Vulnerabilities > Mozilla > Thunderbird

DATE CVE VULNERABILITY TITLE RISK
2019-04-26 CVE-2019-9791 Type Confusion vulnerability in multiple products
The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR).
network
low complexity
mozilla redhat CWE-843
critical
9.8
2019-04-26 CVE-2019-9790 Use After Free vulnerability in Mozilla Thunderbird
A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use.
network
low complexity
mozilla CWE-416
critical
9.8
2019-04-26 CVE-2019-9788 Out-of-bounds Write vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5.
network
low complexity
mozilla redhat CWE-787
critical
9.8
2019-04-26 CVE-2018-18513 NULL Pointer Dereference vulnerability in Mozilla Thunderbird
A crash can occur when processing a crafted S/MIME message or an XPI package containing a crafted signature.
network
low complexity
mozilla CWE-476
7.5
2019-04-26 CVE-2018-18512 Use After Free vulnerability in Mozilla Thunderbird
A use-after-free vulnerability can occur while playing a sound notification in Thunderbird.
network
low complexity
mozilla CWE-416
critical
9.8
2019-04-26 CVE-2018-18509 Improper Verification of Cryptographic Signature vulnerability in Mozilla Thunderbird
A flaw during verification of certain S/MIME signatures causes emails to be shown in Thunderbird as having a valid digital signature, even if the shown message contents aren't covered by the signature.
network
low complexity
mozilla CWE-347
5.3
2019-02-28 CVE-2018-18499 Origin Validation Error vulnerability in Mozilla Firefox
A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries().
network
low complexity
mozilla CWE-346
6.5
2019-02-28 CVE-2018-18498 Integer Overflow or Wraparound vulnerability in multiple products
A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value.
network
low complexity
mozilla debian canonical redhat CWE-190
critical
9.8
2019-02-28 CVE-2018-18494 Origin Validation Error vulnerability in multiple products
A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries().
network
low complexity
mozilla debian canonical redhat CWE-346
6.5
2019-02-28 CVE-2018-18493 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit.
network
low complexity
mozilla debian canonical redhat CWE-119
critical
9.8