Vulnerabilities > Mozilla > Thunderbird > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-23 | CVE-2019-11715 | Cross-site Scripting vulnerability in Mozilla Firefox Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances. | 6.1 |
| 2019-07-23 | CVE-2019-11698 | Improper Input Validation vulnerability in Mozilla Firefox If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. | 5.3 |
| 2019-04-26 | CVE-2019-9801 | Improper Input Validation vulnerability in Mozilla Firefox Firefox will accept any registered Program ID as an external protocol handler and offer to launch this local application when given a matching URL on Windows operating systems. | 5.3 |
| 2019-04-26 | CVE-2019-9793 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. | 5.9 |
| 2019-04-26 | CVE-2018-18509 | Improper Verification of Cryptographic Signature vulnerability in Mozilla Thunderbird A flaw during verification of certain S/MIME signatures causes emails to be shown in Thunderbird as having a valid digital signature, even if the shown message contents aren't covered by the signature. | 5.3 |
| 2019-02-28 | CVE-2018-18499 | Origin Validation Error vulnerability in Mozilla Firefox A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries(). | 6.5 |
| 2019-02-28 | CVE-2018-18494 | Origin Validation Error vulnerability in multiple products A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). | 6.5 |
| 2019-02-04 | CVE-2019-7317 | Use After Free vulnerability in multiple products png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. | 5.3 |
| 2018-10-18 | CVE-2018-12383 | Insufficiently Protected Credentials vulnerability in multiple products If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. | 5.5 |
| 2018-10-18 | CVE-2018-12374 | Information Exposure vulnerability in multiple products Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field. | 4.3 |