VYPR

Thunderbird

by Mozilla Corporation

Source repositories

CVEs (1,864)

  • CVE-2018-5162HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.02

    Plaintext of decrypted emails can leak through the src attribute of remote images, or links. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.

  • CVE-2017-7805HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.03

    During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This…

  • CVE-2017-7804HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.02

    The destructor function for the "WindowsDllDetourPatcher" class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory. This can be used to bypass existing memory protections in this…

  • CVE-2017-7803HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.02

    When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored. This results in the incorrect enforcement of CSP. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

  • CVE-2017-7787HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.02

    Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

  • CVE-2017-7765HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.01

    The "Mark of the Web" was not correctly saved on Windows when files with very long names were downloaded from the Internet. Without the Mark of the Web data, the security warning that Windows displays before running executables downloaded from the Internet is not shown. Note:…

  • CVE-2017-7754HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.03

    An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" object during WebGL operations. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.

  • CVE-2017-5467HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.02

    A potential memory corruption and crash when using Skia content when drawing content outside of the bounds of a clipping region. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.

  • CVE-2017-5454HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.03

    A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read only access to the local file system. This vulnerability affects…

  • CVE-2017-5449HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.03

    A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.

  • CVE-2017-5445HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.03

    A vulnerability while parsing "application/http-index-format" format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arrays affected. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9,…

  • CVE-2017-5444HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.07

    A buffer overflow vulnerability while parsing "application/http-index-format" format content when the header contains improperly formatted data. This allows for an out-of-bounds read of data from memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox…

  • CVE-2017-5425HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.02

    The Gecko Media Plugin sandbox allows access to local files that match specific regular expressions. On OS OX, this matching allows access to some data in subdirectories of "/private/var" that could expose personal or temporary data. This has been updated to not allow access to…

  • CVE-2017-5422HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.02

    If a malicious site uses the "view-source:" protocol in a series within a single hyperlink, it can trigger a non-exploitable browser crash when the hyperlink is selected. This was fixed by no longer making "view-source:" linkable. This vulnerability affects Firefox < 52 and…

  • CVE-2017-5421HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.02

    A malicious site could spoof the contents of the print preview window if popup windows are enabled, resulting in user confusion of what site is currently loaded. This vulnerability affects Firefox < 52 and Thunderbird < 52.

  • CVE-2017-5419HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.02

    If a malicious site repeatedly triggers a modal authentication prompt, eventually the browser UI will become non-responsive, requiring shutdown through the operating system. This is a denial of service (DOS) attack. This vulnerability affects Firefox < 52 and Thunderbird < 52.

  • CVE-2017-5416HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.02

    In certain circumstances a networking event listener can be prematurely released. This appears to result in a null dereference in practice. This vulnerability affects Firefox < 52 and Thunderbird < 52.

  • CVE-2017-5412HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.05

    A buffer overflow read during SVG filter color value operations, resulting in data exposure. This vulnerability affects Firefox < 52 and Thunderbird < 52.

  • CVE-2017-5411HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.02

    A use-after-free can occur during buffer storage operations within the ANGLE graphics library, used for WebGL content. The buffer storage can be freed while still in use in some circumstances, leading to a potentially exploitable crash. Note: This issue is in "libGLES", which is…

  • CVE-2017-5406HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.02

    A segmentation fault can occur in the Skia graphics library during some canvas operations due to issues with mask/clip intersection and empty masks. This vulnerability affects Firefox < 52 and Thunderbird < 52.

Page 35 of 94