Thunderbird Security Vulnerabilities and Issues — Thunderbird CVE List

Lucene search

MozillaThunderbird

22 matches found

CVE•added 2006/04/14 10:2 a.m.•155 views

CVE-2006-1733

Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute arbitrary code via the (1) valueOf.call or (2) v...

6.8CVSS7.3AI score0.24271EPSS

CVE•added 2006/04/14 10:2 a.m.•147 views

CVE-2006-1735

Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using an eval in an XBL method binding (XBL.method.eval) to create Javascript functions that are compiled with extra priv...

9.3CVSS7.3AI score0.39006EPSS

CVE•added 2006/04/14 6:2 p.m.•138 views

CVE-2006-1737

Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary bytecode via JavaScript with a large regular expression.

9.3CVSS7.3AI score0.26152EPSS

CVE•added 2006/04/14 10:2 a.m.•91 views

CVE-2006-1730

Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via a large number in the CSS letter-spacing property that leads to a heap-based buffer overflow.

9.3CVSS7.6AI score0.26483EPSS

CVE•added 2006/04/14 10:2 a.m.•88 views

CVE-2006-1739

The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain Cascading Style Sheets (CSS) tha...

9.3CVSS7.5AI score0.33115EPSS

CVE•added 2006/04/14 10:2 a.m.•86 views

CVE-2006-0748

Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via "an invalid and non-sensical ordering of table-related tags" that results in a negative array index.

9.3CVSS7.2AI score0.13046EPSS

CVE•added 2006/04/14 10:2 a.m.•86 views

CVE-2006-1728

Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to the crypto.generateCRMFRequest method.

9.3CVSS7.2AI score0.29804EPSS

CVE•added 2006/04/14 10:2 a.m.•83 views

CVE-2006-1742

The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly handle temporary variables that are not garbage collected, which might allow remote attackers to trigger operations on freed memory...

5CVSS6.1AI score0.1399EPSS

CVE•added 2006/04/14 10:2 a.m.•81 views

CVE-2006-1732

Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to bypass same-origin protections and conduct cross-site scripting (XSS) attacks via unspecified vectors involving the wi...

4.3CVSS5.5AI score0.02208EPSS

CVE•added 2006/04/14 10:2 a.m.•77 views

CVE-2006-1736

Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image link that points to the executable, which causes th...

2.6CVSS6AI score0.01623EPSS

CVE•added 2006/04/14 10:2 a.m.•75 views

CVE-2006-1734

Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using the Object.watch method to access the "clone parent" internal function.

6.8CVSS7.3AI score0.32741EPSS

CVE•added 2006/04/14 10:2 a.m.•74 views

CVE-2006-1727

Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to gain chrome privileges via multiple attack vectors related to the use of XBL scripts with "Print Preview".

7.6CVSS6.4AI score0.05041EPSS

CVE•added 2006/04/14 10:2 a.m.•73 views

CVE-2006-1530

Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the ...

7.5CVSS7.4AI score0.30625EPSS

CVE•added 2006/04/14 10:2 a.m.•73 views

CVE-2006-1724

Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to DHTML.

7.5CVSS7.3AI score0.27339EPSS

CVE•added 2006/04/14 6:2 p.m.•73 views

CVE-2006-1738

Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) by changing the (1) -moz-grid and (2) -moz-grid-group display styles.

5CVSS6.1AI score0.29789EPSS

CVE•added 2006/04/14 10:2 a.m.•71 views

CVE-2006-1723

7.5CVSS7.4AI score0.30625EPSS

CVE•added 2006/04/14 10:2 a.m.•69 views

CVE-2006-1529

7.5CVSS7.4AI score0.30625EPSS

CVE•added 2006/04/14 10:2 a.m.•68 views

CVE-2006-0749

nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors involving a "particular sequence...

9.3CVSS7.3AI score0.40332EPSS

CVE•added 2006/04/14 10:2 a.m.•67 views

CVE-2006-1731

Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 returns the Object class prototype instead of the global window object when (1) .valueOf.call or (2) .valueOf.apply are called without any arguments, which allows remote atta...

4.3CVSS5.4AI score0.02816EPSS

CVE•added 2006/04/14 10:2 a.m.•65 views

CVE-2006-1531

7.5CVSS7.4AI score0.30625EPSS

CVE•added 2006/04/14 10:2 a.m.•65 views

CVE-2006-1740

Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing the location to a malicious site.

2.6CVSS5.9AI score0.0219EPSS

CVE•added 2006/04/14 10:2 a.m.•62 views

CVE-2006-1726

Unspecified vulnerability in Firefox and Thunderbird 1.5 before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to bypass the js_ValueToFunctionObject check and execute arbitrary code via unknown vectors involving setTimeout and Firefox' ForEach method.

9.3CVSS7.2AI score0.09676EPSS