Thunderbird

thunderbird

Vendor: Mozilla • 1,729 CVEs

CVEs (1,729)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-6811 2Canonical Mozilla 4Firefox Firefox EsrThunderbird+1 more Nov 21, 2024 Mar 25, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted the command into a te...Show more The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.Show less
CVE-2020-6807 2Canonical Mozilla 4Firefox Firefox EsrThunderbird+1 more Nov 21, 2024 Mar 25, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 When a device was changed while a stream was about to be destroyed, the <code>stream-reinit</code> task may have been executed after the stream was destroyed, causing a use-after-free and a potentially exploitable crash....Show more When a device was changed while a stream was about to be destroyed, the <code>stream-reinit</code> task may have been executed after the stream was destroyed, causing a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.Show less
CVE-2020-6806 2Canonical Mozilla 4Firefox Firefox EsrThunderbird+1 more Nov 21, 2024 Mar 25, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. This could have led to memory corruption and a potentially exploitable cr...Show more By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.Show less
CVE-2020-6805 2Canonical Mozilla 4Firefox Firefox EsrThunderbird+1 more Nov 21, 2024 Mar 25, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox <...Show more When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.Show less
CVE-2020-6800 2Canonical Mozilla 4Firefox Firefox EsrThunderbird+1 more Nov 21, 2024 Mar 2, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of thes...Show more Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts. This vulnerability affects Thunderbird < 68.5, Firefox < 73, and Firefox < ESR68.5.Show less
CVE-2020-6798 1Mozilla 3Firefox Firefox EsrThunderbird Nov 21, 2024 Mar 2, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer a cross...Show more If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer a cross-site scripting vulnerability as a result. In general, this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but is potentially a risk in browser or browser-like contexts. This vulnerability affects Thunderbird < 68.5, Firefox < 73, and Firefox < ESR68.5.Show less
CVE-2020-6797 1Mozilla 3Firefox Firefox EsrThunderbird Nov 21, 2024 Mar 2, 2020 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 By downloading a file with the .fileloc extension, a semi-privileged extension could launch an arbitrary application on the user's computer. The attacker is restricted as they are unable to download non-quarantined files...Show more By downloading a file with the .fileloc extension, a semi-privileged extension could launch an arbitrary application on the user's computer. The attacker is restricted as they are unable to download non-quarantined files or supply command line arguments to the application, limiting the impact. Note: this issue only occurs on Mac OSX. Other operating systems are unaffected. This vulnerability affects Thunderbird < 68.5, Firefox < 73, and Firefox < ESR68.5.Show less
CVE-2020-6795 1Mozilla 1Thunderbird Nov 21, 2024 Mar 2, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 When processing a message that contains multiple S/MIME signatures, a bug in the MIME processing code caused a null pointer dereference, leading to an unexploitable crash. This vulnerability affects Thunderbird < 68.5.
CVE-2020-6794 2Canonical Mozilla 2Thunderbird Ubuntu Linux Nov 21, 2024 Mar 2, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the da...Show more If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Thunderbird 60. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Thunderbird < 68.5.Show less
CVE-2020-6793 1Mozilla 1Thunderbird Nov 21, 2024 Mar 2, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 When processing an email message with an ill-formed envelope, Thunderbird could read data from a random memory location. This vulnerability affects Thunderbird < 68.5.
CVE-2020-6792 2Canonical Mozilla 2Thunderbird Ubuntu Linux Nov 21, 2024 Mar 2, 2020 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents. This vulnerability affects Thunderbird < 68.5.
CVE-2019-17026 2Canonical Mozilla 3Firefox ThunderbirdUbuntu Linux Nov 4, 2025 Mar 2, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 68...Show more Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1.Show less
CVE-2019-17012 3Canonical MozillaOpensuse 5Firefox Firefox EsrLeap+2 more Nov 21, 2024 Jan 8, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been expl...Show more Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.Show less
CVE-2019-17011 3Canonical MozillaOpensuse 5Firefox Firefox EsrLeap+2 more Nov 21, 2024 Jan 8, 2020 N/A· v4 7.5 HIGH· v3 5.1 MEDIUM· v2 Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. This vulnerability affects Thund...Show more Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.Show less
CVE-2019-17010 3Canonical MozillaOpensuse 5Firefox Firefox EsrLeap+2 more Nov 21, 2024 Jan 8, 2020 N/A· v4 7.5 HIGH· v3 5.1 MEDIUM· v2 Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability a...Show more Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.Show less
CVE-2019-17009 2Mozilla Opensuse 4Firefox Firefox EsrLeap+1 more Nov 21, 2024 Jan 8, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to locate and exploit a vulnerability in file handling in the updater service. Note:...Show more When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to locate and exploit a vulnerability in file handling in the updater service. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.*. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.Show less
CVE-2019-17008 2Mozilla Opensuse 4Firefox Firefox EsrLeap+1 more Nov 21, 2024 Jan 8, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.
CVE-2019-17005 3Canonical MozillaOpensuse 5Firefox Firefox EsrLeap+2 more Nov 21, 2024 Jan 8, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The plain text serializer used a fixed-size array for the number of <ol> elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable cr...Show more The plain text serializer used a fixed-size array for the number of <ol> elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.Show less
CVE-2019-11764 2Canonical Mozilla 4Firefox Firefox EsrThunderbird+1 more Nov 21, 2024 Jan 8, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firefox ESR 68.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of thes...Show more Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firefox ESR 68.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.Show less
CVE-2019-11763 2Canonical Mozilla 4Firefox Firefox EsrThunderbird+1 more Nov 21, 2024 Jan 8, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could have led to XSS in a...Show more Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could have led to XSS in a web application under certain conditions. It could have also led to HTML entities being masked from filters - enabling the use of entities to mask the actual characters of interest from filters. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.Show less

Previous 1...383940...87 Next