Mozilla » Thunderbird » 6.0 : Security Vulnerabilities, CVEs, Published In 2011 (Overflow)
The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly handle links from SVG mpath elements to non-SVG elements, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.
Max CVSS
10.0
EPSS Score
8.03%
Published
2011-11-09
Updated
2017-09-19
The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.
Max CVSS
10.0
EPSS Score
8.03%
Published
2011-11-09
Updated
2017-09-19
Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted file that is accessed by debugging APIs, as demonstrated by Firebug.
Max CVSS
9.3
EPSS Score
1.08%
Published
2011-11-09
Updated
2017-09-19
Use-after-free vulnerability in Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OGG headers in a .ogg file.
Max CVSS
9.3
EPSS Score
4.00%
Published
2011-09-29
Updated
2017-09-19
4 vulnerabilities found