Thunderbird@2.0.0.19 Security Vulnerabilities and Issues — Thunderbird@2.0.0.19 CVE List

Lucene search

MozillaThunderbird2.0.0.19

15 matches found

CVE•added 2009/02/20 7:30 p.m.•266 views

CVE-2009-0652

The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox 3.0.6 and other versions before 3.0.9; Thunderbird before 2.0.0.21; and SeaMonkey before 1.1.15 does not include box-drawing characters, which allows remote attackers to spoof URLs and conduct phishing attacks, as demonstrated by...

5.8CVSS7.8AI score0.08584EPSS

CVE•added 2009/07/22 6:30 p.m.•94 views

CVE-2009-2463

Multiple integer overflows in the (1) PL_Base64Decode and (2) PL_Base64Encode functions in nsprpub/lib/libc/src/base64.c in Mozilla Firefox before 3.0.12, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application ...

10CVSS7.8AI score0.04167EPSS

CVE•added 2009/03/05 2:30 a.m.•85 views

CVE-2009-0772

The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection, which t...

9.3CVSS9.6AI score0.07324EPSS

CVE•added 2009/03/05 2:30 a.m.•83 views

CVE-2009-0776

nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect.

7.1CVSS9.2AI score0.00865EPSS

CVE•added 2009/04/22 6:30 p.m.•82 views

CVE-2009-1303

The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree.

5CVSS9.3AI score0.02083EPSS

CVE•added 2009/03/05 2:30 a.m.•77 views

CVE-2009-0773

The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some non-set elements," which causes jsarray.cpp to p...

10CVSS9.6AI score0.09167EPSS

CVE•added 2009/03/05 2:30 a.m.•75 views

CVE-2009-0771

The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption and assertion failures.

10CVSS9.7AI score0.07679EPSS

CVE•added 2009/03/05 2:30 a.m.•74 views

CVE-2009-0774

The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different vulnerability than CVE-2009-0773.

9.3CVSS9.6AI score0.09167EPSS

CVE•added 2009/03/05 2:30 a.m.•74 views

CVE-2009-0775

Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via "cloned XUL DOM elements which were linked as a parent and child," which are not properly handled during garbage collection.

10CVSS9.7AI score0.06585EPSS

CVE•added 2009/07/22 6:30 p.m.•74 views

CVE-2009-2464

The nsXULTemplateQueryProcessorRDF::CheckIsSeparator function in Mozilla Firefox before 3.0.12, SeaMonkey 2.0a1pre, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to loading multip...

10CVSS9AI score0.1994EPSS

CVE•added 2009/07/22 6:30 p.m.•71 views

CVE-2009-2462

The browser engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) the frame chain and synchronous events, (2) a SetMayHaveFrame assertion an...

10CVSS8.6AI score0.05328EPSS

CVE•added 2009/07/22 6:30 p.m.•67 views

CVE-2009-2465

Mozilla Firefox before 3.0.12 and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via vectors involving double frame construction, related to (1) nsHTMLContentSink.cpp, (2) nsXMLContentSink.cpp, and (3) nsPresShell....

10CVSS8.8AI score0.06139EPSS

CVE•added 2009/03/05 2:30 a.m.•65 views

CVE-2009-0777

Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers to spoof URLs and conduct phishing attacks.

5.8CVSS9.1AI score0.02024EPSS

CVE•added 2009/06/25 5:30 p.m.•59 views

CVE-2009-2210

Mozilla Thunderbird before 2.0.0.22 and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a multipart/alternative e-mail message containing a text/enhanced part that triggers access to an incorrect object type.

9.3CVSS9.7AI score0.05533EPSS

CVE•added 2009/07/20 6:30 p.m.•58 views

CVE-2009-2535

Mozilla Firefox before 2.0.0.19 and 3.x before 3.0.5, SeaMonkey, and Thunderbird allow remote attackers to cause a denial of service (memory consumption and application crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.

5CVSS8.9AI score0.10788EPSS