Vulnerabilities > Mozilla > Thunderbird > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-09-27 CVE-2019-11742 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Mozilla Firefox
A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a <canvas> element due to an error in how same-origin policy is applied to cached image content.
network
low complexity
mozilla CWE-829
6.5
2019-09-27 CVE-2019-11739 Cleartext Transmission of Sensitive Information vulnerability in Mozilla Thunderbird
Encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a a HTML reply/forward.
network
low complexity
mozilla CWE-319
6.5
2019-07-23 CVE-2019-9817 Origin Validation Error vulnerability in Mozilla Thunderbird
Images from a different domain can be read using a canvas object in some circumstances.
network
low complexity
mozilla CWE-346
5.3
2019-07-23 CVE-2019-9816 Type Confusion vulnerability in Mozilla Thunderbird
A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups.
network
high complexity
mozilla CWE-843
5.9
2019-07-23 CVE-2019-11730 A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed.
network
low complexity
mozilla debian opensuse suse
6.5
2019-07-23 CVE-2019-11717 Improper Encoding or Escaping of Output vulnerability in multiple products
A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes.
network
low complexity
mozilla debian novell opensuse CWE-116
5.3
2019-07-23 CVE-2019-11715 Cross-site Scripting vulnerability in Mozilla Firefox
Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances.
network
low complexity
mozilla CWE-79
6.1
2019-07-23 CVE-2019-11698 Improper Input Validation vulnerability in Mozilla Firefox
If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data.
network
low complexity
mozilla CWE-20
5.3
2019-04-26 CVE-2019-9801 Improper Input Validation vulnerability in Mozilla Firefox
Firefox will accept any registered Program ID as an external protocol handler and offer to launch this local application when given a matching URL on Windows operating systems.
network
low complexity
mozilla CWE-20
5.3
2019-04-26 CVE-2019-9793 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox
A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled.
network
high complexity
mozilla CWE-119
5.9