Vulnerabilities > Mozilla > Thunderbird > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-01-08 CVE-2019-11763 Cross-site Scripting vulnerability in multiple products
Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities.
network
low complexity
mozilla canonical CWE-79
6.1
2020-01-08 CVE-2019-11762 Origin Validation Error vulnerability in multiple products
If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window.
network
low complexity
mozilla canonical CWE-346
6.1
2020-01-08 CVE-2019-11761 Missing Authorization vulnerability in multiple products
By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content.
network
low complexity
mozilla canonical CWE-862
5.4
2019-09-27 CVE-2019-11744 Cross-site Scripting vulnerability in Mozilla Firefox
Some HTML elements, such as <title> and <textarea>, can contain literal angle brackets without treating them as markup.
network
low complexity
mozilla CWE-79
6.1
2019-09-27 CVE-2019-11742 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Mozilla Firefox
A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a <canvas> element due to an error in how same-origin policy is applied to cached image content.
network
low complexity
mozilla CWE-829
6.5
2019-09-27 CVE-2019-11739 Cleartext Transmission of Sensitive Information vulnerability in Mozilla Thunderbird
Encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a a HTML reply/forward.
network
low complexity
mozilla CWE-319
6.5
2019-07-23 CVE-2019-9817 Origin Validation Error vulnerability in Mozilla Thunderbird
Images from a different domain can be read using a canvas object in some circumstances.
network
low complexity
mozilla CWE-346
5.3
2019-07-23 CVE-2019-9816 Type Confusion vulnerability in Mozilla Thunderbird
A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups.
network
high complexity
mozilla CWE-843
5.9
2019-07-23 CVE-2019-11730 A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed.
network
low complexity
mozilla debian opensuse suse
6.5
2019-07-23 CVE-2019-11717 Improper Encoding or Escaping of Output vulnerability in multiple products
A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes.
network
low complexity
mozilla debian novell opensuse CWE-116
5.3