Vulnerabilities > Mozilla > Thunderbird > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-07-23 CVE-2019-11715 Cross-site Scripting vulnerability in Mozilla Firefox
Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances.
network
low complexity
mozilla CWE-79
6.1
2019-07-23 CVE-2019-11698 Improper Input Validation vulnerability in Mozilla Firefox
If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data.
network
low complexity
mozilla CWE-20
5.3
2019-04-26 CVE-2019-9801 Improper Input Validation vulnerability in Mozilla Firefox
Firefox will accept any registered Program ID as an external protocol handler and offer to launch this local application when given a matching URL on Windows operating systems.
network
low complexity
mozilla CWE-20
5.3
2019-04-26 CVE-2019-9793 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox
A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled.
network
high complexity
mozilla CWE-119
5.9
2019-04-26 CVE-2018-18509 Improper Verification of Cryptographic Signature vulnerability in Mozilla Thunderbird
A flaw during verification of certain S/MIME signatures causes emails to be shown in Thunderbird as having a valid digital signature, even if the shown message contents aren't covered by the signature.
network
low complexity
mozilla CWE-347
5.3
2019-02-28 CVE-2018-18499 Origin Validation Error vulnerability in Mozilla Firefox
A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries().
network
low complexity
mozilla CWE-346
6.5
2019-02-28 CVE-2018-18494 Origin Validation Error vulnerability in multiple products
A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries().
network
low complexity
mozilla debian canonical redhat CWE-346
6.5
2019-02-04 CVE-2019-7317 Use After Free vulnerability in multiple products
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
5.3
2018-10-18 CVE-2018-12383 Insufficiently Protected Credentials vulnerability in multiple products
If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible.
local
low complexity
redhat debian canonical mozilla CWE-522
5.5
2018-10-18 CVE-2018-12374 Information Exposure vulnerability in multiple products
Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field.
network
low complexity
mozilla redhat debian canonical CWE-200
4.3