CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Mozilla » Thunderbird : Security Vulnerabilities (CVSS score between 7 and 7.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2018-12378 416 2018-10-18 2018-12-06
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.
2 CVE-2018-12377 416 2018-10-18 2018-12-06
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.
3 CVE-2018-12376 119 Overflow Mem. Corr. 2018-10-18 2018-12-06
7.5
None Remote Low Not required Partial Partial Partial
Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.
4 CVE-2018-5188 119 Overflow Mem. Corr. 2018-10-18 2018-12-06
7.5
None Remote Low Not required Partial Partial Partial
Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
5 CVE-2018-5187 119 Overflow Mem. Corr. 2018-10-18 2018-12-06
7.5
None Remote Low Not required Partial Partial Partial
Memory safety bugs present in Firefox 60 and Firefox ESR 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61.
6 CVE-2018-5183 119 Overflow Mem. Corr. 2018-06-11 2018-11-25
7.5
None Remote Low Not required Partial Partial Partial
Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8.
7 CVE-2018-5159 787 Overflow 2018-06-11 2018-11-25
7.5
None Remote Low Not required Partial Partial Partial
An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash triggerable by web content. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.
8 CVE-2018-5156 20 2018-10-18 2018-12-06
7.5
None Remote Low Not required Partial Partial Partial
A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
9 CVE-2018-5155 416 2018-06-11 2018-11-25
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.
10 CVE-2018-5154 416 2018-06-11 2018-11-25
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.
11 CVE-2018-5150 119 Overflow Mem. Corr. 2018-06-11 2018-11-25
7.5
None Remote Low Not required Partial Partial Partial
Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.
12 CVE-2018-5145 119 Overflow Mem. Corr. 2018-06-11 2018-11-25
7.5
None Remote Low Not required Partial Partial Partial
Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7.
13 CVE-2018-5144 190 Overflow 2018-06-11 2018-11-25
7.5
None Remote Low Not required Partial Partial Partial
An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7.
14 CVE-2018-5104 416 2018-06-11 2018-08-03
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
15 CVE-2018-5103 416 2018-06-11 2018-08-03
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
16 CVE-2018-5102 416 2018-06-11 2018-08-03
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
17 CVE-2018-5099 416 2018-06-11 2018-08-03
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when these references are used. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
18 CVE-2018-5098 416 2018-06-11 2018-08-03
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
19 CVE-2018-5097 416 2018-06-11 2018-08-03
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
20 CVE-2018-5096 416 2018-06-11 2018-08-07
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Thunderbird < 52.6.
21 CVE-2018-5095 190 Overflow 2018-06-11 2018-08-03
7.5
None Remote Low Not required Partial Partial Partial
An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
22 CVE-2018-5089 119 Overflow Mem. Corr. 2018-06-11 2018-08-03
7.5
None Remote Low Not required Partial Partial Partial
Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
23 CVE-2017-7828 416 2018-06-11 2018-08-02
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" object has been freed while still in use. This results in a potentially exploitable crash during these operations. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.
24 CVE-2017-7824 119 Overflow 2018-06-11 2018-08-09
7.5
None Remote Low Not required Partial Partial Partial
A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.
25 CVE-2017-7819 416 2018-06-11 2018-08-09
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from memory. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.
26 CVE-2017-7818 416 2018-06-11 2018-08-09
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.
27 CVE-2017-7809 416 2018-06-11 2018-08-03
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
28 CVE-2017-7802 416 2018-06-11 2018-08-03
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
29 CVE-2017-7801 416 2018-06-11 2018-08-03
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free vulnerability can occur while re-computing layout for a "marquee" element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
30 CVE-2017-7800 416 2018-06-11 2018-08-03
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
31 CVE-2017-7793 416 2018-06-11 2018-08-09
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.
32 CVE-2017-7792 119 Overflow 2018-06-11 2018-08-03
7.5
None Remote Low Not required Partial Partial Partial
A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
33 CVE-2017-7786 119 Overflow 2018-06-11 2018-08-03
7.5
None Remote Low Not required Partial Partial Partial
A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
34 CVE-2017-7785 119 Overflow 2018-06-11 2018-08-03
7.5
None Remote Low Not required Partial Partial Partial
A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
35 CVE-2017-7784 416 2018-06-11 2018-08-03
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
36 CVE-2017-7778 125 Overflow 2018-06-11 2018-08-13
7.5
None Remote Low Not required Partial Partial Partial
A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
37 CVE-2017-7757 416 2018-06-11 2018-08-08
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
38 CVE-2017-7756 416 2018-06-11 2018-08-08
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
39 CVE-2017-7751 416 2018-06-11 2018-08-03
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
40 CVE-2017-7750 416 2018-06-11 2018-08-03
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free vulnerability during video control operations when a "<track>" element holds a reference to an older window if that window has been replaced in the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
41 CVE-2017-7749 416 2018-06-11 2018-08-03
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
42 CVE-2017-5472 416 2018-06-11 2018-08-03
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
43 CVE-2017-5470 119 Overflow Mem. Corr. 2018-06-11 2018-08-03
7.5
None Remote Low Not required Partial Partial Partial
Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
44 CVE-2017-5469 119 Overflow 2018-06-11 2018-08-07
7.5
None Remote Low Not required Partial Partial Partial
Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
45 CVE-2017-5464 119 Overflow Mem. Corr. 2018-06-11 2018-08-07
7.5
None Remote Low Not required Partial Partial Partial
During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
46 CVE-2017-5460 416 2018-06-11 2018-08-07
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
47 CVE-2017-5459 119 Overflow 2018-06-11 2018-08-07
7.5
None Remote Low Not required Partial Partial Partial
A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
48 CVE-2017-5446 125 2018-06-11 2018-08-07
7.5
None Remote Low Not required Partial Partial Partial
An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
49 CVE-2017-5443 787 2018-06-11 2018-08-07
7.5
None Remote Low Not required Partial Partial Partial
An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
50 CVE-2017-5442 416 2018-06-11 2018-08-07
7.5
None Remote Low Not required Partial Partial Partial
A use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
Total number of vulnerabilities : 138   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.