VYPR

Thunderbird

by Mozilla Corporation

Source repositories

CVEs (1,864)

  • CVE-2021-29948LowJun 24, 2021
    risk 0.16cvss 2.5epss 0.00

    Signatures are written to disk before and read during verification, which might be subject to a race condition when a malicious local process or user is replacing the file. This vulnerability affects Thunderbird < 78.10.

  • CVE-2013-0758Jan 13, 2013
    risk 0.09cvss epss 0.73

    Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary JavaScript code with chrome…

  • CVE-2011-3658Dec 21, 2011
    risk 0.09cvss epss 0.70

    The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact…

  • CVE-2011-2371Jun 30, 2011
    risk 0.09cvss epss 0.76

    Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object.

  • CVE-2006-0295Feb 2, 2006
    risk 0.09cvss epss 0.71

    Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the QueryInterface method of the built-in Location and Navigator objects, which leads to memory corruption.

  • CVE-2015-0816Apr 1, 2015
    risk 0.08cvss epss 0.67

    Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same…

  • CVE-2013-0757Jan 13, 2013
    risk 0.08cvss epss 0.61

    The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not prevent modifications to the prototype of an object, which allows…

  • CVE-2013-0753Jan 13, 2013
    risk 0.07cvss epss 0.51

    Use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer component in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and…

  • CVE-2013-1710Aug 7, 2013
    risk 0.06cvss epss 0.40

    The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows remote attackers to execute arbitrary JavaScript code or conduct cross-site…

  • CVE-2012-3993Oct 10, 2012
    risk 0.06cvss epss 0.43

    The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures of InstallTrigger methods, which allows…

  • CVE-2011-3659Feb 1, 2012
    risk 0.06cvss epss 0.37

    Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications…

  • CVE-2010-3131Aug 26, 2010
    risk 0.05cvss epss 0.22

    Untrusted search path vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Windows XP allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL…

  • CVE-2013-6674Feb 17, 2014
    risk 0.04cvss epss 0.08

    Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in an…

  • CVE-2013-1670May 16, 2013
    risk 0.04cvss epss 0.11

    The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which…

  • CVE-2010-3179Oct 21, 2010
    risk 0.04cvss epss 0.10

    Stack-based buffer overflow in the text-rendering functionality in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code or cause a denial of service…

  • CVE-2010-2752Jul 30, 2010
    risk 0.04cvss epss 0.10

    Integer overflow in an array class in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code by placing many Cascading Style Sheets (CSS)…

  • CVE-2010-1199Jun 24, 2010
    risk 0.04cvss epss 0.11

    Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for a node.

  • CVE-2010-0167Mar 25, 2010
    risk 0.04cvss epss 0.11

    The browser engine in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute…

  • CVE-2009-2464Jul 22, 2009
    risk 0.04cvss epss 0.13

    The nsXULTemplateQueryProcessorRDF::CheckIsSeparator function in Mozilla Firefox before 3.0.12, SeaMonkey 2.0a1pre, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors…

  • CVE-2009-2535Jul 20, 2009
    risk 0.04cvss epss 0.09

    Mozilla Firefox before 2.0.0.19 and 3.x before 3.0.5, SeaMonkey, and Thunderbird allow remote attackers to cause a denial of service (memory consumption and application crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.

Page 55 of 94