Vulnerabilities > Mozilla > Thunderbird > 3.1.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-10-21 | CVE-2010-3173 | Cryptographic Issues vulnerability in Mozilla Firefox, Seamonkey and Thunderbird The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. | 7.5 |
2010-10-21 | CVE-2010-3170 | Cryptographic Issues vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. | 4.3 |
2010-04-28 | CVE-2010-1585 | Improper Input Validation vulnerability in Mozilla Firefox, Seamonkey and Thunderbird The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remote attackers to execute arbitrary JavaScript with chrome privileges via a javascript: URI in input to an extension, as demonstrated by a javascript:alert sequence in (1) the HREF attribute of an A element or (2) the ACTION attribute of a FORM element. | 9.3 |