Vulnerabilities > Mozilla > Thunderbird > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-10-18 CVE-2018-12373 Information Exposure vulnerability in multiple products
dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward.
network
low complexity
mozilla redhat debian canonical CWE-200
6.5
2018-10-18 CVE-2018-12372 Information Exposure vulnerability in multiple products
Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward.
network
low complexity
mozilla redhat debian canonical CWE-200
6.5
2018-10-18 CVE-2018-12367 Improper Input Validation vulnerability in multiple products
In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals.
network
low complexity
debian canonical mozilla CWE-20
4.3
2018-10-18 CVE-2018-12366 Out-of-bounds Read vulnerability in multiple products
An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value.
network
low complexity
redhat debian canonical mozilla CWE-125
6.5
2018-10-18 CVE-2018-12365 Information Exposure vulnerability in multiple products
A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction.
network
low complexity
redhat debian canonical mozilla CWE-200
6.5
2018-06-11 CVE-2018-5185 Missing Encryption of Sensitive Data vulnerability in multiple products
Plaintext of decrypted emails can leak through by user submitting an embedded form.
network
low complexity
redhat debian canonical mozilla CWE-311
6.5
2018-06-11 CVE-2018-5170 Improper Input Validation vulnerability in multiple products
It is possible to spoof the filename of an attachment and display an arbitrary attachment name.
network
low complexity
redhat mozilla debian canonical CWE-20
4.3
2018-06-11 CVE-2018-5168 Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element.
network
low complexity
debian mozilla canonical redhat
5.3
2018-06-11 CVE-2018-5161 Improper Input Validation vulnerability in multiple products
Crafted message headers can cause a Thunderbird process to hang on receiving the message.
network
low complexity
redhat debian canonical mozilla CWE-20
4.3
2018-06-11 CVE-2018-5117 If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL.
network
low complexity
debian redhat mozilla canonical
5.3