Vulnerabilities > Mozilla > Thunderbird
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-06-11 | CVE-2017-7804 | Improper Input Validation vulnerability in Mozilla Firefox The destructor function for the "WindowsDllDetourPatcher" class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory. | 7.5 |
2018-06-11 | CVE-2017-7803 | Improper Privilege Management vulnerability in multiple products When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored. | 7.5 |
2018-06-11 | CVE-2017-7802 | Use After Free vulnerability in multiple products A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. | 9.8 |
2018-06-11 | CVE-2017-7801 | Use After Free vulnerability in multiple products A use-after-free vulnerability can occur while re-computing layout for a "marquee" element during window resizing where the updated style object is freed while still in use. | 9.8 |
2018-06-11 | CVE-2017-7800 | Use After Free vulnerability in multiple products A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. | 9.8 |
2018-06-11 | CVE-2017-7793 | Use After Free vulnerability in multiple products A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. | 9.8 |
2018-06-11 | CVE-2017-7792 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). | 9.8 |
2018-06-11 | CVE-2017-7791 | Improper Input Validation vulnerability in multiple products On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. | 5.3 |
2018-06-11 | CVE-2017-7787 | Information Exposure vulnerability in multiple products Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. | 7.5 |
2018-06-11 | CVE-2017-7786 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. | 9.8 |