Vulnerabilities > Mozilla > Thunderbird > 17.0.1

DATE CVE VULNERABILITY TITLE RISK
2013-06-26 CVE-2013-1693 Permissions, Privileges, and Access Controls vulnerability in Mozilla products
The SVG filter implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to read pixel values, and possibly bypass the Same Origin Policy and read text from a different domain, by observing timing differences in execution of filter code.
network
mozilla CWE-264
4.3
4.3
2013-06-26 CVE-2013-1692 Permissions, Privileges, and Access Controls vulnerability in Mozilla products
Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not prevent the inclusion of body data in an XMLHttpRequest HEAD request, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web site.
network
mozilla CWE-264
4.3
4.3
2013-06-26 CVE-2013-1690 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mozilla products
Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location.
network
mozilla CWE-119
critical
 9.3
9.3
2013-06-26 CVE-2013-1687 Permissions, Privileges, and Access Controls vulnerability in Mozilla products
The System Only Wrapper (SOW) and Chrome Object Wrapper (COW) implementations in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly restrict XBL user-defined functions, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges, or conduct cross-site scripting (XSS) attacks, via a crafted web site.
network
mozilla CWE-264
critical
 9.3
9.3
2013-06-26 CVE-2013-1686 Resource Management Errors vulnerability in Mozilla products
Use-after-free vulnerability in the mozilla::ResetDir function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
network
low complexity
mozilla CWE-399
critical
 10.0
10
2013-06-26 CVE-2013-1685 Resource Management Errors vulnerability in Mozilla products
Use-after-free vulnerability in the nsIDocument::GetRootElement function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted web site.
network
mozilla CWE-399
critical
 9.3
9.3
2013-06-26 CVE-2013-1684 Resource Management Errors vulnerability in Mozilla products
Use-after-free vulnerability in the mozilla::dom::HTMLMediaElement::LookupMediaElementURITable function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted web site.
network
mozilla CWE-399
critical
 9.3
9.3
2013-06-26 CVE-2013-1682 Memory Unspecified Corruption vulnerability in Mozilla Firefox/Thunderbird
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
network
low complexity
mozilla
critical
 10.0
10
2013-05-16 CVE-2013-1681 Resource Management Errors vulnerability in Mozilla products
Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
network
low complexity
mozilla CWE-399
critical
 10.0
10
2013-05-16 CVE-2013-1680 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mozilla products
Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
network
low complexity
mozilla CWE-119
critical
 10.0
10