Vulnerabilities > Mozilla > Thunderbird > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-02 | CVE-2020-6795 | NULL Pointer Dereference vulnerability in Mozilla Thunderbird When processing a message that contains multiple S/MIME signatures, a bug in the MIME processing code caused a null pointer dereference, leading to an unexploitable crash. | 6.5 |
| 2020-03-02 | CVE-2020-6794 | Insufficiently Protected Credentials vulnerability in multiple products If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. | 6.5 |
| 2020-03-02 | CVE-2020-6793 | Use of Uninitialized Resource vulnerability in Mozilla Thunderbird When processing an email message with an ill-formed envelope, Thunderbird could read data from a random memory location. | 6.5 |
| 2020-03-02 | CVE-2020-6792 | Missing Initialization of Resource vulnerability in multiple products When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents. | 4.3 |
| 2020-01-08 | CVE-2019-11763 | Cross-site Scripting vulnerability in multiple products Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. | 6.1 |
| 2020-01-08 | CVE-2019-11762 | Origin Validation Error vulnerability in multiple products If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. | 6.1 |
| 2020-01-08 | CVE-2019-11761 | Missing Authorization vulnerability in multiple products By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. | 5.4 |
| 2019-09-27 | CVE-2019-11744 | Cross-site Scripting vulnerability in Mozilla Firefox Some HTML elements, such as <title> and <textarea>, can contain literal angle brackets without treating them as markup. | 6.1 |
| 2019-09-27 | CVE-2019-11742 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Mozilla Firefox A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a <canvas> element due to an error in how same-origin policy is applied to cached image content. | 6.5 |
| 2019-09-27 | CVE-2019-11739 | Cleartext Transmission of Sensitive Information vulnerability in Mozilla Thunderbird Encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a a HTML reply/forward. | 6.5 |