Lucene search
K

46 matches found

OSV
OSV
added 2024/04/22 12:0 a.m.25 views

DLA-3791-1 thunderbird - security update

Bulletin has no description...

8.8CVSS6.9AI score0.00847EPSS
Exploits2
OSV
OSV
added 2022/12/22 8:15 p.m.7 views

CVE-2022-3032

When receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the inner HTML document, remote objects specified in the nested document, for example images or videos, were not blocked. Rather, the network was accessed, the objects were loaded and displayed...

6.5CVSS8.3AI score
Exploits0References3
OSV
OSV
added 2022/12/22 8:15 p.m.9 views

CVE-2022-1834

When displaying the sender of an email, and the sender name contained the Braille Pattern Blank space character multiple times, Thunderbird would have displayed all the spaces. This could have been used by an attacker to send an email message with the attacker's digital signature, that was shown...

6.5CVSS9.1AI score
Exploits0References2
OSV
OSV
added 2022/09/27 12:0 a.m.25 views

DSA-5238-1 thunderbird - security update

Bulletin has no description...

8.8CVSS7.2AI score0.01342EPSS
Exploits0
Veracode
Veracode
added 2022/04/13 9:21 a.m.34 views

Privilege Escalation

thunderbird is vulnerable to privilege escalation. The vulnerability exists due to an ignored OpenPGP revocation information allowing a revoked key to be kept as non-revoked...

5.4CVSS2.9AI score0.00373EPSS
Exploits0References3Affected Software3
RedHat Linux
RedHat Linux
added 2022/04/11 1:52 p.m.3 views

Mozilla: OpenPGP revocation information was ignored

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: When importing a revoked key that specified key compromise as the revocation reason, Thunderbird did not update the existing copy of the key that was not yet revoked, and the existing key was kept as...

5.4CVSS7.3AI score0.00373EPSS
Exploits0References4
OSV
OSV
added 2022/03/08 12:0 a.m.38 views

DSA-5094-1 thunderbird - security update

Bulletin has no description...

9.6CVSS8.9AI score0.14261EPSS
Exploits2
OSV
OSV
added 2022/03/01 12:0 a.m.28 views

DLA-2930-1 thunderbird - security update

Bulletin has no description...

8.8CVSS9AI score0.00701EPSS
Exploits0
OSV
OSV
added 2022/02/23 12:0 a.m.23 views

DSA-5086-1 thunderbird - security update

Bulletin has no description...

8.8CVSS9AI score0.00701EPSS
Exploits0
OSV
OSV
added 2022/01/04 12:0 a.m.18 views

DLA-2874-1 thunderbird - security update

Bulletin has no description...

10CVSS7.6AI score0.0383EPSS
Exploits0
OSV
OSV
added 2021/06/24 2:15 p.m.9 views

CVE-2021-29957

If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the message are protected. This vulnerability affects Thunderbird 78.10.2...

4.3CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2021/06/24 2:15 p.m.4 views

CVE-2021-23993

An attacker may perform a DoS attack to prevent a user from sending encrypted email to a correspondent. If an attacker creates a crafted OpenPGP key with a subkey that has an invalid self signature, and the Thunderbird user imports the crafted key, then Thunderbird may try to use the invalid...

6.5CVSS6.6AI score
Exploits0References2
OSV
OSV
added 2020/12/17 12:0 a.m.27 views

DLA-2497-1 thunderbird - security update

Bulletin has no description...

8.8CVSS7AI score0.01876EPSS
Exploits0
OSV
OSV
added 2020/12/09 1:15 a.m.7 views

CVE-2020-26968

Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 83, Firefox E...

8.8CVSS9.1AI score
Exploits0References4
Veracode
Veracode
added 2020/12/06 4:13 a.m.21 views

Arbitrary Code Execution

thunderbird is vulnerable to arbitrary code execution. When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be...

8.8CVSS2.8AI score0.01222EPSS
Exploits0References4Affected Software6
OSV
OSV
added 2020/08/31 12:0 a.m.37 views

DLA-2360-1 thunderbird - security update

Bulletin has no description...

8.8CVSS7.7AI score0.01378EPSS
Exploits0
Veracode
Veracode
added 2020/04/10 12:48 a.m.51 views

Arbitrary Code Execution

thunderbird is vulnerable to arbitrary code execution. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running...

9.3CVSS3.1AI score0.0455EPSS
Exploits0References30Affected Software5
OSV
OSV
added 2019/09/27 6:15 p.m.6 views

CVE-2019-11755

A crafted S/MIME message consisting of an inner encryption layer and an outer SignedData layer was shown as having a valid digital signature, although the signer might have had no access to the contents of the encrypted message, and might have stripped a different signature from the encrypted...

7.5CVSS7.6AI score
Exploits0References9
Veracode
Veracode
added 2019/05/16 3:56 a.m.24 views

Denial Of Service (DoS)

firefox/thunderbird is vulnerable to denial of service. An integer overflow vulnerability in the Skia library can occur after specific transform operations, leading to a potentially exploitable crash...

6.5CVSS7.4AI score0.01192EPSS
Exploits0References5Affected Software5
OSV
OSV
added 2019/04/26 5:29 p.m.8 views

CVE-2019-9792

The IonMonkey just-in-time JIT compiler can leak an internal JSOPTIMIZEDOUT magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory corruption, which results in a potentially exploitable crash. This vulnerability affects Thunderbird...

9.8CVSS9AI score
Exploits0References7
Rows per page
Query Builder