Vulnerabilities > Mozilla > Thunderbird > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-09-27 | CVE-2019-11742 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Mozilla Firefox A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a <canvas> element due to an error in how same-origin policy is applied to cached image content. | 6.5 |
2019-09-27 | CVE-2019-11739 | Cleartext Transmission of Sensitive Information vulnerability in Mozilla Thunderbird Encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a a HTML reply/forward. | 6.5 |
2019-07-23 | CVE-2019-9817 | Origin Validation Error vulnerability in Mozilla Thunderbird Images from a different domain can be read using a canvas object in some circumstances. | 5.3 |
2019-07-23 | CVE-2019-9816 | Type Confusion vulnerability in Mozilla Thunderbird A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. | 5.9 |
2019-07-23 | CVE-2019-11730 | A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. | 6.5 |
2019-07-23 | CVE-2019-11717 | Improper Encoding or Escaping of Output vulnerability in multiple products A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. | 5.3 |
2019-07-23 | CVE-2019-11715 | Cross-site Scripting vulnerability in Mozilla Firefox Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances. | 6.1 |
2019-07-23 | CVE-2019-11698 | Improper Input Validation vulnerability in Mozilla Firefox If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. | 5.3 |
2019-04-26 | CVE-2019-9801 | Improper Input Validation vulnerability in Mozilla Firefox Firefox will accept any registered Program ID as an external protocol handler and offer to launch this local application when given a matching URL on Windows operating systems. | 5.3 |
2019-04-26 | CVE-2019-9793 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. | 5.9 |