Vulnerabilities > Mozilla > Thunderbird > 0.7.1

DATE CVE VULNERABILITY TITLE RISK
2020-05-26 CVE-2020-6831 Out-of-bounds Write vulnerability in multiple products
A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC.
network
low complexity
mozilla canonical debian opensuse CWE-787
critical
9.8
2020-05-26 CVE-2020-12392 Path Traversal vulnerability in multiple products
The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website.
local
low complexity
mozilla canonical CWE-22
5.5
2020-05-26 CVE-2020-12387 Use After Free vulnerability in Mozilla Thunderbird
A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability.
network
high complexity
mozilla CWE-416
8.1
2020-05-26 CVE-2020-12395 Out-of-bounds Write vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7.
network
low complexity
mozilla canonical CWE-787
critical
9.8
2020-05-26 CVE-2020-12393 OS Command Injection vulnerability in Mozilla Firefox
The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website.
local
low complexity
mozilla CWE-78
7.8
2020-05-22 CVE-2020-12397 Origin Validation Error vulnerability in multiple products
By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays.
network
low complexity
mozilla canonical CWE-346
4.3
2020-04-24 CVE-2020-6825 Out-of-bounds Write vulnerability in Mozilla Firefox
Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6.
network
low complexity
mozilla CWE-787
critical
9.8
2020-04-24 CVE-2020-6822 Out-of-bounds Write vulnerability in Mozilla Firefox
On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in <code>GMPDecodeData</code>.
network
low complexity
mozilla CWE-787
8.8
2020-04-24 CVE-2020-6821 Use of Uninitialized Resource vulnerability in Mozilla Firefox
When reading from areas partially or fully outside the source resource with WebGL's <code>copyTexSubImage</code> method, the specification requires the returned values be zero.
network
low complexity
mozilla CWE-908
7.5
2020-04-24 CVE-2020-6820 Race Condition vulnerability in Mozilla Thunderbird
Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free.
network
high complexity
mozilla CWE-362
8.1