Thunderbird

thunderbird

Vendor: Mozilla • 1,729 CVEs

CVEs (1,729)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2011-2999 1Mozilla 3Firefox SeamonkeyThunderbird Apr 29, 2026 Sep 29, 2011 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0, and SeaMonkey before 2.3 do not properly handle "location" as the name of a frame, which allows remote attackers to bypass the Same Origin Policy v...Show more Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0, and SeaMonkey before 2.3 do not properly handle "location" as the name of a frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, a different vulnerability than CVE-2010-0170.Show less
CVE-2011-2997 1Mozilla 3Firefox SeamonkeyThunderbird Apr 29, 2026 Sep 29, 2011 N/A· v4 N/A· v3 10.0 HIGH· v2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application cra...Show more Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Show less
CVE-2011-2995 1Mozilla 3Firefox SeamonkeyThunderbird Apr 29, 2026 Sep 29, 2011 N/A· v4 N/A· v3 10.0 HIGH· v2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory...Show more Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Show less
CVE-2011-2372 1Mozilla 3Firefox SeamonkeyThunderbird Apr 29, 2026 Sep 29, 2011 N/A· v4 N/A· v3 3.5 LOW· v2 Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote a...Show more Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site.Show less
CVE-2011-2992 1Mozilla 3Firefox SeamonkeyThunderbird Apr 29, 2026 Aug 18, 2011 N/A· v4 N/A· v3 10.0 HIGH· v2 The Ogg reader in the browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products allows remote attackers to cause a denial of service (memory corruption a...Show more The Ogg reader in the browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.Show less
CVE-2011-2991 1Mozilla 3Firefox SeamonkeyThunderbird Apr 29, 2026 Aug 18, 2011 N/A· v4 N/A· v3 10.0 HIGH· v2 The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement JavaScript, which allows remote attackers to cause a denial of...Show more The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement JavaScript, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.Show less
CVE-2011-2989 1Mozilla 3Firefox SeamonkeyThunderbird Apr 29, 2026 Aug 18, 2011 N/A· v4 N/A· v3 10.0 HIGH· v2 The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement WebGL, which allows remote attackers to cause a denial of servi...Show more The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement WebGL, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.Show less
CVE-2011-2988 1Mozilla 3Firefox SeamonkeyThunderbird Apr 29, 2026 Aug 18, 2011 N/A· v4 N/A· v3 10.0 HIGH· v2 Buffer overflow in an unspecified string class in the WebGL shader implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allows remote attackers to e...Show more Buffer overflow in an unspecified string class in the WebGL shader implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long source-code block for a shader.Show less
CVE-2011-2987 1Mozilla 3Firefox SeamonkeyThunderbird Apr 29, 2026 Aug 18, 2011 N/A· v4 N/A· v3 10.0 HIGH· v2 Heap-based buffer overflow in Almost Native Graphics Layer Engine (ANGLE), as used in the WebGL implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products...Show more Heap-based buffer overflow in Almost Native Graphics Layer Engine (ANGLE), as used in the WebGL implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products might allow remote attackers to execute arbitrary code via unspecified vectors.Show less
CVE-2011-2986 1Mozilla 3Firefox SeamonkeyThunderbird Apr 29, 2026 Aug 18, 2011 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products, when the Direct2D (aka D2D) API is used on Windows, allows remote attackers to bypass the Same Origin Policy, an...Show more Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products, when the Direct2D (aka D2D) API is used on Windows, allows remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas.Show less
CVE-2011-2985 1Mozilla 3Firefox SeamonkeyThunderbird Apr 29, 2026 Aug 18, 2011 N/A· v4 N/A· v3 10.0 HIGH· v2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allow remote attackers to cause a denial of service...Show more Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Show less
CVE-2011-2984 1Mozilla 3Firefox SeamonkeyThunderbird Apr 29, 2026 Aug 18, 2011 N/A· v4 N/A· v3 10.0 HIGH· v2 Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScri...Show more Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by establishing a content area and registering for drop events.Show less
CVE-2011-2983 1Mozilla 3Firefox SeamonkeyThunderbird Apr 29, 2026 Aug 18, 2011 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products does not properly handle the RegExp.input property, which allows remote attackers to bypass the Sam...Show more Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products does not properly handle the RegExp.input property, which allows remote attackers to bypass the Same Origin Policy and read data from a different domain via a crafted web site, possibly related to a use-after-free.Show less
CVE-2011-2982 1Mozilla 3Firefox SeamonkeyThunderbird Apr 29, 2026 Aug 18, 2011 N/A· v4 N/A· v3 10.0 HIGH· v2 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products allow remote attackers to cause a den...Show more Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Show less
CVE-2011-2981 1Mozilla 3Firefox SeamonkeyThunderbird Apr 29, 2026 Aug 18, 2011 N/A· v4 N/A· v3 9.3 HIGH· v2 The event-management implementation in Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly select the context for script to run in, which allows remo...Show more The event-management implementation in Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly select the context for script to run in, which allows remote attackers to bypass the Same Origin Policy or execute arbitrary JavaScript code with chrome privileges via a crafted web site.Show less
CVE-2011-2980 1Mozilla 2Firefox Thunderbird Apr 29, 2026 Aug 18, 2011 N/A· v4 N/A· v3 7.2 HIGH· v2 Untrusted search path vulnerability in the ThinkPadSensor::Startup function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, allows local users to gain privileges by leveraging write access in an unspecif...Show more Untrusted search path vulnerability in the ThinkPadSensor::Startup function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, allows local users to gain privileges by leveraging write access in an unspecified directory to place a Trojan horse DLL that is loaded into the running Firefox process.Show less
CVE-2011-2378 1Mozilla 3Firefox SeamonkeyThunderbird Apr 29, 2026 Aug 18, 2011 N/A· v4 N/A· v3 10.0 HIGH· v2 The appendChild function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, SeaMonkey 2.x, and possibly other products does not properly handle DOM objects, which allows remote attackers to execute arbitrar...Show more The appendChild function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, SeaMonkey 2.x, and possibly other products does not properly handle DOM objects, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to dereferencing of a "dangling pointer."Show less
CVE-2011-0084 1Mozilla 3Firefox SeamonkeyThunderbird Apr 29, 2026 Aug 18, 2011 N/A· v4 N/A· v3 10.0 HIGH· v2 The SVGTextElement.getCharNumAtPosition function in Mozilla Firefox before 3.6.20, and 4.x through 5; Thunderbird 3.x before 3.1.12 and other versions before 6; SeaMonkey 2.x before 2.3; and possibly other products does...Show more The SVGTextElement.getCharNumAtPosition function in Mozilla Firefox before 3.6.20, and 4.x through 5; Thunderbird 3.x before 3.1.12 and other versions before 6; SeaMonkey 2.x before 2.3; and possibly other products does not properly handle SVG text, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer."Show less
CVE-2011-2605 1Mozilla 2Firefox Thunderbird Apr 29, 2026 Jun 30, 2011 N/A· v4 N/A· v3 4.3 MEDIUM· v2 CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows re...Show more CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374.Show less
CVE-2011-2377 1Mozilla 3Firefox SeamonkeyThunderbird Apr 29, 2026 Jun 30, 2011 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execu...Show more Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace image.Show less

Previous 1...717273...87 Next