Vulnerabilities > Mozilla > Thunderbird

DATE CVE VULNERABILITY TITLE RISK
2018-06-11 CVE-2018-5095 Use of Uninitialized Resource vulnerability in multiple products
An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM.
network
low complexity
debian redhat mozilla canonical CWE-908
critical
9.8
2018-06-11 CVE-2018-5089 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5.
network
low complexity
canonical redhat debian mozilla CWE-119
critical
9.8
2018-06-11 CVE-2017-7848 Injection vulnerability in multiple products
RSS fields can inject new lines into the created email structure, modifying the message body.
network
low complexity
mozilla redhat debian CWE-74
5.3
2018-06-11 CVE-2017-7847 Information Exposure vulnerability in multiple products
Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name.
network
low complexity
debian redhat mozilla CWE-200
4.3
2018-06-11 CVE-2017-7846 Injection vulnerability in multiple products
It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g.
network
low complexity
redhat debian mozilla CWE-74
8.8
2018-06-11 CVE-2017-7845 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox
A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content.
network
low complexity
mozilla CWE-119
8.8
2018-06-11 CVE-2017-7830 The Resource Timing API incorrectly revealed navigations in cross-origin iframes.
network
low complexity
debian mozilla redhat
6.5
2018-06-11 CVE-2017-7829 Improper Input Validation vulnerability in multiple products
It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient.
network
low complexity
mozilla redhat debian canonical CWE-20
5.3
2018-06-11 CVE-2017-7828 Use After Free vulnerability in multiple products
A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" object has been freed while still in use.
network
low complexity
debian redhat mozilla CWE-416
critical
9.8
2018-06-11 CVE-2017-7826 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4.
network
low complexity
debian redhat canonical mozilla CWE-119
critical
9.8