Vulnerabilities > Mozilla > Thunderbird > 0.7.1

DATE CVE VULNERABILITY TITLE RISK
2018-06-11 CVE-2016-9066 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data.
network
low complexity
mozilla debian CWE-119
7.5
2018-06-11 CVE-2016-5297 Integer Overflow or Wraparound vulnerability in multiple products
An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues.
network
low complexity
mozilla debian CWE-190
critical
9.8
2018-06-11 CVE-2016-5296 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash.
network
low complexity
mozilla debian CWE-119
7.5
2018-06-11 CVE-2016-5294 Improper Input Validation vulnerability in Mozilla Firefox
The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process.
local
low complexity
mozilla CWE-20
5.5
2018-06-11 CVE-2016-5291 Improper Input Validation vulnerability in multiple products
A same-origin policy bypass with local shortcut files to load arbitrary local content from disk.
local
low complexity
mozilla debian CWE-20
5.5
2018-06-11 CVE-2016-5290 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4.
network
low complexity
mozilla debian CWE-119
critical
9.8
2017-03-15 CVE-2016-10196 Out-of-bounds Write vulnerability in multiple products
Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument.
network
low complexity
debian libevent-project mozilla CWE-787
7.5
2016-03-13 CVE-2016-1974 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted Unicode data in an HTML, XML, or SVG document.
network
low complexity
mozilla oracle suse opensuse CWE-119
8.8
2016-03-13 CVE-2016-1966 The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference and memory corruption) via a crafted NPAPI plugin.
network
low complexity
oracle mozilla opensuse
8.8
2016-03-13 CVE-2016-1964 Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging mishandling of XML transformations.
network
low complexity
oracle suse opensuse mozilla
8.8