Vulnerabilities > Mozilla > Thunderbird > 3.1.14
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-03-14 | CVE-2012-0455 | Cross-Site Scripting vulnerability in Mozilla products Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict drag-and-drop operations on javascript: URLs, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web page, related to a "DragAndDropJacking" issue. | 4.3 |
| 2012-02-01 | CVE-2012-0449 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document. | 9.3 |
| 2012-02-01 | CVE-2012-0444 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file. | 10.0 |
| 2012-02-01 | CVE-2012-0442 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 9.3 |
| 2012-02-01 | CVE-2011-3659 | USE After Free vulnerability in multiple products Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications that affect access to removed nsDOMAttribute child nodes. | 9.3 |
| 2011-12-21 | CVE-2011-3666 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox and Thunderbird Mozilla Firefox before 3.6.25 and Thunderbird before 3.1.17 on Mac OS X do not consider .jar files to be executable files, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted file. | 6.8 |
| 2011-12-21 | CVE-2011-3664 | NULL Pointer Dereference Denial Of Service vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox before 9.0, Thunderbird before 9.0, and SeaMonkey before 2.6 on Mac OS X do not properly handle certain DOM frame deletions by plugins, which allows remote attackers to cause a denial of service (incorrect pointer dereference and application crash) or possibly have unspecified other impact via a crafted web site. | 6.8 |
| 2011-12-07 | CVE-2010-5074 | Race Condition vulnerability in Mozilla Firefox, Seamonkey and Thunderbird The layout engine in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 executes different code for visited and unvisited links during the processing of Cascading Style Sheets (CSS) token sequences, which makes it easier for remote attackers to obtain sensitive information about visited web pages via a timing attack. | 4.3 |
| 2011-12-07 | CVE-2002-2437 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox, Seamonkey and Thunderbird The JavaScript implementation in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method. | 5.0 |
| 2011-12-07 | CVE-2002-2436 | Information Exposure vulnerability in Mozilla Firefox, Seamonkey and Thunderbird The Cascading Style Sheets (CSS) implementation in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264. | 4.3 |