Vulnerabilities > Mozilla > Thunderbird > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-07-09 CVE-2020-12399 Information Exposure Through Discrepancy vulnerability in multiple products
NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys.
local
high complexity
mozilla debian CWE-203
4.4
2020-05-26 CVE-2020-12392 Path Traversal vulnerability in multiple products
The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website.
local
low complexity
mozilla canonical CWE-22
5.5
2020-05-22 CVE-2020-12397 Origin Validation Error vulnerability in multiple products
By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays.
network
low complexity
mozilla canonical CWE-346
4.3
2020-03-25 CVE-2020-6812 Information Exposure vulnerability in multiple products
The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g.
network
low complexity
mozilla canonical CWE-200
5.3
2020-03-02 CVE-2020-6798 Cross-site Scripting vulnerability in Mozilla Thunderbird
If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed.
network
low complexity
mozilla CWE-79
6.1
2020-03-02 CVE-2020-6797 Improper Input Validation vulnerability in Mozilla Firefox
By downloading a file with the .fileloc extension, a semi-privileged extension could launch an arbitrary application on the user's computer.
network
low complexity
mozilla CWE-20
4.3
2020-03-02 CVE-2020-6795 NULL Pointer Dereference vulnerability in Mozilla Thunderbird
When processing a message that contains multiple S/MIME signatures, a bug in the MIME processing code caused a null pointer dereference, leading to an unexploitable crash.
network
low complexity
mozilla CWE-476
6.5
2020-03-02 CVE-2020-6794 Insufficiently Protected Credentials vulnerability in multiple products
If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible.
network
low complexity
mozilla canonical CWE-522
6.5
2020-03-02 CVE-2020-6793 Use of Uninitialized Resource vulnerability in Mozilla Thunderbird
When processing an email message with an ill-formed envelope, Thunderbird could read data from a random memory location.
network
low complexity
mozilla CWE-908
6.5
2020-03-02 CVE-2020-6792 Missing Initialization of Resource vulnerability in multiple products
When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents.
network
low complexity
mozilla canonical CWE-909
4.3