Vulnerabilities > Mozilla > Thunderbird > 24.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-28 | CVE-2018-18498 | Integer Overflow or Wraparound vulnerability in multiple products A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. | 7.5 |
| 2019-02-28 | CVE-2018-12391 | Incorrect Authorization vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies. | 9.3 |
| 2018-06-11 | CVE-2018-5168 | Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. | 5.0 |
| 2018-06-11 | CVE-2018-5095 | Use of Uninitialized Resource vulnerability in multiple products An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. | 7.5 |
| 2017-03-15 | CVE-2016-10196 | Out-of-bounds Write vulnerability in multiple products Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument. | 5.0 |
| 2014-09-03 | CVE-2014-1567 | Use After Free Memory Corruption vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout. | 9.3 |
| 2014-09-03 | CVE-2014-1562 | Buffer Errors vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird Unspecified vulnerability in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 10.0 |
| 2014-07-23 | CVE-2014-1560 | Unspecified vulnerability in Mozilla Firefox and Thunderbird Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use ASCII character encoding in a required context. network mozilla | 4.3 |
| 2014-07-23 | CVE-2014-1559 | Security vulnerability in Mozilla Firefox and Thunderbird Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use UTF-8 character encoding in a required context, a different vulnerability than CVE-2014-1558. network mozilla | 4.3 |
| 2014-07-23 | CVE-2014-1558 | Security vulnerability in Mozilla Firefox and Thunderbird Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use UTF-8 character encoding in a required context, a different vulnerability than CVE-2014-1559. network mozilla | 4.3 |