Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
MozillaThunderbird0.1

124 matches found

CVE
CVEadded 2011/09/29 12:55 a.m.59 views

CVE-2011-3001

Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent manual add-on installation in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that triggers an unspecifi...

4.3CVSS9AI score0.00201EPSS
CVE
CVEadded 2011/09/29 12:55 a.m.59 views

CVE-2011-3232

YARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, and SeaMonkey before 2.4, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript.

9.3CVSS9.6AI score0.04655EPSS
CVE
CVEadded 2011/12/21 4:2 a.m.59 views

CVE-2011-3666

Mozilla Firefox before 3.6.25 and Thunderbird before 3.1.17 on Mac OS X do not consider .jar files to be executable files, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted file. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-...

6.8CVSS6.4AI score0.00429EPSS
CVE
CVEadded 2009/07/20 6:30 p.m.58 views

CVE-2009-2535

Mozilla Firefox before 2.0.0.19 and 3.x before 3.0.5, SeaMonkey, and Thunderbird allow remote attackers to cause a denial of service (memory consumption and application crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.

5CVSS8.9AI score0.10788EPSS
CVE
CVEadded 2011/08/18 6:55 p.m.58 views

CVE-2011-2986

Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products, when the Direct2D (aka D2D) API is used on Windows, allows remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data i...

5CVSS9.2AI score0.00379EPSS
CVE
CVEadded 2004/12/31 5:0 a.m.57 views

CVE-2004-0908

Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows untrusted Javascript code to read and write to the clipboard, and possibly obtain sensitive information, via script-generated events such as Ctrl-Ins.

4CVSS6.2AI score0.02792EPSS
CVE
CVEadded 2011/09/29 12:55 a.m.57 views

CVE-2011-2997

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10CVSS9.9AI score0.02981EPSS
CVE
CVEadded 2009/08/13 4:30 p.m.56 views

CVE-2008-6961

mailnews in Mozilla Thunderbird before 2.0.0.18 and SeaMonkey before 1.1.13, when JavaScript is enabled in mail, allows remote attackers to obtain sensitive information about the recipient, or comments in forwarded mail, via script that reads the (1) .documentURI or (2) .textContent DOM properties.

4.3CVSS9AI score0.00651EPSS
CVE
CVEadded 2004/12/31 5:0 a.m.55 views

CVE-2004-0906

The XPInstall installer in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 sets insecure permissions for certain installed files within xpi packages, which could allow local users to overwrite arbitrary files or execute arbitrary code.

4.6CVSS6.6AI score0.00144EPSS
CVE
CVEadded 2010/03/23 12:53 a.m.55 views

CVE-2010-0163

Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 process e-mail attachments with a parser that performs casts and line termination incorrectly, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted message, rel...

4.3CVSS7.3AI score0.05442EPSS
CVE
CVEadded 2010/09/09 7:0 p.m.55 views

CVE-2010-2770

Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Mac OS X allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted font in a data...

9.3CVSS8.9AI score0.03775EPSS
CVE
CVEadded 2008/09/27 10:30 a.m.53 views

CVE-2008-4070

Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long header in a news article, related to "canceling [a] newsgroup message" and "cancelled ...

10CVSS10AI score0.01718EPSS
CVE
CVEadded 2011/08/18 6:55 p.m.53 views

CVE-2011-2987

Heap-based buffer overflow in Almost Native Graphics Layer Engine (ANGLE), as used in the WebGL implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products might allow remote attackers to execute arbitrary code via unspecified vectors...

10CVSS9.7AI score0.07952EPSS
CVE
CVEadded 2011/08/18 6:55 p.m.53 views

CVE-2011-2992

The Ogg reader in the browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vector...

10CVSS9.7AI score0.03915EPSS
CVE
CVEadded 2005/05/02 4:0 a.m.52 views

CVE-2005-0590

The installation confirmation dialog in Firefox before 1.0.1, Thunderbird before 1.0.1, and Mozilla before 1.7.6 allows remote attackers to use InstallTrigger to spoof the hostname of the host performing the installation via a long "user:pass" sequence in the URL, which appears before the real host...

5CVSS6.2AI score0.01766EPSS
CVE
CVEadded 2011/08/18 6:55 p.m.52 views

CVE-2011-2991

The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement JavaScript, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary...

10CVSS9.8AI score0.04124EPSS
CVE
CVEadded 2010/07/30 8:30 p.m.51 views

CVE-2010-1210

intl/uconv/util/nsUnicodeDecodeHelper.cpp in Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 inserts a U+FFFD sequence into text in certain circumstances involving undefined positions, which might make it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafte...

4.3CVSS8.4AI score0.00254EPSS
CVE
CVEadded 2011/11/09 11:55 a.m.51 views

CVE-2011-3654

The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly handle links from SVG mpath elements to non-SVG elements, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspeci...

10CVSS9.8AI score0.19734EPSS
CVE
CVEadded 2004/12/31 5:0 a.m.50 views

CVE-2004-0909

Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 may allow remote attackers to trick users into performing unexpected actions, including installing software, via signed scripts that request enhanced abilities using the enablePrivilege parameter, then modi...

5.1CVSS6.3AI score0.06051EPSS
CVE
CVEadded 2011/11/09 11:55 a.m.48 views

CVE-2011-3652

The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.

10CVSS9.8AI score0.05919EPSS
CVE
CVEadded 2004/12/31 5:0 a.m.47 views

CVE-2004-0907

The Linux install .tar.gz archives for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8, create certain files with insecure permissions, which could allow local users to overwrite those files and execute arbitrary code.

4.6CVSS6.9AI score0.00077EPSS
CVE
CVEadded 2011/11/09 11:55 a.m.46 views

CVE-2011-3653

Mozilla Firefox before 8.0 and Thunderbird before 8.0 on Mac OS X do not properly interact with the GPU memory behavior of a certain driver for Intel integrated GPUs, which allows remote attackers to bypass the Same Origin Policy and read image data via vectors related to WebGL textures.

5CVSS8.9AI score0.00234EPSS
CVE
CVEadded 2011/12/21 4:2 a.m.45 views

CVE-2011-3664

Mozilla Firefox before 9.0, Thunderbird before 9.0, and SeaMonkey before 2.6 on Mac OS X do not properly handle certain DOM frame deletions by plugins, which allows remote attackers to cause a denial of service (incorrect pointer dereference and application crash) or possibly have unspecified other...

6.8CVSS7.2AI score0.01153EPSS
CVE
CVEadded 2010/03/23 12:53 a.m.44 views

CVE-2010-0161

The nsAuthSSPI::Unwrap function in extensions/auth/nsAuthSSPI.cpp in Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 on Windows Vista, Windows Server 2008 R2, and Windows 7 allows remote SMTP, IMAP, and POP servers to cause a denial of service (heap memory corruption and application...

4.3CVSS7.2AI score0.01503EPSS
Total number of security vulnerabilities124