Vulnerabilities > Mozilla > Thunderbird

DATE CVE VULNERABILITY TITLE RISK
2018-06-11 CVE-2018-5162 Missing Encryption of Sensitive Data vulnerability in multiple products
Plaintext of decrypted emails can leak through the src attribute of remote images, or links.
network
low complexity
redhat debian canonical mozilla CWE-311
7.5
2018-06-11 CVE-2018-5161 Improper Input Validation vulnerability in multiple products
Crafted message headers can cause a Thunderbird process to hang on receiving the message.
network
low complexity
redhat debian canonical mozilla CWE-20
4.3
2018-06-11 CVE-2018-5159 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes.
network
low complexity
debian redhat mozilla canonical CWE-190
critical
9.8
2018-06-11 CVE-2018-5155 Use After Free vulnerability in multiple products
A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths.
network
low complexity
debian redhat mozilla canonical CWE-416
critical
9.8
2018-06-11 CVE-2018-5154 Use After Free vulnerability in multiple products
A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths.
network
low complexity
debian redhat mozilla canonical CWE-416
critical
9.8
2018-06-11 CVE-2018-5150 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7.
network
low complexity
debian redhat mozilla canonical CWE-119
critical
9.8
2018-06-11 CVE-2018-5146 Out-of-bounds Write vulnerability in multiple products
An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest.
network
low complexity
redhat debian canonical mozilla CWE-787
8.8
2018-06-11 CVE-2018-5145 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Memory safety bugs were reported in Firefox ESR 52.6.
network
low complexity
debian redhat mozilla canonical CWE-119
critical
9.8
2018-06-11 CVE-2018-5144 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter.
network
low complexity
redhat debian canonical mozilla CWE-190
7.3
2018-06-11 CVE-2018-5129 Out-of-bounds Write vulnerability in multiple products
A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages.
network
low complexity
debian mozilla redhat canonical CWE-787
8.6