Vulnerabilities > Mozilla > Thunderbird

DATE CVE VULNERABILITY TITLE RISK
2018-06-11 CVE-2017-7825 Improper Input Validation vulnerability in multiple products
Several fonts on OS X display some Tibetan and Arabic characters as whitespace.
network
low complexity
debian mozilla CWE-20
5.3
2018-06-11 CVE-2017-7824 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content.
network
low complexity
redhat debian mozilla CWE-119
critical
9.8
2018-06-11 CVE-2017-7823 Cross-site Scripting vulnerability in multiple products
The content security policy (CSP) "sandbox" directive did not create a unique origin for the document, causing it to behave as if the "allow-same-origin" keyword were always specified.
network
low complexity
redhat debian mozilla CWE-79
5.4
2018-06-11 CVE-2017-7819 Use After Free vulnerability in multiple products
A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from memory.
network
low complexity
redhat debian mozilla CWE-416
critical
9.8
2018-06-11 CVE-2017-7818 Use After Free vulnerability in multiple products
A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the DOM.
network
low complexity
redhat debian mozilla CWE-416
critical
9.8
2018-06-11 CVE-2017-7814 Improper Input Validation vulnerability in multiple products
File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files.
local
low complexity
redhat mozilla debian CWE-20
7.8
2018-06-11 CVE-2017-7810 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3.
network
low complexity
debian redhat canonical mozilla CWE-119
critical
9.8
2018-06-11 CVE-2017-7809 Use After Free vulnerability in multiple products
A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document.
network
low complexity
debian redhat mozilla CWE-416
critical
9.8
2018-06-11 CVE-2017-7807 Improper Input Validation vulnerability in multiple products
A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain.
network
low complexity
debian redhat mozilla CWE-20
8.1
2018-06-11 CVE-2017-7805 Use After Free vulnerability in multiple products
During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer.
network
low complexity
mozilla debian CWE-416
7.5