Thunderbird Security Vulnerabilities and Issues — Thunderbird CVE List

Lucene search

MozillaThunderbird

7 matches found

CVE•added 2009/03/05 2:30 a.m.•85 views

CVE-2009-0772

The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection, which t...

9.3CVSS9.6AI score0.07324EPSS

CVE•added 2009/03/05 2:30 a.m.•83 views

CVE-2009-0776

nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect.

7.1CVSS9.2AI score0.00865EPSS

CVE•added 2009/03/05 2:30 a.m.•77 views

CVE-2009-0773

The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some non-set elements," which causes jsarray.cpp to p...

10CVSS9.6AI score0.09167EPSS

CVE•added 2009/03/05 2:30 a.m.•75 views

CVE-2009-0771

The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption and assertion failures.

10CVSS9.7AI score0.07679EPSS

CVE•added 2009/03/05 2:30 a.m.•74 views

CVE-2009-0774

The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different vulnerability than CVE-2009-0773.

9.3CVSS9.6AI score0.09167EPSS

CVE•added 2009/03/05 2:30 a.m.•74 views

CVE-2009-0775

Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via "cloned XUL DOM elements which were linked as a parent and child," which are not properly handled during garbage collection.

10CVSS9.7AI score0.06585EPSS

CVE•added 2009/03/05 2:30 a.m.•65 views

CVE-2009-0777

Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers to spoof URLs and conduct phishing attacks.

5.8CVSS9.1AI score0.02024EPSS