Vulnerabilities > Mozilla > Thunderbird > High

DATE CVE VULNERABILITY TITLE RISK
2018-06-11 CVE-2016-9905 Improper Access Control vulnerability in multiple products
A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents.
network
low complexity
redhat debian mozilla CWE-284
8.8
2018-06-11 CVE-2016-9904 Information Exposure vulnerability in multiple products
An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts.
network
low complexity
redhat debian mozilla CWE-200
7.5
2018-06-11 CVE-2016-9900 7PK - Security Features vulnerability in multiple products
External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs.
network
low complexity
debian redhat mozilla CWE-254
7.5
2018-06-11 CVE-2016-9897 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES.
network
low complexity
redhat debian mozilla CWE-119
7.5
2018-06-11 CVE-2016-9079 Use After Free vulnerability in multiple products
A use-after-free vulnerability in SVG Animation has been discovered.
network
low complexity
debian redhat mozilla torproject CWE-416
7.5
2018-06-11 CVE-2016-9066 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data.
network
low complexity
mozilla debian CWE-119
7.5
2018-06-11 CVE-2016-5296 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash.
network
low complexity
mozilla debian CWE-119
7.5
2017-03-15 CVE-2016-10196 Out-of-bounds Write vulnerability in multiple products
Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument.
network
low complexity
debian libevent-project mozilla CWE-787
7.5
2016-03-13 CVE-2016-1974 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted Unicode data in an HTML, XML, or SVG document.
network
low complexity
mozilla oracle suse opensuse CWE-119
8.8
2016-03-13 CVE-2016-1966 The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference and memory corruption) via a crafted NPAPI plugin.
network
low complexity
oracle mozilla opensuse
8.8