Vulnerabilities > Mozilla > Thunderbird > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-03-02 CVE-2020-6798 Cross-site Scripting vulnerability in Mozilla Thunderbird
If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed.
network
low complexity
mozilla CWE-79
6.1
2020-03-02 CVE-2020-6797 Improper Input Validation vulnerability in Mozilla Firefox
By downloading a file with the .fileloc extension, a semi-privileged extension could launch an arbitrary application on the user's computer.
network
low complexity
mozilla CWE-20
4.3
2020-03-02 CVE-2020-6795 NULL Pointer Dereference vulnerability in Mozilla Thunderbird
When processing a message that contains multiple S/MIME signatures, a bug in the MIME processing code caused a null pointer dereference, leading to an unexploitable crash.
network
low complexity
mozilla CWE-476
6.5
2020-03-02 CVE-2020-6794 Insufficiently Protected Credentials vulnerability in multiple products
If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible.
network
low complexity
mozilla canonical CWE-522
6.5
2020-03-02 CVE-2020-6793 Use of Uninitialized Resource vulnerability in Mozilla Thunderbird
When processing an email message with an ill-formed envelope, Thunderbird could read data from a random memory location.
network
low complexity
mozilla CWE-908
6.5
2020-03-02 CVE-2020-6792 Missing Initialization of Resource vulnerability in multiple products
When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents.
network
low complexity
mozilla canonical CWE-909
4.3
2020-01-08 CVE-2019-11763 Cross-site Scripting vulnerability in multiple products
Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities.
network
low complexity
mozilla canonical CWE-79
6.1
2020-01-08 CVE-2019-11762 Origin Validation Error vulnerability in multiple products
If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window.
network
low complexity
mozilla canonical CWE-346
6.1
2020-01-08 CVE-2019-11761 Missing Authorization vulnerability in multiple products
By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content.
network
low complexity
mozilla canonical CWE-862
5.4
2019-09-27 CVE-2019-11744 Cross-site Scripting vulnerability in Mozilla Firefox
Some HTML elements, such as <title> and <textarea>, can contain literal angle brackets without treating them as markup.
network
low complexity
mozilla CWE-79
6.1