Vulnerabilities > Mozilla > Thunderbird > 1.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-04-01 | CVE-2015-0815 | Memory Corruption vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 7.5 |
| 2015-04-01 | CVE-2015-0813 | Use After Free Memory Corruption vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird Use-after-free vulnerability in the AppendElements function in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 on Linux, when the Fluendo MP3 plugin for GStreamer is used, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted MP3 file. | 5.1 |
| 2015-04-01 | CVE-2015-0807 | Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird The navigator.sendBeacon implementation in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 processes HTTP 30x status codes for redirects after a preflight request has occurred, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site, a similar issue to CVE-2014-8638. | 6.8 |
| 2015-04-01 | CVE-2015-0801 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818. | 7.5 |
| 2015-02-25 | CVE-2015-0836 | Memory Corruption vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 7.5 |
| 2015-02-25 | CVE-2015-0833 | DLL Loading Arbitrary Code Execution vulnerability in Mozilla Firefox Firefox ESR and Thunderbird Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 on Windows, when the Maintenance Service is not used, allow local users to gain privileges via a Trojan horse DLL in (1) the current working directory or (2) a temporary directory, as demonstrated by bcrypt.dll. | 6.9 |
| 2015-02-25 | CVE-2015-0831 | Use After Free Denial of Service vulnerability in Mozilla Firefox and Thunderbird Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted content that is improperly handled during IndexedDB index creation. | 6.8 |
| 2015-02-25 | CVE-2015-0827 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird Heap-based buffer overflow in the mozilla::gfx::CopyRect function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to obtain sensitive information from uninitialized process memory via a malformed SVG graphic. | 4.3 |
| 2015-02-25 | CVE-2015-0822 | Information Exposure vulnerability in Mozilla Firefox and Thunderbird The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to read arbitrary files via crafted JavaScript code. | 4.3 |
| 2015-01-14 | CVE-2014-8639 | Authentication Session Fixation vulnerability in Mozilla Firefox/Thunderbird/SeaMonkey Proxy Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 (aka Proxy Authentication Required) status code, which allows remote HTTP proxy servers to conduct session fixation attacks by providing a cookie name that corresponds to the session cookie of the origin server. network mozilla | 6.8 |