Vulnerabilities > Mozilla > Thunderbird ESR
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-11 | CVE-2018-5155 | Use After Free vulnerability in multiple products A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. | 9.8 |
| 2018-06-11 | CVE-2018-5154 | Use After Free vulnerability in multiple products A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. | 9.8 |
| 2018-06-11 | CVE-2018-5150 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. | 9.8 |
| 2018-06-11 | CVE-2017-5398 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Memory safety bugs were reported in Thunderbird 45.7. | 9.8 |
| 2013-06-26 | CVE-2013-1690 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location. | 8.8 |
| 2013-05-16 | CVE-2013-1675 | Improper Initialization vulnerability in multiple products Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site. | 6.5 |
| 2013-03-15 | CVE-2013-2566 | Inadequate Encryption Strength vulnerability in multiple products The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext. | 5.9 |
| 2012-11-21 | CVE-2012-5830 | Use After Free vulnerability in multiple products Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 on Mac OS X allows remote attackers to execute arbitrary code via an HTML document. | 8.8 |