Vulnerabilities > Mozilla > Thunderbird > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-04-26 CVE-2018-18509 Improper Verification of Cryptographic Signature vulnerability in Mozilla Thunderbird
A flaw during verification of certain S/MIME signatures causes emails to be shown in Thunderbird as having a valid digital signature, even if the shown message contents aren't covered by the signature.
network
low complexity
mozilla CWE-347
5.3
2019-02-28 CVE-2018-18499 Origin Validation Error vulnerability in Mozilla Firefox
A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries().
network
low complexity
mozilla CWE-346
6.5
2019-02-28 CVE-2018-18494 Origin Validation Error vulnerability in multiple products
A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries().
network
low complexity
mozilla debian canonical redhat CWE-346
6.5
2019-02-04 CVE-2019-7317 Use After Free vulnerability in multiple products
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
5.3
2018-10-18 CVE-2018-12383 Insufficiently Protected Credentials vulnerability in multiple products
If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible.
local
low complexity
redhat debian canonical mozilla CWE-522
5.5
2018-10-18 CVE-2018-12374 Information Exposure vulnerability in multiple products
Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field.
network
low complexity
mozilla redhat debian canonical CWE-200
4.3
2018-10-18 CVE-2018-12373 Information Exposure vulnerability in multiple products
dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward.
network
low complexity
mozilla redhat debian canonical CWE-200
6.5
2018-10-18 CVE-2018-12372 Information Exposure vulnerability in multiple products
Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward.
network
low complexity
mozilla redhat debian canonical CWE-200
6.5
2018-10-18 CVE-2018-12367 Improper Input Validation vulnerability in multiple products
In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals.
network
low complexity
debian canonical mozilla CWE-20
4.3
2018-10-18 CVE-2018-12366 Out-of-bounds Read vulnerability in multiple products
An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value.
network
low complexity
redhat debian canonical mozilla CWE-125
6.5