Design/Logic Flaw

Mail in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to trigger a refresh operation, and consequently cause a visit to an arbitrary web site, via a crafted HTML e-mail message...

CVE-2015-4657

Cross-site scripting XSS vulnerability in Mailbird 2.0.16.0 and earlier allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with a crafted URL...

Cross site scripting

Cross-site scripting XSS vulnerability in Mailbird 2.0.16.0 and earlier allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with a crafted URL...

CVE-2015-4657

Cross-site scripting XSS vulnerability in Mailbird 2.0.16.0 and earlier allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with a crafted URL...

CVE-2014-8921

The IBM Notes Traveler Companion application 1.0 and 1.1 before 201411010515 for Window Phone, as distributed in IBM Notes Traveler 9.0.1, does not properly restrict the number of executions of the automatic configuration option, which makes it easier for remote attackers to capture credentials b...

FreeBSD : mutt -- denial of service via crafted mail message (c3d43001-8064-11e4-801f-0022156e8794)

NVD reports : The writeoneheader function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service crash via a header with an empty body, which triggers a heap-based buffer overflow in the muttsubstrdup...

mutt -- denial of service via crafted mail message

NVD reports: The writeoneheader function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service crash via a header with an empty body, which triggers a heap-based buffer overflow in the muttsubstrdup...

Important: Red Hat Security Advisory: thunderbird security update

An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings,...

Cross site scripting

Cross-site scripting XSS vulnerability in IBM iNotes and Domino 8.5.3 FP6 before IF2 and 9.0.1 before FP1 allows remote attackers to inject arbitrary web script or HTML via an e-mail message, aka SPR BFEY9GXHZE...

CVE-2014-2018

Cross-site scripting XSS vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in a 1 OBJECT or 2 EMBED...

CVE-2013-4065

Cross-site scripting XSS vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ultra-light mode is enabled, allows remote attackers to inject arbitrary web script or HTML via active content in an e-mail message, aka SPR TCLE98ZKRP...

Cross site scripting

Cross-site scripting XSS vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ultra-light mode is enabled, allows remote attackers to inject arbitrary web script or HTML via active content in an e-mail message, aka SPR TCLE98ZKRP...

Cross site scripting

Cross-site scripting XSS vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1 allows remote attackers to inject arbitrary web script or HTML via active content in an e-mail message, aka SPRs PTHN9AQMV7 and TCLE98ZKRP...

CVE-2013-5118

Cross-site scripting XSS vulnerability in the Good for Enterprise app before 2.2.4.1659 for iOS allows remote attackers to inject arbitrary web script or HTML via an HTML e-mail message...

OTRS ITSM 'Body' Field HTML Injection Vulnerability (OSA-2012-01)

OTRS Open Ticket Request System or OTRS:ITSM is prone to HTML injection vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if...

CVE-2013-1087

Cross-site scripting XSS vulnerability in the client in Novell GroupWise through 8.0.3 HP3, and 2012 through SP2, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML via the body of an e-mail message...

Important: Red Hat Security Advisory: thunderbird security update

An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

Integer overflow

Integer overflow in IBM Notes 8.5.x before 8.5.3 FP4 Interim Fix 1 and 9.x before 9.0 Interim Fix 1 on Windows, and 8.5.x before 8.5.3 FP5 and 9.x before 9.0.1 on Linux, allows remote attackers to execute arbitrary code via a malformed PNG image in a previewed e-mail message, aka SPR NPEI96K82Q...

Code injection

Microsoft Windows Modern Mail allows remote attackers to spoof link targets via a crafted HTML e-mail message...

CVE-2013-1299

CVE-2013-1299 affects Microsoft Windows Modern Mail. The vulnerability allows remote attackers to spoof link targets in crafted HTML e-mails due to improper handling of link targets, enabling phishing-like deception. Affected component is Windows Modern Mail; underlying cause is spoofable link ta...