to execute arbitrary code with chrome privileges by calling an event handler from an unspecified "element outside of a document." | ||
| CVE-2007-3736 | — | < 91.1.1-1.1 | 91.1.1-1.1 | Jul 18, 2007 | Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.5 allows remote attackers to inject arbitrary web script "into another site's context" via a "timing issue" involving the (1) addEventListener or (2) setTimeout function, probably by setting events that acti | ||
| CVE-2007-3735 | — | < 91.1.1-1.1 | 91.1.1-1.1 | Jul 18, 2007 | Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 2.0.0.5 and Thunderbird before 2.0.0.5 allow remote attackers to cause a denial of service (crash) via unspecified vectors that trigger memory corruption. | ||
| CVE-2007-3734 | — | < 91.1.1-1.1 | 91.1.1-1.1 | Jul 18, 2007 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 2.0.0.5 and Thunderbird before 2.0.0.5 allow remote attackers to cause a denial of service (crash) via unspecified vectors that trigger memory corruption. | ||
| CVE-2007-3670 | — | < 91.1.1-1.1 | 91.1.1-1.1 | Jul 10, 2007 | Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) Firefox | ||
| CVE-2007-3656 | — | < 91.1.1-1.1 | 91.1.1-1.1 | Jul 10, 2007 | Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via (1) HTTP 302 re | ||
| CVE-2007-3285 | — | < 91.1.1-1.1 | 91.1.1-1.1 | Jun 20, 2007 | Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a (1) file:/// or (2) resource: URI with a dangerous extension, followed by a NULL byte (%00) and a safer extension, which causes Firefox to t | ||
| CVE-2007-3089 | — | < 91.1.1-1.1 | 91.1.1-1.1 | Jun 6, 2007 | Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME (1) during the load stage or (2) in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code tha |
- CVE-2008-5012Nov 13, 2008affected < 91.1.1-1.1fixed 91.1.1-1.1
Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary i
- CVE-2008-4070Sep 27, 2008affected < 91.1.1-1.1fixed 91.1.1-1.1
Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long header in a news article, related to "canceling [a] newsgroup messa
- CVE-2008-4067Sep 24, 2008affected < 91.1.1-1.1fixed 91.1.1-1.1
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 on Linux allows remote attackers to read arbitrary files via a .. (dot dot) and URL-encoded / (slash) characters in a resource: URI.
- CVE-2008-4065Sep 24, 2008affected < 91.1.1-1.1fixed 91.1.1-1.1
Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via byte order mark (BOM) characters that are removed from Java
- CVE-2008-4064Sep 24, 2008affected < 91.1.1-1.1fixed 91.1.1-1.1
Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to graphics rendering and (1) handling of a long alert mes
- CVE-2008-4061Sep 24, 2008affected < 91.1.1-1.1fixed 91.1.1-1.1
Integer overflow in the MathML component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary
- CVE-2008-4058Sep 24, 2008affected < 91.1.1-1.1fixed 91.1.1-1.1
The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to (1) chrome XBL
- CVE-2008-3835Sep 24, 2008affected < 91.1.1-1.1fixed 91.1.1-1.1
The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors.
- CVE-2008-0016Sep 24, 2008affected < 91.1.1-1.1fixed 91.1.1-1.1
Stack-based buffer overflow in the URL parsing implementation in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to execute arbitrary code via a crafted UTF-8 URL in a link.
- CVE-2008-1236Mar 27, 2008affected < 91.1.1-1.1fixed 91.1.1-1.1
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to the layout engine.
- CVE-2008-1233Mar 27, 2008affected < 91.1.1-1.1fixed 91.1.1-1.1
Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via "XPCNativeWrapper pollution."
- CVE-2007-3738Jul 18, 2007affected < 91.1.1-1.1fixed 91.1.1-1.1
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.5 allow remote attackers to execute arbitrary code via a crafted XPCNativeWrapper.
- CVE-2007-3737Jul 18, 2007affected < 91.1.1-1.1fixed 91.1.1-1.1
Mozilla Firefox before 2.0.0.5 allows remote attackers to execute arbitrary code with chrome privileges by calling an event handler from an unspecified "element outside of a document."
- CVE-2007-3736Jul 18, 2007affected < 91.1.1-1.1fixed 91.1.1-1.1
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.5 allows remote attackers to inject arbitrary web script "into another site's context" via a "timing issue" involving the (1) addEventListener or (2) setTimeout function, probably by setting events that acti
- CVE-2007-3735Jul 18, 2007affected < 91.1.1-1.1fixed 91.1.1-1.1
Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 2.0.0.5 and Thunderbird before 2.0.0.5 allow remote attackers to cause a denial of service (crash) via unspecified vectors that trigger memory corruption.
- CVE-2007-3734Jul 18, 2007affected < 91.1.1-1.1fixed 91.1.1-1.1
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 2.0.0.5 and Thunderbird before 2.0.0.5 allow remote attackers to cause a denial of service (crash) via unspecified vectors that trigger memory corruption.
- CVE-2007-3670Jul 10, 2007affected < 91.1.1-1.1fixed 91.1.1-1.1
Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) Firefox
- CVE-2007-3656Jul 10, 2007affected < 91.1.1-1.1fixed 91.1.1-1.1
Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via (1) HTTP 302 re
- CVE-2007-3285Jun 20, 2007affected < 91.1.1-1.1fixed 91.1.1-1.1
Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a (1) file:/// or (2) resource: URI with a dangerous extension, followed by a NULL byte (%00) and a safer extension, which causes Firefox to t
- CVE-2007-3089Jun 6, 2007affected < 91.1.1-1.1fixed 91.1.1-1.1
Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME (1) during the load stage or (2) in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code tha
Page 80 of 80