Vulnerabilities > Mozilla > Thunderbird > 0.7.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-02-24 | CVE-2006-0884 | Improper Input Validation vulnerability in Mozilla Thunderbird The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail. | 9.3 |
| 2005-12-31 | CVE-2005-4809 | Unspecified vulnerability in Mozilla Firefox, Mozilla and Thunderbird Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunderbird, allows remote attackers to spoof the URL in the Status Bar via an A HREF tag that contains a TABLE tag that contains another A tag. | 5.0 |
| 2005-07-13 | CVE-2005-2261 | Unspecified vulnerability in Mozilla Firefox, Mozilla and Thunderbird Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, Netscape 8.0.2, and K-Meleon 0.9 runs XBL scripts even when Javascript has been disabled, which makes it easier for remote attackers to bypass such protection. | 7.5 |
| 2005-05-02 | CVE-2005-0590 | Remote vulnerability in Mozilla Firefox, Mozilla and Thunderbird The installation confirmation dialog in Firefox before 1.0.1, Thunderbird before 1.0.1, and Mozilla before 1.7.6 allows remote attackers to use InstallTrigger to spoof the hostname of the host performing the installation via a long "user:pass" sequence in the URL, which appears before the real hostname. | 5.0 |
| 2005-05-02 | CVE-2005-0399 | Remote Heap Overflow vulnerability in Mozilla Firefox, Mozilla and Thunderbird Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, Mozilla before to 1.7.6, and Thunderbird before 1.0.2, and possibly other applications that use the same library, allows remote attackers to execute arbitrary code via a GIF image with a crafted Netscape extension 2 block and buffer size. | 5.1 |
| 2005-02-15 | CVE-2005-0149 | Unspecified vulnerability in Mozilla and Thunderbird Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the network.cookie.disableCookieForMailNews preference, which could allow remote attackers to bypass the user's intended privacy and security policy by using cookies in e-mail messages. | 5.0 |
| 2005-01-27 | CVE-2004-0903 | Remote Buffer Overflow vulnerability in Mozilla Browser Vcard Handling Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message. | 10.0 |
| 2005-01-27 | CVE-2004-0902 | Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the "Send page" functionality, (2) certain responses from a malicious POP3 server, or (3) a link containing a non-ASCII hostname. | 10.0 |
| 2004-12-31 | CVE-2004-0909 | Unspecified vulnerability in Mozilla and Thunderbird Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 may allow remote attackers to trick users into performing unexpected actions, including installing software, via signed scripts that request enhanced abilities using the enablePrivilege parameter, then modify the meaning of certain security-relevant dialog messages. | 5.1 |
| 2004-12-31 | CVE-2004-0908 | Unspecified vulnerability in Mozilla and Thunderbird Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows untrusted Javascript code to read and write to the clipboard, and possibly obtain sensitive information, via script-generated events such as Ctrl-Ins. | 4.0 |