Vulnerabilities > Mozilla > Thunderbird > High

DATE CVE VULNERABILITY TITLE RISK
2020-01-08 CVE-2019-11760 Out-of-bounds Write vulnerability in multiple products
A fixed-size stack buffer could overflow in nrappkit when doing WebRTC signaling.
network
low complexity
mozilla canonical CWE-787
8.8
2020-01-08 CVE-2019-11759 Classic Buffer Overflow vulnerability in multiple products
An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack.
network
low complexity
mozilla canonical CWE-120
8.8
2020-01-08 CVE-2019-11758 Out-of-bounds Write vulnerability in multiple products
Mozilla community member Philipp reported a memory safety bug present in Firefox 68 when 360 Total Security was installed.
network
low complexity
mozilla canonical CWE-787
8.8
2020-01-08 CVE-2019-11757 Use After Free vulnerability in multiple products
When following the value's prototype chain, it was possible to retain a reference to a locale, delete it, and subsequently reference it.
network
low complexity
mozilla canonical CWE-416
8.8
2020-01-08 CVE-2019-11745 Out-of-bounds Write vulnerability in multiple products
When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur.
8.8
2019-09-27 CVE-2019-11755 Improper Verification of Cryptographic Signature vulnerability in Mozilla Thunderbird
A crafted S/MIME message consisting of an inner encryption layer and an outer SignedData layer was shown as having a valid digital signature, although the signer might have had no access to the contents of the encrypted message, and might have stripped a different signature from the encrypted message.
network
low complexity
mozilla CWE-347
7.5
2019-09-27 CVE-2019-11752 Use After Free vulnerability in Mozilla Firefox
It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion.
network
low complexity
mozilla CWE-416
8.8
2019-09-27 CVE-2019-11746 Use After Free vulnerability in Mozilla Firefox
A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use.
network
low complexity
mozilla CWE-416
8.8
2019-09-27 CVE-2019-11740 Out-of-bounds Write vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8.
network
low complexity
mozilla canonical opensuse CWE-787
8.8
2019-07-23 CVE-2019-9818 Use After Free vulnerability in Mozilla Firefox
A race condition is present in the crash generation server used to generate data for the crash reporter.
network
high complexity
mozilla CWE-416
8.3