Mozilla

Thunderbird

1567 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
10

CVE-2008-5018

  • EPSS 20.19%
  • Veröffentlicht 13.11.2008 11:30:01
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via vectors related to "insufficient...

9.3

CVE-2008-5021

  • EPSS 25.26%
  • Veröffentlicht 13.11.2008 11:30:01
  • Zuletzt bearbeitet 09.04.2025 00:30:58

nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying pr...

7.5

CVE-2008-5022

  • EPSS 13.45%
  • Veröffentlicht 13.11.2008 11:30:01
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrar...

7.5

CVE-2008-5024

Exploit
  • EPSS 7.22%
  • Veröffentlicht 13.11.2008 11:30:01
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection at...

10

CVE-2008-5052

  • EPSS 23.01%
  • Veröffentlicht 13.11.2008 11:30:01
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The AppendAttributeValue function in the JavaScript engine in Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors that ...

10

CVE-2008-4070

Exploit
  • EPSS 2.2%
  • Veröffentlicht 27.09.2008 10:30:03
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long header in a news article, related to ...

7.5

CVE-2008-3835

  • EPSS 0.14%
  • Veröffentlicht 24.09.2008 20:37:04
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vect...

7.5

CVE-2008-4058

  • EPSS 2.43%
  • Veröffentlicht 24.09.2008 20:37:04
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vec...

7.5

CVE-2008-4060

  • EPSS 2%
  • Veröffentlicht 24.09.2008 20:37:04
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to create documents that lack script-handling objects, and execute arbitrary code with chrome privileges, via vector...

10

CVE-2008-4061

  • EPSS 2.72%
  • Veröffentlicht 24.09.2008 20:37:04
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Integer overflow in the MathML component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (memory corruption and application crash) ...