7 matches found
Astra Linux – Vulnerability in Firefox, Thunderbird
A compromised content process could have allowed for the arbitrary loading of cross-origin pages. This vulnerability affects Firefox 131, Firefox ESR 128.3, Firefox ESR 115.16, Thunderbird 128.3, and Thunderbird 131...
SUSE CVE-2017-7847
Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name. This vulnerability affects Thunderbird 52.5.2...
SUSE CVE-2021-23993
An attacker may perform a DoS attack to prevent a user from sending encrypted email to a correspondent. If an attacker creates a crafted OpenPGP key with a subkey that has an invalid self signature, and the Thunderbird user imports the crafted key, then Thunderbird may try to use the invalid...
UBUNTU-CVE-2022-3034
When receiving an HTML email that specified to load an iframe element from a remote location, a request to the remote document was sent. However, Thunderbird didn't display the document. This vulnerability affects Thunderbird 102.2.1 and Thunderbird 91.13.1...
UBUNTU-CVE-2021-4126
When receiving an OpenPGP/MIME signed email message that contains an additional outer MIME message layer, for example a message footer added by a mailing list gateway, Thunderbird only considered the inner signed message for the signature validity. This gave the false impression that the addition...
DEBIAN-CVE-2019-11739
Encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird 68.1 and Thunderbird 60.9...
Firefox javascript crashes with evidence of memory corruption
Unspecified vulnerability in Mozilla Firefox 3.x before 3.0.6, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via vectors related to the JavaScript engine...