Vulnerabilities > Mozilla > Thunderbird > 60.6.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-27 | CVE-2019-11744 | Cross-site Scripting vulnerability in Mozilla Firefox Some HTML elements, such as <title> and <textarea>, can contain literal angle brackets without treating them as markup. | 4.3 |
| 2019-09-27 | CVE-2019-11743 | Information Exposure Through Discrepancy vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird Navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specification in some instances for the unload event, which restricts access to detailed timing attributes to only be same-origin. | 4.3 |
| 2019-09-27 | CVE-2019-11742 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Mozilla Firefox A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a <canvas> element due to an error in how same-origin policy is applied to cached image content. | 4.3 |
| 2019-09-27 | CVE-2019-11740 | Out-of-bounds Write vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. | 6.8 |
| 2019-09-27 | CVE-2019-11739 | Cleartext Transmission of Sensitive Information vulnerability in Mozilla Thunderbird Encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a a HTML reply/forward. | 4.3 |
| 2019-07-23 | CVE-2019-9820 | Use After Free vulnerability in Mozilla Firefox and Firefox ESR A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. | 7.5 |
| 2019-07-23 | CVE-2019-9819 | Improper Input Validation vulnerability in Mozilla Thunderbird A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash. | 7.5 |
| 2019-07-23 | CVE-2019-9818 | Race Condition vulnerability in Mozilla Firefox A race condition is present in the crash generation server used to generate data for the crash reporter. | 5.1 |
| 2019-07-23 | CVE-2019-9817 | Origin Validation Error vulnerability in Mozilla Firefox and Firefox ESR Images from a different domain can be read using a canvas object in some circumstances. | 5.0 |
| 2019-07-23 | CVE-2019-9816 | Type Confusion vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. | 4.3 |