Vulnerabilities > Mozilla > Thunderbird

DATE CVE VULNERABILITY TITLE RISK
2019-02-28 CVE-2018-18492 Use After Free vulnerability in multiple products
A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection.
network
low complexity
mozilla debian canonical redhat CWE-416
critical
9.8
2019-02-28 CVE-2018-12405 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3.
network
low complexity
mozilla debian canonical redhat CWE-119
critical
9.8
2019-02-28 CVE-2018-12393 Integer Overflow or Wraparound vulnerability in multiple products
A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion.
network
low complexity
mozilla debian canonical redhat CWE-190
7.5
2019-02-28 CVE-2018-12392 When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling.
network
low complexity
mozilla debian canonical redhat
critical
9.8
2019-02-28 CVE-2018-12391 Incorrect Authorization vulnerability in Mozilla Firefox
During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies.
network
low complexity
mozilla CWE-863
8.8
2019-02-28 CVE-2018-12390 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2.
network
low complexity
mozilla debian canonical redhat CWE-119
critical
9.8
2019-02-28 CVE-2018-12389 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2.
network
low complexity
mozilla debian canonical redhat CWE-119
8.8
2019-02-05 CVE-2018-18505 Improper Authentication vulnerability in multiple products
An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation.
network
low complexity
mozilla canonical debian redhat CWE-287
critical
10.0
2019-02-05 CVE-2018-18501 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4.
network
low complexity
mozilla canonical debian redhat CWE-119
critical
9.8
2019-02-05 CVE-2018-18500 Use After Free vulnerability in multiple products
A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements.
network
low complexity
mozilla canonical debian redhat CWE-416
critical
9.8