Vulnerabilities > Mozilla > Thunderbird > High

DATE CVE VULNERABILITY TITLE RISK
2018-06-11 CVE-2017-7787 Information Exposure vulnerability in multiple products
Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure.
network
low complexity
debian redhat mozilla CWE-200
7.5
2018-06-11 CVE-2017-7765 Improper Input Validation vulnerability in Mozilla Firefox
The "Mark of the Web" was not correctly saved on Windows when files with very long names were downloaded from the Internet.
network
low complexity
mozilla CWE-20
7.5
2018-06-11 CVE-2017-7755 Untrusted Search Path vulnerability in Mozilla Firefox
The Firefox installer on Windows can be made to load malicious DLL files stored in the same directory as the installer when it is run.
local
low complexity
mozilla CWE-426
7.8
2018-06-11 CVE-2017-7754 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" object during WebGL operations.
network
low complexity
debian redhat mozilla CWE-125
7.5
2018-06-11 CVE-2017-7752 Use After Free vulnerability in multiple products
A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled.
network
low complexity
debian redhat mozilla CWE-416
8.8
2018-06-11 CVE-2017-5467 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A potential memory corruption and crash when using Skia content when drawing content outside of the bounds of a clipping region.
network
low complexity
redhat mozilla CWE-119
7.5
2018-06-11 CVE-2017-5454 Information Exposure vulnerability in multiple products
A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths.
network
low complexity
redhat mozilla CWE-200
7.5
2018-06-11 CVE-2017-5449 Improper Input Validation vulnerability in multiple products
A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations.
network
low complexity
redhat mozilla CWE-20
7.5
2018-06-11 CVE-2017-5445 Improper Validation of Array Index vulnerability in multiple products
A vulnerability while parsing "application/http-index-format" format content where uninitialized values are used to create an array.
network
low complexity
debian redhat mozilla CWE-129
7.5
2018-06-11 CVE-2017-5444 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A buffer overflow vulnerability while parsing "application/http-index-format" format content when the header contains improperly formatted data.
network
low complexity
debian redhat mozilla CWE-119
7.5