Vulnerabilities > Mozilla > Thunderbird > High

DATE CVE VULNERABILITY TITLE RISK
2018-06-11 CVE-2018-5129 Out-of-bounds Write vulnerability in multiple products
A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages.
network
low complexity
debian mozilla redhat canonical CWE-787
8.6
2018-06-11 CVE-2018-5127 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script.
network
low complexity
redhat debian canonical mozilla CWE-119
8.8
2018-06-11 CVE-2018-5125 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6.
network
low complexity
canonical redhat debian mozilla CWE-119
8.8
2018-06-11 CVE-2017-7846 Injection vulnerability in multiple products
It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g.
network
low complexity
redhat debian mozilla CWE-74
8.8
2018-06-11 CVE-2017-7845 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox
A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content.
network
low complexity
mozilla CWE-119
8.8
2018-06-11 CVE-2017-7814 Improper Input Validation vulnerability in multiple products
File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files.
local
low complexity
redhat mozilla debian CWE-20
7.8
2018-06-11 CVE-2017-7807 Improper Input Validation vulnerability in multiple products
A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain.
network
low complexity
debian redhat mozilla CWE-20
8.1
2018-06-11 CVE-2017-7805 Use After Free vulnerability in multiple products
During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer.
network
low complexity
mozilla debian CWE-416
7.5
2018-06-11 CVE-2017-7804 Improper Input Validation vulnerability in Mozilla Firefox
The destructor function for the "WindowsDllDetourPatcher" class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory.
network
low complexity
mozilla CWE-20
7.5
2018-06-11 CVE-2017-7803 Improper Privilege Management vulnerability in multiple products
When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored.
network
low complexity
redhat debian mozilla CWE-269
7.5