VYPR

rpm package

suse/MozillaThunderbird&distro=SUSE Linux Enterprise Workstation Extension 15 SP1

pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP1

Vulnerabilities (150)

  • CVE-2019-11703CriJul 23, 2019
    affected < 60.7.0-3.36.1fixed 60.7.0-3.36.1

    A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1.

  • CVE-2019-11698MedJul 23, 2019
    affected < 60.7.0-3.33.2fixed 60.7.0-3.33.2

    If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data

  • CVE-2019-11694HigJul 23, 2019
    affected < 60.7.0-3.33.2fixed 60.7.0-3.33.2

    A vulnerability exists in the Windows sandbox where an uninitialized value in memory can be leaked to a renderer from a broker when making a call to access an otherwise unavailable file. This results in the potential leaking of information stored at that memory location. *Note: t

  • CVE-2019-11693CriJul 23, 2019
    affected < 60.7.0-3.33.2fixed 60.7.0-3.33.2

    The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious content freezing a tab or triggering a potentially exploitable crash. *Note: this issue only occurs on Linux. Other operating systems are un

  • CVE-2019-11692CriJul 23, 2019
    affected < 60.7.0-3.33.2fixed 60.7.0-3.33.2

    A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.

  • CVE-2019-11691CriJul 23, 2019
    affected < 60.7.0-3.33.2fixed 60.7.0-3.33.2

    A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Fi

  • CVE-2019-5798MedMay 23, 2019
    affected < 60.7.0-3.33.2fixed 60.7.0-3.33.2

    Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2019-9797MedApr 26, 2019
    affected < 60.7.0-3.33.2fixed 60.7.0-3.33.2

    Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. This vulnerability affects Firefox < 66.

  • CVE-2018-18511MedApr 26, 2019
    affected < 60.7.0-3.33.2fixed 60.7.0-3.33.2

    Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. *Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnerability affects Firefox < 65.0.1.

  • CVE-2019-7317MedFeb 4, 2019
    affected < 60.7.0-3.33.2fixed 60.7.0-3.33.2

    png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.

Page 8 of 8