Vulnerabilities > Mozilla > Thunderbird > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-06-02 | CVE-2006-2786 | Unspecified vulnerability in Mozilla Firefox and Thunderbird HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbird before 1.5.0.4, when used with certain proxy servers, allows remote attackers to cause Firefox to interpret certain responses as if they were responses from two different sites via (1) invalid HTTP response headers with spaces between the header name and the colon, which might not be ignored in some cases, or (2) HTTP 1.1 headers through an HTTP 1.0 proxy, which are ignored by the proxy but processed by the client. | 2.6 |
| 2006-04-14 | CVE-2006-1736 | Unspecified vulnerability in Mozilla products Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image link that points to the executable, which causes the executable to be saved when the user clicks the "Save image as..." option. | 2.6 |
| 2006-04-14 | CVE-2006-1740 | Unspecified vulnerability in Mozilla products Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing the location to a malicious site. | 2.6 |
| 2006-03-07 | CVE-2006-1045 | Remote Information Disclosure vulnerability in Mozilla Thunderbird 1.5 The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP address, when the user reads the email and the external image is accessed. | 2.6 |
| 2006-02-22 | CVE-2006-0836 | Remote Denial of Service vulnerability in Mozilla Thunderbird 1.5 Mozilla Thunderbird 1.5 allows user-assisted attackers to cause an unspecified denial of service by tricking the user into importing an LDIF file with a long field into the address book, as demonstrated by a long homePhone field. | 2.6 |
| 2005-11-01 | CVE-2005-3402 | Unspecified vulnerability in Mozilla Thunderbird 1.0.5/1.0.7 The SMTP client in Mozilla Thunderbird 1.0.5 BETA, 1.0.7, and possibly other versions, does not notify users when it cannot establish a secure channel with the server, which allows remote attackers to obtain authentication information without detection via a man-in-the-middle (MITM) attack that bypasses TLS authentication or downgrades CRAM-MD5 authentication to plain authentication. | 2.6 |
| 2005-08-17 | CVE-2005-2602 | Unspecified vulnerability in Mozilla Firefox and Thunderbird Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote attackers to obfuscate URIs via a long URI, which causes the address bar to go blank and could facilitate phishing attacks. | 2.6 |
| 2005-08-05 | CVE-2005-2353 | Unspecified vulnerability in Mozilla Thunderbird 1.5.0.9 run-mozilla.sh in Thunderbird, with debugging enabled, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files. | 2.1 |
| 2005-05-02 | CVE-2005-0142 | Unspecified vulnerability in Mozilla Firefox, Mozilla and Thunderbird Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and Mozilla 1.7 before 1.7.5 save temporary files with world-readable permissions, which allows local users to read certain web content or attachments that belong to other users, e.g. | 2.1 |
| 2004-12-31 | CVE-2004-1449 | File-Upload vulnerability in Browser Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user's hard drive by obscuring a file upload control and tricking the user into dragging text into that control. | 2.6 |