Thunderbird@1.5.0.3 Security Vulnerabilities and Issues — Thunderbird@1.5.0.3 CVE List

Lucene search

MozillaThunderbird1.5.0.3

10 matches found

CVE•added 2006/11/08 9:7 p.m.•95 views

CVE-2006-5462

Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatur...

6.4CVSS5.6AI score0.12793EPSS

CVE•added 2006/11/08 9:7 p.m.•95 views

CVE-2006-5464

Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) via unspecified vectors.

5CVSS6.4AI score0.22092EPSS

CVE•added 2006/06/02 7:2 p.m.•83 views

CVE-2006-2781

Double free vulnerability in nsVCard.cpp in Mozilla Thunderbird before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a VCard that contains invalid base64 characters.

6.4CVSS7.3AI score0.07236EPSS

CVE•added 2006/06/02 6:2 p.m.•82 views

CVE-2006-2778

The crypto.signText function in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to execute arbitrary code via certain optional Certificate Authority name arguments, which causes an invalid array index and triggers a buffer overflow.

5CVSS7.4AI score0.18512EPSS

CVE•added 2006/06/02 8:2 p.m.•81 views

CVE-2006-2786

HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbird before 1.5.0.4, when used with certain proxy servers, allows remote attackers to cause Firefox to interpret certain responses as if they were responses from two different sites via (1) invalid HTTP response headers with spaces...

2.6CVSS6.2AI score0.02439EPSS

CVE•added 2006/06/02 7:2 p.m.•74 views

CVE-2006-2780

Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via "jsstr tagify," which leads to memory corruption.

9.3CVSS7.6AI score0.26533EPSS

CVE•added 2006/12/20 1:28 a.m.•74 views

CVE-2006-6498

Multiple unspecified vulnerabilities in the JavaScript engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, SeaMonkey before 1.0.7, and Mozilla 1.7 and probably earlier on Solaris, allow remote attackers to cause a denial of service (memory corruption and...

6.8CVSS7.8AI score0.13484EPSS

CVE•added 2006/12/20 1:28 a.m.•71 views

CVE-2006-6502

Use-after-free vulnerability in the LiveConnect bridge code for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) via unknown vectors.

7.1CVSS6.4AI score0.17489EPSS

CVE•added 2006/07/29 12:4 a.m.•69 views

CVE-2006-3812

Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to reference remote files and possibly load chrome: URLs by tricking the user into copying or dragging links.

2.6CVSS6.2AI score0.13369EPSS

CVE•added 2006/06/02 7:2 p.m.•66 views

CVE-2006-2783

Mozilla Firefox and Thunderbird before 1.5.0.4 strip the Unicode Byte-order-Mark (BOM) from a UTF-8 page before the page is passed to the parser, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a BOM sequence in the middle of a dangerous tag such as SCRIPT.

4.3CVSS6.9AI score0.04975EPSS