Vulnerabilities > Mozilla > Thunderbird

DATE CVE VULNERABILITY TITLE RISK
2018-06-11 CVE-2017-7785 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM.
network
low complexity
debian redhat mozilla CWE-119
critical
9.8
2018-06-11 CVE-2017-7784 Use After Free vulnerability in multiple products
A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed.
network
low complexity
debian redhat mozilla CWE-416
critical
9.8
2018-06-11 CVE-2017-7782 Improper Privilege Management vulnerability in Mozilla Firefox
An error in the "WindowsDllDetourPatcher" where a RWX ("Read/Write/Execute") 4k block is allocated but never protected, violating DEP protections.
network
low complexity
mozilla CWE-269
5.3
2018-06-11 CVE-2017-7779 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2.
network
low complexity
debian redhat mozilla CWE-119
critical
9.8
2018-06-11 CVE-2017-7778 Out-of-bounds Write vulnerability in multiple products
A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory.
network
low complexity
mozilla debian sil CWE-787
critical
9.8
2018-06-11 CVE-2017-7765 Improper Input Validation vulnerability in Mozilla Firefox
The "Mark of the Web" was not correctly saved on Windows when files with very long names were downloaded from the Internet.
network
low complexity
mozilla CWE-20
7.5
2018-06-11 CVE-2017-7764 Improper Input Validation vulnerability in multiple products
Characters from the "Canadian Syllabics" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw "punycode" form, allowing for domain name spoofing attacks through character confusion.
network
low complexity
mozilla debian CWE-20
5.3
2018-06-11 CVE-2017-7763 Improper Input Validation vulnerability in multiple products
Default fonts on OS X display some Tibetan characters as whitespace.
network
low complexity
mozilla debian CWE-20
5.3
2018-06-11 CVE-2017-7758 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use.
network
low complexity
redhat mozilla debian CWE-125
critical
9.1
2018-06-11 CVE-2017-7757 Use After Free vulnerability in multiple products
A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed.
network
low complexity
mozilla debian CWE-416
critical
9.8