46 matches found
DLA-3791-1 thunderbird - security update
Bulletin has no description...
CVE-2022-3032
When receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the inner HTML document, remote objects specified in the nested document, for example images or videos, were not blocked. Rather, the network was accessed, the objects were loaded and displayed...
CVE-2022-1834
When displaying the sender of an email, and the sender name contained the Braille Pattern Blank space character multiple times, Thunderbird would have displayed all the spaces. This could have been used by an attacker to send an email message with the attacker's digital signature, that was shown...
DSA-5238-1 thunderbird - security update
Bulletin has no description...
Privilege Escalation
thunderbird is vulnerable to privilege escalation. The vulnerability exists due to an ignored OpenPGP revocation information allowing a revoked key to be kept as non-revoked...
Mozilla: OpenPGP revocation information was ignored
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: When importing a revoked key that specified key compromise as the revocation reason, Thunderbird did not update the existing copy of the key that was not yet revoked, and the existing key was kept as...
DSA-5094-1 thunderbird - security update
Bulletin has no description...
DLA-2930-1 thunderbird - security update
Bulletin has no description...
DSA-5086-1 thunderbird - security update
Bulletin has no description...
DLA-2874-1 thunderbird - security update
Bulletin has no description...
CVE-2021-29957
If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the message are protected. This vulnerability affects Thunderbird 78.10.2...
CVE-2021-23993
An attacker may perform a DoS attack to prevent a user from sending encrypted email to a correspondent. If an attacker creates a crafted OpenPGP key with a subkey that has an invalid self signature, and the Thunderbird user imports the crafted key, then Thunderbird may try to use the invalid...
DLA-2497-1 thunderbird - security update
Bulletin has no description...
CVE-2020-26968
Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 83, Firefox E...
Arbitrary Code Execution
thunderbird is vulnerable to arbitrary code execution. When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be...
DLA-2360-1 thunderbird - security update
Bulletin has no description...
Arbitrary Code Execution
thunderbird is vulnerable to arbitrary code execution. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running...
CVE-2019-11755
A crafted S/MIME message consisting of an inner encryption layer and an outer SignedData layer was shown as having a valid digital signature, although the signer might have had no access to the contents of the encrypted message, and might have stripped a different signature from the encrypted...
Denial Of Service (DoS)
firefox/thunderbird is vulnerable to denial of service. An integer overflow vulnerability in the Skia library can occur after specific transform operations, leading to a potentially exploitable crash...
CVE-2019-9792
The IonMonkey just-in-time JIT compiler can leak an internal JSOPTIMIZEDOUT magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory corruption, which results in a potentially exploitable crash. This vulnerability affects Thunderbird...