14 matches found
Security Vulnerabilities fixed in Thunderbird 138 — Mozilla
Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations...
PT-2025-14105
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 137 Firefox ESR versions prior to 128.9 Thunderbird versions prior to 137 Thunderbird ESR versions prior to 128.9 Description Memory safety bugs are present, showing evidence of memory corruption. It is presumed that...
Mozilla Thunderbird < 132.0
The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 132.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-59 advisory. - Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs...
MGASA-2022-0347 Updated thunderbird packages fix security vulnerabilities
When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead CVE-2022-40956. By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus...
MGASA-2022-0061 Updated thunderbird packages fix security vulnerabilities
If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions CVE-2022-22754. If a user was convinced to drag and drop an image to their desktop or other folder,...
MGASA-2020-0433 Updated thunderbird packages fix security vulnerabilities
Variable time processing of cross-origin images during drawImage calls. CVE-2020-16012 Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code. CVE-2020-26951 Fullscreen could be enabled without displaying the security UI. CVE-2020-26953 XSS through paste manual...
MGASA-2020-0352 Updated thunderbird packages fix security vulnerabilities
By holding a reference to the eval function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious...
MGASA-2019-0201 Updated thunderbird packages fix security vulnerabilities
Updated thunderbird packages fix security vulnerabilities: Type confusion in Array.pop. CVE-2019-11707 Sandbox escape using Prompt:Open. CVE-2019-11708...
Updated thunderbird packages fix security vulnerabilities
The updated thunderbird packages fix some bugs and security vulnerabilities: Heap buffer overflow in icalparser.c. CVE-2019-11703 Heap buffer overflow in icalvalue.c. CVE-2019-11704 Stack buffer overflow in icalrecur.c. CVE-2019-11705 Type confusion in icalproperty.c. CVE-2019-11706...
MGASA-2018-0115 Updated thunderbird packages fix security vulnerability
Integer overflow in Skia library during edge builder allocation. CVE-2018-5095 Use-after-free while editing form elements. CVE-2018-5096 Use-after-free when source document is manipulated during XSLT. CVE-2018-5097 Use-after-free while manipulating form input elements. CVE-2018-5098 Use-after-fre...
MGASA-2017-0477 Updated thunderbird packages fix security vulnerabilities
Multiple vulnerabilities have been fixed in thunderbird. JavaScript Execution via RSS in mailbox:// origin CVE-2017-7846. Local path string can be leaked from RSS feed CVE-2017-7847. RSS Feed vulnerable to new line Injection CVE-2017-7848. Mailsploit From address with encoded null character is cu...
CentOS Update for thunderbird CESA-2017:2534 centos6
Check the version of thunderbird SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882762";...
MGASA-2017-0006 Updated thunderbird packages fix security vulnerabilities
Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption CVE-2016-9899. Event handlers on marquee elements were executed despite a strict Content Security Policy CSP that disallowed inline JavaScript CVE-2016-9895. Memory corruption...
MGASA-2015-0234 Updated Firefox, Thunderbird & sqlite3 packages fix security vulnerabilities
Updated firefox, thunderbird, and sqlite3 packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to crash or, potentially, execute arbitrary code with the privileges of...