Vulnerabilities > Mozilla > Thunderbird > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-10-18 CVE-2018-12365 Information Exposure vulnerability in multiple products
A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction.
network
low complexity
redhat debian canonical mozilla CWE-200
6.5
2018-06-11 CVE-2018-5185 Missing Encryption of Sensitive Data vulnerability in multiple products
Plaintext of decrypted emails can leak through by user submitting an embedded form.
network
low complexity
redhat debian canonical mozilla CWE-311
6.5
2018-06-11 CVE-2018-5170 Improper Input Validation vulnerability in multiple products
It is possible to spoof the filename of an attachment and display an arbitrary attachment name.
network
low complexity
redhat mozilla debian canonical CWE-20
4.3
2018-06-11 CVE-2018-5168 Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element.
network
low complexity
debian mozilla canonical redhat
5.3
2018-06-11 CVE-2018-5161 Improper Input Validation vulnerability in multiple products
Crafted message headers can cause a Thunderbird process to hang on receiving the message.
network
low complexity
redhat debian canonical mozilla CWE-20
4.3
2018-06-11 CVE-2018-5117 If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL.
network
low complexity
debian redhat mozilla canonical
5.3
2018-06-11 CVE-2017-7848 Injection vulnerability in multiple products
RSS fields can inject new lines into the created email structure, modifying the message body.
network
low complexity
mozilla redhat debian CWE-74
5.3
2018-06-11 CVE-2017-7847 Information Exposure vulnerability in multiple products
Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name.
network
low complexity
debian redhat mozilla CWE-200
4.3
2018-06-11 CVE-2017-7830 The Resource Timing API incorrectly revealed navigations in cross-origin iframes.
network
low complexity
debian mozilla redhat
6.5
2018-06-11 CVE-2017-7829 Improper Input Validation vulnerability in multiple products
It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient.
network
low complexity
mozilla redhat debian canonical CWE-20
5.3