VYPR

Thunderbird

by Mozilla Corporation

Source repositories

CVEs (1,863)

  • CVE-2020-15664MedOct 1, 2020
    risk 0.42cvss 6.5epss 0.01

    By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended…

  • CVE-2020-15658MedAug 10, 2020
    risk 0.42cvss 6.5epss 0.01

    The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown in the dialog. This vulnerability affects Firefox…

  • CVE-2020-15655MedAug 10, 2020
    risk 0.42cvss 6.5epss 0.02

    A redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to potential disclosure of cross-origin information. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.

  • CVE-2020-15654MedAug 10, 2020
    risk 0.42cvss 6.5epss 0.01

    When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and…

  • CVE-2020-15653MedAug 10, 2020
    risk 0.42cvss 6.5epss 0.01

    An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed popups and hosted arbitrary content. This vulnerability affects Firefox ESR <…

  • CVE-2020-15652MedAug 10, 2020
    risk 0.42cvss 6.5epss 0.01

    By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1,…

  • CVE-2020-15648MedAug 10, 2020
    risk 0.42cvss 6.5epss 0.01

    Using object or embed tags, it was possible to frame other websites, even if they disallowed framing using the X-Frame-Options header. This vulnerability affects Thunderbird < 78 and Firefox < 78.0.2.

  • CVE-2020-12421MedJul 9, 2020
    risk 0.42cvss 6.5epss 0.02

    When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by an administrator.) This could have caused add-ons to become out-of-date silently without notification to the user. This vulnerability…

  • CVE-2020-12418MedJul 9, 2020
    risk 0.42cvss 6.5epss 0.03

    Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.

  • CVE-2020-6795MedMar 2, 2020
    risk 0.42cvss 6.5epss 0.01

    When processing a message that contains multiple S/MIME signatures, a bug in the MIME processing code caused a null pointer dereference, leading to an unexploitable crash. This vulnerability affects Thunderbird < 68.5.

  • CVE-2020-6794MedMar 2, 2020
    risk 0.42cvss 6.5epss 0.01

    If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Thunderbird 60.…

  • CVE-2020-6793MedMar 2, 2020
    risk 0.42cvss 6.5epss 0.01

    When processing an email message with an ill-formed envelope, Thunderbird could read data from a random memory location. This vulnerability affects Thunderbird < 68.5.

  • CVE-2019-11742MedSep 27, 2019
    risk 0.42cvss 6.5epss 0.02

    A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a <canvas> element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow…

  • CVE-2019-11739MedSep 27, 2019
    risk 0.42cvss 6.5epss 0.01

    Encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird < 68.1 and Thunderbird < 60.9.

  • CVE-2019-9816MedJul 23, 2019
    risk 0.42cvss 5.9epss 0.06

    A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. *Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled…

  • CVE-2018-18499MedFeb 28, 2019
    risk 0.42cvss 6.5epss 0.01

    A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This…

  • CVE-2018-18494MedFeb 28, 2019
    risk 0.42cvss 6.5epss 0.02

    A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This…

  • CVE-2018-12373MedOct 18, 2018
    risk 0.42cvss 6.5epss 0.02

    dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward. This vulnerability affects Thunderbird < 52.9.

  • CVE-2018-12372MedOct 18, 2018
    risk 0.42cvss 6.5epss 0.02

    Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird < 52.9.

  • CVE-2018-5185MedJun 11, 2018
    risk 0.42cvss 6.5epss 0.02

    Plaintext of decrypted emails can leak through by user submitting an embedded form. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.

Page 45 of 94