Thunderbird Security Vulnerabilities and Issues — Thunderbird CVE List

Lucene search

MozillaThunderbird

14 matches found

CVE•added 2019/04/26 5:29 p.m.•414 views

CVE-2019-9810

Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird

8.8CVSS8.2AI score0.7088EPSS

CVE•added 2019/04/26 5:29 p.m.•305 views

CVE-2019-9791

The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR). This allows for possible arbitrary ...

9.8CVSS9.3AI score0.39295EPSS

CVE•added 2019/04/26 5:29 p.m.•286 views

CVE-2019-9792

The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory corruption, which results in a potentially exploitable crash. This vulnerability affects Thunderbird ...

9.8CVSS9.1AI score0.19723EPSS

CVE•added 2019/04/26 5:29 p.m.•256 views

CVE-2019-9788

Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulner...

9.8CVSS9.9AI score0.00756EPSS

CVE•added 2019/04/26 5:29 p.m.•255 views

CVE-2019-9796

A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is later freed with the removal of the animation controller element, the refresh driver incorrectly leaves...

9.8CVSS9.1AI score0.00756EPSS

CVE•added 2019/04/26 5:29 p.m.•252 views

CVE-2019-9795

A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox

9.8CVSS9.1AI score0.00756EPSS

CVE•added 2019/04/26 5:29 p.m.•251 views

CVE-2019-9813

Incorrect handling of proto mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird

8.8CVSS8.2AI score0.51921EPSS

CVE•added 2019/04/26 5:29 p.m.•249 views

CVE-2019-9790

A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firef...

9.8CVSS9.3AI score0.00756EPSS

CVE•added 2019/04/26 5:29 p.m.•218 views

CVE-2019-9793

A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This vulnerability could allow an attacker to create an arbitrary value in compiled JavaScript, for which the range analysis will infer a fully controll...

5.9CVSS7.1AI score0.00314EPSS

CVE•added 2019/04/26 5:29 p.m.•184 views

CVE-2019-9801

Firefox will accept any registered Program ID as an external protocol handler and offer to launch this local application when given a matching URL on Windows operating systems. This should only happen if the program has specifically registered itself as a "URL Handler" in the Windows registry. Note...

5.3CVSS6.1AI score0.0039EPSS

CVE•added 2019/04/26 5:29 p.m.•175 views

CVE-2019-9794

A vulnerability was discovered where specific command line arguments are not properly discarded during Firefox invocation as a shell handler for URLs. This could be used to retrieve and execute files whose location is supplied through these command line arguments if Firefox is configured as the def...

9.8CVSS8.9AI score0.00529EPSS

CVE•added 2019/04/26 5:29 p.m.•166 views

CVE-2018-18509

A flaw during verification of certain S/MIME signatures causes emails to be shown in Thunderbird as having a valid digital signature, even if the shown message contents aren't covered by the signature. The flaw allows an attacker to reuse a valid S/MIME signature to craft an email message with arbi...

5.3CVSS6.6AI score0.0028EPSS

CVE•added 2019/04/26 5:29 p.m.•82 views

CVE-2018-18512

A use-after-free vulnerability can occur while playing a sound notification in Thunderbird. The memory storing the sound data is immediately freed, although the sound is still being played asynchronously, leading to a potentially exploitable crash. This vulnerability affects Thunderbird

9.8CVSS9AI score0.00442EPSS

CVE•added 2019/04/26 5:29 p.m.•80 views

CVE-2018-18513

A crash can occur when processing a crafted S/MIME message or an XPI package containing a crafted signature. This can be used as a denial-of-service (DOS) attack because Thunderbird reopens the last seen message on restart, triggering the crash again. This vulnerability affects Thunderbird

7.5CVSS7.9AI score0.00398EPSS