Vulnerabilities > Mozilla > Thunderbird > High

DATE CVE VULNERABILITY TITLE RISK
2019-07-23 CVE-2019-9815 Information Exposure Through Discrepancy vulnerability in Mozilla Firefox
If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks.
network
high complexity
mozilla CWE-203
8.1
2019-07-23 CVE-2019-9811 Injection vulnerability in multiple products
As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation.
network
high complexity
mozilla debian novell opensuse CWE-74
8.3
2019-07-23 CVE-2019-11729 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox
Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used.
network
low complexity
mozilla CWE-119
7.5
2019-07-23 CVE-2019-11719 Out-of-bounds Read vulnerability in Mozilla Firefox
When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library.
network
low complexity
mozilla CWE-125
7.5
2019-07-23 CVE-2019-11712 Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Firefox
POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements.
network
low complexity
mozilla CWE-352
8.8
2019-07-23 CVE-2019-11711 When an inner window is reused, it does not consider the use of document.domain for cross-origin protections.
network
low complexity
mozilla debian
8.8
2019-07-23 CVE-2019-11707 Type Confusion vulnerability in Mozilla Thunderbird
A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop.
network
low complexity
mozilla CWE-843
8.8
2019-07-23 CVE-2019-11706 Type Confusion vulnerability in Mozilla Thunderbird
A flaw in Thunderbird's implementation of iCal causes a type confusion in icaltimezone_get_vtimezone_properties when processing certain email messages, resulting in a crash.
network
low complexity
mozilla CWE-843
7.5
2019-07-23 CVE-2019-11694 Use of Uninitialized Resource vulnerability in Mozilla Firefox
A vulnerability exists in the Windows sandbox where an uninitialized value in memory can be leaked to a renderer from a broker when making a call to access an otherwise unavailable file.
network
low complexity
mozilla CWE-908
7.5
2019-04-26 CVE-2019-9813 Type Confusion vulnerability in Mozilla Thunderbird
Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write.
network
low complexity
mozilla CWE-843
8.8