Vulnerabilities > Mozilla > Thunderbird > 0.7.1

DATE CVE VULNERABILITY TITLE RISK
2020-04-24 CVE-2020-6819 Use After Free vulnerability in Mozilla Thunderbird
Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free.
network
high complexity
mozilla CWE-416
8.1
2020-03-25 CVE-2020-6814 Out-of-bounds Write vulnerability in multiple products
Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5.
network
low complexity
mozilla canonical CWE-787
critical
9.8
2020-03-25 CVE-2020-6812 Information Exposure vulnerability in multiple products
The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g.
network
low complexity
mozilla canonical CWE-200
5.3
2020-03-25 CVE-2020-6811 Command Injection vulnerability in multiple products
The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website.
network
low complexity
mozilla canonical CWE-77
8.8
2020-03-25 CVE-2020-6807 Use After Free vulnerability in multiple products
When a device was changed while a stream was about to be destroyed, the <code>stream-reinit</code> task may have been executed after the stream was destroyed, causing a use-after-free and a potentially exploitable crash.
network
low complexity
mozilla canonical CWE-416
8.8
2020-03-25 CVE-2020-6806 Out-of-bounds Read vulnerability in multiple products
By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution.
network
low complexity
mozilla canonical CWE-125
8.8
2020-03-25 CVE-2020-6805 Use After Free vulnerability in multiple products
When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash.
network
low complexity
mozilla canonical CWE-416
8.8
2020-03-02 CVE-2020-6800 Out-of-bounds Write vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4.
network
low complexity
mozilla canonical CWE-787
8.8
2020-03-02 CVE-2020-6798 Cross-site Scripting vulnerability in Mozilla Thunderbird
If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed.
network
low complexity
mozilla CWE-79
6.1
2020-03-02 CVE-2020-6797 Improper Input Validation vulnerability in Mozilla Firefox
By downloading a file with the .fileloc extension, a semi-privileged extension could launch an arbitrary application on the user's computer.
network
low complexity
mozilla CWE-20
4.3