Mozilla Thunderbird vulnerabilities

CVE-2017-5425 [HIGH] CWE-200 CVE-2017-5425: The Gecko Media Plugin sandbox allows access to local files that match specific regular expressions. The Gecko Media Plugin sandbox allows access to local files that match specific regular expressions. On OS OX, this matching allows access to some data in subdirectories of "/private/var" that could expose personal or temporary data. This has been updated to not allow access to "/private/var" and its subdirectories. Note: this issue only affects OS X. O

CVE-2017-5436 [HIGH] CWE-787 CVE-2017-5436: An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

CVE-2017-7814 [HIGH] CWE-20 CVE-2017-7814: File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks th File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious sites to lure users into downloading executables that would otherwise be detected as suspicious. This vulnerability affects Firef

CVE-2017-5449 [HIGH] CWE-20 CVE-2017-5449: A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.

CVE-2016-9905 [HIGH] CWE-284 CVE-2016-9905: A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents. T A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents. This vulnerability affects Firefox ESR < 45.6 and Thunderbird < 45.6.

CVE-2016-5296 [HIGH] CWE-119 CVE-2016-5296: A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulti A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.

CVE-2018-5174 [HIGH] CVE-2018-5174: In the Windows 10 April 2018 Update, Windows Defender SmartScreen honors the "SEE_MASK_FLAG_NO_UI" f In the Windows 10 April 2018 Update, Windows Defender SmartScreen honors the "SEE_MASK_FLAG_NO_UI" flag associated with downloaded files and will not show any UI. Files that are unknown and potentially dangerous will be allowed to run because SmartScreen will not prompt the user for a decision, and if the user is offline all files will be allowed to be opened b

CVE-2017-5454 [HIGH] CWE-200 CVE-2017-5454: A mechanism to bypass file system access protections in the sandbox to use the file picker to access A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read only access to the local file system. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.

CVE-2018-5146 [HIGH] CWE-787 CVE-2018-5146: An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own co An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.

CVE-2016-9904 [HIGH] CWE-200 CVE-2016-9904: An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by ano An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.

CVE-2017-7804 [HIGH] CWE-20 CVE-2017-7804: The destructor function for the "WindowsDllDetourPatcher" class can be re-purposed by malicious code The destructor function for the "WindowsDllDetourPatcher" class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory. This can be used to bypass existing memory protections in this situation. Note: This attack only affects Windows operating systems. Other operating

CVE-2018-5162 [HIGH] CWE-311 CVE-2018-5162: Plaintext of decrypted emails can leak through the src attribute of remote images, or links. This vu Plaintext of decrypted emails can leak through the src attribute of remote images, or links. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.

CVE-2018-5127 [HIGH] CWE-119 CVE-2018-5127: A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. This res A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.

CVE-2017-5416 [HIGH] CWE-476 CVE-2017-5416: In certain circumstances a networking event listener can be prematurely released. This appears to re In certain circumstances a networking event listener can be prematurely released. This appears to result in a null dereference in practice. This vulnerability affects Firefox < 52 and Thunderbird < 52.

CVE-2017-7787 [HIGH] CWE-200 CVE-2017-7787: Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, a Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

CVE-2016-9066 [HIGH] CWE-119 CVE-2016-9066: A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.

CVE-2017-5378 [HIGH] CWE-200 CVE-2017-5378: Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because a Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.

CVE-2018-5125 [HIGH] CWE-119 CVE-2018-5125: Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evide Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.

CVE-2017-5445 [HIGH] CWE-129 CVE-2017-5445: A vulnerability while parsing "application/http-index-format" format content where uninitialized val A vulnerability while parsing "application/http-index-format" format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arrays affected. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

CVE-2017-5419 [HIGH] CVE-2017-5419: If a malicious site repeatedly triggers a modal authentication prompt, eventually the browser UI wil If a malicious site repeatedly triggers a modal authentication prompt, eventually the browser UI will become non-responsive, requiring shutdown through the operating system. This is a denial of service (DOS) attack. This vulnerability affects Firefox < 52 and Thunderbird < 52.