Thunderbird
Source repositories
CVEs (1,863)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-15664 | Med | 0.42 | 6.5 | 0.01 | Oct 1, 2020 | By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended… | ||
| CVE-2020-15658 | Med | 0.42 | 6.5 | 0.01 | Aug 10, 2020 | The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown in the dialog. This vulnerability affects Firefox… | ||
| CVE-2020-15655 | Med | 0.42 | 6.5 | 0.02 | Aug 10, 2020 | A redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to potential disclosure of cross-origin information. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. | ||
| CVE-2020-15654 | Med | 0.42 | 6.5 | 0.01 | Aug 10, 2020 | When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and… | ||
| CVE-2020-15653 | Med | 0.42 | 6.5 | 0.01 | Aug 10, 2020 | An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed popups and hosted arbitrary content. This vulnerability affects Firefox ESR <… | ||
| CVE-2020-15652 | Med | 0.42 | 6.5 | 0.01 | Aug 10, 2020 | By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1,… | ||
| CVE-2020-15648 | Med | 0.42 | 6.5 | 0.01 | Aug 10, 2020 | Using object or embed tags, it was possible to frame other websites, even if they disallowed framing using the X-Frame-Options header. This vulnerability affects Thunderbird < 78 and Firefox < 78.0.2. | ||
| CVE-2020-12421 | Med | 0.42 | 6.5 | 0.02 | Jul 9, 2020 | When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by an administrator.) This could have caused add-ons to become out-of-date silently without notification to the user. This vulnerability… | ||
| CVE-2020-12418 | Med | 0.42 | 6.5 | 0.03 | Jul 9, 2020 | Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. | ||
| CVE-2020-6795 | Med | 0.42 | 6.5 | 0.01 | Mar 2, 2020 | When processing a message that contains multiple S/MIME signatures, a bug in the MIME processing code caused a null pointer dereference, leading to an unexploitable crash. This vulnerability affects Thunderbird < 68.5. | ||
| CVE-2020-6794 | Med | 0.42 | 6.5 | 0.01 | Mar 2, 2020 | If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Thunderbird 60.… | ||
| CVE-2020-6793 | Med | 0.42 | 6.5 | 0.01 | Mar 2, 2020 | When processing an email message with an ill-formed envelope, Thunderbird could read data from a random memory location. This vulnerability affects Thunderbird < 68.5. | ||
| CVE-2019-11742 | Med | 0.42 | 6.5 | 0.02 | Sep 27, 2019 | A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a <canvas> element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow… | ||
| CVE-2019-11739 | Med | 0.42 | 6.5 | 0.01 | Sep 27, 2019 | Encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird < 68.1 and Thunderbird < 60.9. | ||
| CVE-2019-9816 | Med | 0.42 | 5.9 | 0.06 | Jul 23, 2019 | A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. *Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled… | ||
| CVE-2018-18499 | Med | 0.42 | 6.5 | 0.01 | Feb 28, 2019 | A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This… | ||
| CVE-2018-18494 | Med | 0.42 | 6.5 | 0.02 | Feb 28, 2019 | A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This… | ||
| CVE-2018-12373 | Med | 0.42 | 6.5 | 0.02 | Oct 18, 2018 | dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward. This vulnerability affects Thunderbird < 52.9. | ||
| CVE-2018-12372 | Med | 0.42 | 6.5 | 0.02 | Oct 18, 2018 | Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird < 52.9. | ||
| CVE-2018-5185 | Med | 0.42 | 6.5 | 0.02 | Jun 11, 2018 | Plaintext of decrypted emails can leak through by user submitting an embedded form. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8. |
- risk 0.42cvss 6.5epss 0.01
By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended…
- risk 0.42cvss 6.5epss 0.01
The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown in the dialog. This vulnerability affects Firefox…
- risk 0.42cvss 6.5epss 0.02
A redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to potential disclosure of cross-origin information. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.
- risk 0.42cvss 6.5epss 0.01
When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and…
- risk 0.42cvss 6.5epss 0.01
An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed popups and hosted arbitrary content. This vulnerability affects Firefox ESR <…
- risk 0.42cvss 6.5epss 0.01
By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1,…
- risk 0.42cvss 6.5epss 0.01
Using object or embed tags, it was possible to frame other websites, even if they disallowed framing using the X-Frame-Options header. This vulnerability affects Thunderbird < 78 and Firefox < 78.0.2.
- risk 0.42cvss 6.5epss 0.02
When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by an administrator.) This could have caused add-ons to become out-of-date silently without notification to the user. This vulnerability…
- risk 0.42cvss 6.5epss 0.03
Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.
- risk 0.42cvss 6.5epss 0.01
When processing a message that contains multiple S/MIME signatures, a bug in the MIME processing code caused a null pointer dereference, leading to an unexploitable crash. This vulnerability affects Thunderbird < 68.5.
- risk 0.42cvss 6.5epss 0.01
If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Thunderbird 60.…
- risk 0.42cvss 6.5epss 0.01
When processing an email message with an ill-formed envelope, Thunderbird could read data from a random memory location. This vulnerability affects Thunderbird < 68.5.
- risk 0.42cvss 6.5epss 0.02
A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a <canvas> element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow…
- risk 0.42cvss 6.5epss 0.01
Encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird < 68.1 and Thunderbird < 60.9.
- risk 0.42cvss 5.9epss 0.06
A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. *Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled…
- risk 0.42cvss 6.5epss 0.01
A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This…
- risk 0.42cvss 6.5epss 0.02
A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This…
- risk 0.42cvss 6.5epss 0.02
dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward. This vulnerability affects Thunderbird < 52.9.
- risk 0.42cvss 6.5epss 0.02
Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird < 52.9.
- risk 0.42cvss 6.5epss 0.02
Plaintext of decrypted emails can leak through by user submitting an embedded form. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
Page 45 of 94