VYPR

Thunderbird

by Mozilla Corporation

Source repositories

CVEs (1,864)

  • CVE-2019-17012HigJan 8, 2020
    risk 0.57cvss 8.8epss 0.02

    Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects…

  • CVE-2019-17008HigJan 8, 2020
    risk 0.57cvss 8.8epss 0.02

    When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.

  • CVE-2019-17005HigJan 8, 2020
    risk 0.57cvss 8.8epss 0.02

    The plain text serializer used a fixed-size array for the number of elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox…

  • CVE-2019-11764HigJan 8, 2020
    risk 0.57cvss 8.8epss 0.01

    Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firefox ESR 68.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could be exploited to run arbitrary code. This…

  • CVE-2019-11760HigJan 8, 2020
    risk 0.57cvss 8.8epss 0.01

    A fixed-size stack buffer could overflow in nrappkit when doing WebRTC signaling. This resulted in a potentially exploitable crash in some instances. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.

  • CVE-2019-11759HigJan 8, 2020
    risk 0.57cvss 8.8epss 0.02

    An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack. This could be used by an attacker to execute arbitrary code or more likely lead to a crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox…

  • CVE-2019-11758HigJan 8, 2020
    risk 0.57cvss 8.8epss 0.01

    Mozilla community member Philipp reported a memory safety bug present in Firefox 68 when 360 Total Security was installed. This bug showed evidence of memory corruption in the accessibility engine and we presume that with enough effort that it could be exploited to run arbitrary…

  • CVE-2019-11757HigJan 8, 2020
    risk 0.57cvss 8.8epss 0.01

    When following the value's prototype chain, it was possible to retain a reference to a locale, delete it, and subsequently reference it. This resulted in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and…

  • CVE-2019-11745HigJan 8, 2020
    risk 0.57cvss 8.8epss 0.03

    When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3,…

  • CVE-2019-11752HigSep 27, 2019
    risk 0.57cvss 8.8epss 0.02

    It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. This results in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and…

  • CVE-2019-11746HigSep 27, 2019
    risk 0.57cvss 8.8epss 0.02

    A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox…

  • CVE-2019-11740HigSep 27, 2019
    risk 0.57cvss 8.8epss 0.02

    Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary…

  • CVE-2019-11712HigJul 23, 2019
    risk 0.57cvss 8.8epss 0.01

    POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery (CSRF) attacks. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and…

  • CVE-2019-11711HigJul 23, 2019
    risk 0.57cvss 8.8epss 0.02

    When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different subdomains ever cooperatively use document.domain, then either page can abuse this to inject script into arbitrary pages on the other subdomain,…

  • CVE-2018-12391HigFeb 28, 2019
    risk 0.57cvss 8.8epss 0.02

    During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies. Because the problem is in the underlying Android service, this issue is addressed by treating all HLS streams as cross-origin and opaque to…

  • CVE-2018-12389HigFeb 28, 2019
    risk 0.57cvss 8.8epss 0.02

    Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability…

  • CVE-2018-12364HigOct 18, 2018
    risk 0.57cvss 8.8epss 0.02

    NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks. This vulnerability…

  • CVE-2018-12363HigOct 18, 2018
    risk 0.57cvss 8.8epss 0.03

    A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. This results in a potentially exploitable crash. This…

  • CVE-2018-12361HigOct 18, 2018
    risk 0.57cvss 8.8epss 0.03

    An integer overflow can occur in the SwizzleData code while calculating buffer sizes. The overflowed value is used for subsequent graphics computations when their inputs are not sanitized which results in a potentially exploitable crash. This vulnerability affects Thunderbird <…

  • CVE-2018-12360HigOct 18, 2018
    risk 0.57cvss 8.8epss 0.03

    A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1,…

Page 25 of 94