Mozilla

Thunderbird

1567 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2016-5291

Exploit
  • EPSS 0.04%
  • Veröffentlicht 11.06.2018 21:29:00
  • Zuletzt bearbeitet 25.11.2025 17:50:16

A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.

5.5

CVE-2016-5294

Exploit
  • EPSS 0.07%
  • Veröffentlicht 11.06.2018 21:29:00
  • Zuletzt bearbeitet 25.11.2025 17:50:16

The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnera...

7.5

CVE-2016-5296

  • EPSS 2.57%
  • Veröffentlicht 11.06.2018 21:29:00
  • Zuletzt bearbeitet 25.11.2025 17:50:16

A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.

9.8

CVE-2016-5297

  • EPSS 1.91%
  • Veröffentlicht 11.06.2018 21:29:00
  • Zuletzt bearbeitet 25.11.2025 17:50:16

An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.

5.9

CVE-2017-17688

Exploit
  • EPSS 2.85%
  • Veröffentlicht 16.05.2018 19:29:00
  • Zuletzt bearbeitet 21.11.2024 03:18:27

The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification ...

5.9

CVE-2017-17689

Exploit
  • EPSS 0.82%
  • Veröffentlicht 16.05.2018 19:29:00
  • Zuletzt bearbeitet 21.11.2024 03:18:27

The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.

7.5

CVE-2016-10196

Exploit
  • EPSS 0.81%
  • Veröffentlicht 15.03.2017 15:59:00
  • Zuletzt bearbeitet 25.11.2025 17:50:16

Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string ar...

8.8

CVE-2016-1974

  • EPSS 0.68%
  • Veröffentlicht 13.03.2016 18:59:23
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-o...

8.8

CVE-2016-1966

  • EPSS 1.01%
  • Veröffentlicht 13.03.2016 18:59:15
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereferenc...

8.8

CVE-2016-1964

  • EPSS 0.96%
  • Veröffentlicht 13.03.2016 18:59:13
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging mishan...