Thunderbird Security Vulnerabilities and Issues — Thunderbird CVE List

Lucene search

MozillaThunderbird

9 matches found

CVE•added 2006/06/02 8:2 p.m.•80 views

CVE-2006-2787

EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via javascript that calls the valueOf method on objects that were created outside of the sandbox.

9.3CVSS6.5AI score0.09158EPSS

CVE•added 2006/06/02 6:2 p.m.•78 views

CVE-2006-2778

The crypto.signText function in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to execute arbitrary code via certain optional Certificate Authority name arguments, which causes an invalid array index and triggers a buffer overflow.

5CVSS7.4AI score0.18512EPSS

CVE•added 2006/06/02 7:2 p.m.•78 views

CVE-2006-2781

Double free vulnerability in nsVCard.cpp in Mozilla Thunderbird before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a VCard that contains invalid base64 characters.

6.4CVSS7.3AI score0.07236EPSS

CVE•added 2006/06/02 8:2 p.m.•77 views

CVE-2006-2786

HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbird before 1.5.0.4, when used with certain proxy servers, allows remote attackers to cause Firefox to interpret certain responses as if they were responses from two different sites via (1) invalid HTTP response headers with spaces...

2.6CVSS6.2AI score0.02439EPSS

CVE•added 2006/06/02 6:2 p.m.•74 views

CVE-2006-2775

Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL attributes with the wrong URL under certain unspecified circumstances, which might allow remote attackers to bypass restrictions by causing a persisted string to be associated with the wrong URL.

7.5CVSS6.1AI score0.07929EPSS

CVE•added 2006/06/02 7:2 p.m.•71 views

CVE-2006-2779

Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) "Content-implemented tree views," (4) BoxObjects, (5) the XBL implementation,...

9.3CVSS7.5AI score0.23286EPSS

CVE•added 2006/06/02 6:2 p.m.•70 views

CVE-2006-2776

Certain privileged UI code in Mozilla Firefox and Thunderbird before 1.5.0.4 calls content-defined setters on an object prototype, which allows remote attackers to execute code at a higher privilege than intended.

7.5CVSS6.6AI score0.31164EPSS

CVE•added 2006/06/02 7:2 p.m.•69 views

CVE-2006-2780

Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via "jsstr tagify," which leads to memory corruption.

9.3CVSS7.6AI score0.26533EPSS

CVE•added 2006/06/02 7:2 p.m.•62 views

CVE-2006-2783

Mozilla Firefox and Thunderbird before 1.5.0.4 strip the Unicode Byte-order-Mark (BOM) from a UTF-8 page before the page is passed to the parser, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a BOM sequence in the middle of a dangerous tag such as SCRIPT.

4.3CVSS6.9AI score0.04975EPSS