Vulnerabilities > Mozilla > Thunderbird

DATE CVE VULNERABILITY TITLE RISK
2018-06-11 CVE-2017-5449 Improper Input Validation vulnerability in multiple products
A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations.
network
low complexity
redhat mozilla CWE-20
7.5
2018-06-11 CVE-2017-5447 Use After Free vulnerability in multiple products
An out-of-bounds read during the processing of glyph widths during text layout.
network
low complexity
debian redhat mozilla CWE-416
critical
9.1
2018-06-11 CVE-2017-5446 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content.
network
low complexity
debian redhat mozilla CWE-125
critical
9.8
2018-06-11 CVE-2017-5445 Improper Validation of Array Index vulnerability in multiple products
A vulnerability while parsing "application/http-index-format" format content where uninitialized values are used to create an array.
network
low complexity
debian redhat mozilla CWE-129
7.5
2018-06-11 CVE-2017-5444 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A buffer overflow vulnerability while parsing "application/http-index-format" format content when the header contains improperly formatted data.
network
low complexity
debian redhat mozilla CWE-119
7.5
2018-06-11 CVE-2017-5443 Out-of-bounds Write vulnerability in multiple products
An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives.
network
low complexity
debian redhat mozilla CWE-787
critical
9.8
2018-06-11 CVE-2017-5442 Use After Free vulnerability in multiple products
A use-after-free vulnerability during changes in style when manipulating DOM elements.
network
low complexity
debian redhat mozilla CWE-416
critical
9.8
2018-06-11 CVE-2017-5441 Use After Free vulnerability in multiple products
A use-after-free vulnerability when holding a selection during scroll events.
network
low complexity
debian redhat mozilla CWE-416
critical
9.8
2018-06-11 CVE-2017-5440 Use After Free vulnerability in multiple products
A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist.
network
low complexity
debian redhat mozilla CWE-416
critical
9.8
2018-06-11 CVE-2017-5439 Use After Free vulnerability in multiple products
A use-after-free vulnerability during XSLT processing due to poor handling of template parameters.
network
low complexity
debian redhat mozilla CWE-416
critical
9.8