VYPR

Thunderbird

by Mozilla Corporation

Source repositories

CVEs (1,864)

  • CVE-2020-26956MedDec 9, 2020
    risk 0.40cvss 6.1epss 0.01

    In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.

  • CVE-2020-26951MedDec 9, 2020
    risk 0.40cvss 6.1epss 0.01

    A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer.…

  • CVE-2020-15677MedOct 1, 2020
    risk 0.40cvss 6.1epss 0.02

    By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open redirect) rather than the site the file was actually downloaded from. This…

  • CVE-2020-15676MedOct 1, 2020
    risk 0.40cvss 6.1epss 0.02

    Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and…

  • CVE-2020-6798MedMar 2, 2020
    risk 0.40cvss 6.1epss 0.02

    If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer a cross-site scripting vulnerability as a result. In general, this…

  • CVE-2019-11763MedJan 8, 2020
    risk 0.40cvss 6.1epss 0.01

    Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could have led to XSS in a web application under certain conditions. It could have…

  • CVE-2019-11762MedJan 8, 2020
    risk 0.40cvss 6.1epss 0.01

    If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.

  • CVE-2019-11744MedSep 27, 2019
    risk 0.40cvss 6.1epss 0.01

    Some HTML elements, such as <title> and <textarea>, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were…

  • CVE-2019-11715MedJul 23, 2019
    risk 0.40cvss 6.1epss 0.01

    Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

  • CVE-2017-5466MedJun 11, 2018
    risk 0.40cvss 6.1epss 0.02

    If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:text/html" URL, triggering a reload will run the reloaded "data:text/html" page with its origin set incorrectly. This allows for a cross-site scripting (XSS) attack. This…

  • CVE-2016-9895MedJun 11, 2018
    risk 0.40cvss 6.1epss 0.02

    Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.

  • CVE-2014-1530MedApr 30, 2014
    risk 0.40cvss 6.1epss 0.02

    The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting (XSS) attacks,…

  • CVE-2016-9074MedJun 11, 2018
    risk 0.39cvss 5.9epss 0.02

    An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.

  • CVE-2013-6673MedDec 11, 2013
    risk 0.39cvss 5.9epss 0.03

    Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic…

  • CVE-2009-2408MedJul 30, 2009
    risk 0.39cvss 5.9epss 0.06

    Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows…

  • CVE-2025-4082MedApr 29, 2025
    risk 0.38cvss 5.9epss 0.00

    Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges. *This bug only affects Thunderbird for macOS. Other versions of Thunderbird are unaffected.*. This…

  • CVE-2025-1015MedFeb 4, 2025
    risk 0.38cvss 5.4epss 0.01

    The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For example, in the “Other” field of the Instant Messaging section. If another user imported…

  • CVE-2022-22746MedDec 22, 2022
    risk 0.38cvss 5.9epss 0.01

    A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed.*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 91.5,…

  • CVE-2021-38502MedNov 3, 2021
    risk 0.38cvss 5.9epss 0.01

    Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected…

  • CVE-2021-29969MedAug 5, 2021
    risk 0.38cvss 5.9epss 0.01

    If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect…

Page 47 of 94