Ubuntu: Security Advisory (USN-6563-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Design/Logic Flaw

The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despite a date or time mismatch. This could be...

Debian: Security Advisory (DLA-3680-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2023-32443 · WordPress · Post Smtp Mailer

Name of the Vulnerable Software and Affected Versions: POST SMTP Mailer WordPress plugin versions prior to 2.7.1 Description: The issue allows an unauthenticated attacker to perform XSS attacks against highly privileged users by not escaping email message content before displaying it in the...

CVE-2023-5631 Stored XSS vulnerability in Roundcube

Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcubewashtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code...

SUSE CVE-2012-4600

Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with nested HTML tags...

SUSE CVE-2017-17847

An issue was discovered in Enigmail before 1.9.9. Signature spoofing is possible because the UI does not properly distinguish between an attachment signature, and a signature that applies to the entire containing message, aka TBE-01-021. This is demonstrated by an e-mail message with an attachmen...

CVE-2022-0566

It may be possible for an attacker to craft an email message that causes Thunderbird to perform an out-of-bounds write of one byte when processing the message. This vulnerability affects Thunderbird 91.6.1...

CVE-2022-22658

An input validation issue was addressed with improved input validation. This issue is fixed in iOS 16.0.3. Processing a maliciously crafted email message may lead to a denial-of-service...

Input validation

An input validation issue was addressed with improved input validation. This issue is fixed in iOS 16.0.3. Processing a maliciously crafted email message may lead to a denial-of-service...

CVE-2022-29360

The Email Viewer in RainLoop through 1.6.0 allows XSS via a crafted email message...

CVE-2022-23101

OX App Suite through 7.10.6 allows XSS via appHandler in a deep link in an e-mail message...

CVE-2022-23101

OX App Suite through 7.10.6 allows XSS via appHandler in a deep link in an e-mail message...

Securimage HTML Injection

HTML Injection in Securimage prior to 3.6.6 allows remote attackers to inject arbitrary HTML into an e-mail message body via the $SERVER'HTTPUSERAGENT' parameter to exampleform.ajax.php or exampleform.php...

GHSA-Q6V4-XJP2-8GGV Securimage HTML Injection

HTML Injection in Securimage prior to 3.6.6 allows remote attackers to inject arbitrary HTML into an e-mail message body via the $SERVER'HTTPUSERAGENT' parameter to exampleform.ajax.php or exampleform.php...

Rocky Linux 8 : thunderbird (RLSA-2022:1730)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:1730 advisory. - The parent process would not properly check whether the Speech Synthesis feature is enabled, when receiving instructions from a child process. This...

Mozilla Thunderbird < 91.9

The version of Thunderbird installed on the remote Windows host is prior to 91.9. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-18 advisory. - Mozilla developers Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in...

Out-of-bounds Writes

Thunderbird is vulnerable to out-of-bounds writes. The vulnerability exists because of writing one byte when processing the message which allows an attacker to craft an email message that causes Thunderbird to perform an out-of-bounds write,...

AlmaLinux 8 : dovecot (ALSA-2021:1887)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:1887 advisory. - An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled...

[ASA-202106-22] thunderbird: arbitrary code execution

Arch Linux Security Advisory ASA-202106-22 ========================================== Severity: High Date : 2021-06-09 CVE-ID : CVE-2021-29967 Package : thunderbird Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-2035 Summary ======= The package thunderbird...