Vulnerabilities > Mozilla > Thunderbird > 59.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-04-26 | CVE-2019-9793 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox and Firefox ESR A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. | 4.3 |
2019-04-26 | CVE-2019-9792 | Out-of-bounds Write vulnerability in multiple products The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout. | 7.5 |
2019-04-26 | CVE-2019-9791 | Type Confusion vulnerability in multiple products The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR). | 7.5 |
2019-04-26 | CVE-2019-9790 | Use After Free vulnerability in Mozilla Firefox and Firefox ESR A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. | 7.5 |
2019-04-26 | CVE-2019-9788 | Out-of-bounds Write vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5. | 7.5 |
2019-04-26 | CVE-2018-18513 | NULL Pointer Dereference vulnerability in Mozilla Thunderbird A crash can occur when processing a crafted S/MIME message or an XPI package containing a crafted signature. | 5.0 |
2019-04-26 | CVE-2018-18512 | Use After Free vulnerability in Mozilla Thunderbird A use-after-free vulnerability can occur while playing a sound notification in Thunderbird. | 7.5 |
2019-04-26 | CVE-2018-18509 | Improper Verification of Cryptographic Signature vulnerability in Mozilla Thunderbird A flaw during verification of certain S/MIME signatures causes emails to be shown in Thunderbird as having a valid digital signature, even if the shown message contents aren't covered by the signature. | 5.0 |
2019-02-28 | CVE-2018-18499 | Origin Validation Error vulnerability in Mozilla Firefox and Firefox ESR A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries(). | 4.3 |
2019-02-28 | CVE-2018-18498 | Integer Overflow or Wraparound vulnerability in multiple products A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. | 7.5 |