Vulnerabilities > Mozilla > Thunderbird > 0.7.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-23 | CVE-2019-9818 | Use After Free vulnerability in Mozilla Firefox A race condition is present in the crash generation server used to generate data for the crash reporter. | 8.3 |
| 2019-07-23 | CVE-2019-9817 | Origin Validation Error vulnerability in Mozilla Thunderbird Images from a different domain can be read using a canvas object in some circumstances. | 5.3 |
| 2019-07-23 | CVE-2019-9816 | Type Confusion vulnerability in Mozilla Thunderbird A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. | 5.9 |
| 2019-07-23 | CVE-2019-9815 | Information Exposure Through Discrepancy vulnerability in Mozilla Firefox If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. | 8.1 |
| 2019-07-23 | CVE-2019-9811 | Injection vulnerability in multiple products As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. | 8.3 |
| 2019-07-23 | CVE-2019-9800 | Out-of-bounds Write vulnerability in Mozilla Thunderbird Mozilla developers and community members reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6. | 9.8 |
| 2019-07-23 | CVE-2019-11730 | A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. | 6.5 |
| 2019-07-23 | CVE-2019-11729 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. | 7.5 |
| 2019-07-23 | CVE-2019-11719 | Out-of-bounds Read vulnerability in Mozilla Firefox When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. | 7.5 |
| 2019-07-23 | CVE-2019-11717 | Improper Encoding or Escaping of Output vulnerability in multiple products A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. | 5.3 |