Thunderbird
Source repositories
CVEs (1,863)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2006-2787 | 0.00 | — | 0.03 | Jun 2, 2006 | EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via javascript that calls the valueOf method on objects that were created outside of the sandbox. | |||
| CVE-2006-2783 | 0.00 | — | 0.02 | Jun 2, 2006 | Mozilla Firefox and Thunderbird before 1.5.0.4 strip the Unicode Byte-order-Mark (BOM) from a UTF-8 page before the page is passed to the parser, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a BOM sequence in the middle of a dangerous tag such… | |||
| CVE-2006-2781 | 0.00 | — | 0.03 | Jun 2, 2006 | Double free vulnerability in nsVCard.cpp in Mozilla Thunderbird before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a VCard that contains invalid base64 characters. | |||
| CVE-2006-2775 | 0.00 | — | 0.04 | Jun 2, 2006 | Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL attributes with the wrong URL under certain unspecified circumstances, which might allow remote attackers to bypass restrictions by causing a persisted string to be associated with the wrong URL. | |||
| CVE-2006-2776 | 0.00 | — | 0.06 | Jun 2, 2006 | Certain privileged UI code in Mozilla Firefox and Thunderbird before 1.5.0.4 calls content-defined setters on an object prototype, which allows remote attackers to execute code at a higher privilege than intended. | |||
| CVE-2006-2778 | 0.00 | — | 0.05 | Jun 2, 2006 | The crypto.signText function in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to execute arbitrary code via certain optional Certificate Authority name arguments, which causes an invalid array index and triggers a buffer overflow. | |||
| CVE-2006-1737 | 0.00 | — | 0.05 | Apr 14, 2006 | Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary bytecode via JavaScript with a large… | |||
| CVE-2006-1738 | 0.00 | — | 0.04 | Apr 14, 2006 | Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) by changing the (1) -moz-grid and (2) -moz-grid-group display… | |||
| CVE-2006-1740 | 0.00 | — | 0.02 | Apr 14, 2006 | Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing the location to a malicious… | |||
| CVE-2006-1736 | 0.00 | — | 0.02 | Apr 14, 2006 | Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image link that points to the… | |||
| CVE-2006-1530 | 0.00 | — | 0.05 | Apr 14, 2006 | Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient… | |||
| CVE-2006-1529 | 0.00 | — | 0.06 | Apr 14, 2006 | Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient… | |||
| CVE-2006-1723 | 0.00 | — | 0.05 | Apr 14, 2006 | Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient… | |||
| CVE-2006-1733 | 0.00 | — | 0.05 | Apr 14, 2006 | Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute arbitrary code via the (1)… | |||
| CVE-2006-1731 | 0.00 | — | 0.02 | Apr 14, 2006 | Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 returns the Object class prototype instead of the global window object when (1) .valueOf.call or (2) .valueOf.apply are called without any arguments,… | |||
| CVE-2006-1531 | 0.00 | — | 0.05 | Apr 14, 2006 | Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient… | |||
| CVE-2006-1732 | 0.00 | — | 0.03 | Apr 14, 2006 | Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to bypass same-origin protections and conduct cross-site scripting (XSS) attacks via unspecified… | |||
| CVE-2006-1742 | 0.00 | — | 0.04 | Apr 14, 2006 | The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly handle temporary variables that are not garbage collected, which might allow remote attackers to trigger… | |||
| CVE-2006-0299 | 0.00 | — | 0.02 | Feb 2, 2006 | The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 exposes the internal "AnyName" object to external interfaces, which allows multiple cooperating domains to exchange information in violation of the… | |||
| CVE-2006-0297 | 0.00 | — | 0.04 | Feb 2, 2006 | Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the (1) EscapeAttributeValue in jsxml.c for E4X, (2) nsSVGCairoSurface::Init in SVG, and (3)… |
- CVE-2006-2787Jun 2, 2006risk 0.00cvss —epss 0.03
EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via javascript that calls the valueOf method on objects that were created outside of the sandbox.
- CVE-2006-2783Jun 2, 2006risk 0.00cvss —epss 0.02
Mozilla Firefox and Thunderbird before 1.5.0.4 strip the Unicode Byte-order-Mark (BOM) from a UTF-8 page before the page is passed to the parser, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a BOM sequence in the middle of a dangerous tag such…
- CVE-2006-2781Jun 2, 2006risk 0.00cvss —epss 0.03
Double free vulnerability in nsVCard.cpp in Mozilla Thunderbird before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a VCard that contains invalid base64 characters.
- CVE-2006-2775Jun 2, 2006risk 0.00cvss —epss 0.04
Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL attributes with the wrong URL under certain unspecified circumstances, which might allow remote attackers to bypass restrictions by causing a persisted string to be associated with the wrong URL.
- CVE-2006-2776Jun 2, 2006risk 0.00cvss —epss 0.06
Certain privileged UI code in Mozilla Firefox and Thunderbird before 1.5.0.4 calls content-defined setters on an object prototype, which allows remote attackers to execute code at a higher privilege than intended.
- CVE-2006-2778Jun 2, 2006risk 0.00cvss —epss 0.05
The crypto.signText function in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to execute arbitrary code via certain optional Certificate Authority name arguments, which causes an invalid array index and triggers a buffer overflow.
- CVE-2006-1737Apr 14, 2006risk 0.00cvss —epss 0.05
Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary bytecode via JavaScript with a large…
- CVE-2006-1738Apr 14, 2006risk 0.00cvss —epss 0.04
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) by changing the (1) -moz-grid and (2) -moz-grid-group display…
- CVE-2006-1740Apr 14, 2006risk 0.00cvss —epss 0.02
Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing the location to a malicious…
- CVE-2006-1736Apr 14, 2006risk 0.00cvss —epss 0.02
Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image link that points to the…
- CVE-2006-1530Apr 14, 2006risk 0.00cvss —epss 0.05
Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient…
- CVE-2006-1529Apr 14, 2006risk 0.00cvss —epss 0.06
Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient…
- CVE-2006-1723Apr 14, 2006risk 0.00cvss —epss 0.05
Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient…
- CVE-2006-1733Apr 14, 2006risk 0.00cvss —epss 0.05
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute arbitrary code via the (1)…
- CVE-2006-1731Apr 14, 2006risk 0.00cvss —epss 0.02
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 returns the Object class prototype instead of the global window object when (1) .valueOf.call or (2) .valueOf.apply are called without any arguments,…
- CVE-2006-1531Apr 14, 2006risk 0.00cvss —epss 0.05
Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient…
- CVE-2006-1732Apr 14, 2006risk 0.00cvss —epss 0.03
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to bypass same-origin protections and conduct cross-site scripting (XSS) attacks via unspecified…
- CVE-2006-1742Apr 14, 2006risk 0.00cvss —epss 0.04
The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly handle temporary variables that are not garbage collected, which might allow remote attackers to trigger…
- CVE-2006-0299Feb 2, 2006risk 0.00cvss —epss 0.02
The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 exposes the internal "AnyName" object to external interfaces, which allows multiple cooperating domains to exchange information in violation of the…
- CVE-2006-0297Feb 2, 2006risk 0.00cvss —epss 0.04
Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the (1) EscapeAttributeValue in jsxml.c for E4X, (2) nsSVGCairoSurface::Init in SVG, and (3)…
Page 92 of 94