Vulnerabilities > Mozilla > Thunderbird > 1.0.8
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-06-02 | CVE-2006-2780 | Code Injection vulnerability in Mozilla Firefox and Thunderbird Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via "jsstr tagify," which leads to memory corruption. | 9.3 |
| 2006-06-02 | CVE-2006-2779 | Code Injection vulnerability in Mozilla Firefox and Thunderbird Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested <option> tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) "Content-implemented tree views," (4) BoxObjects, (5) the XBL implementation, (6) an iframe that attempts to remove itself, which leads to memory corruption. | 9.3 |
| 2006-06-02 | CVE-2006-2778 | Unspecified vulnerability in Mozilla Firefox and Thunderbird The crypto.signText function in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to execute arbitrary code via certain optional Certificate Authority name arguments, which causes an invalid array index and triggers a buffer overflow. | 5.0 |
| 2006-06-02 | CVE-2006-2775 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox and Thunderbird Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL attributes with the wrong URL under certain unspecified circumstances, which might allow remote attackers to bypass restrictions by causing a persisted string to be associated with the wrong URL. | 7.5 |
| 2006-04-14 | CVE-2006-1531 | Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. | 7.5 |
| 2006-04-14 | CVE-2006-1530 | Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. | 7.5 |