Mozilla Thunderbird vulnerabilities

CVE-2017-5462 [MEDIUM] CWE-682 CVE-2017-5462: A flaw in DRBG number generation within the Network Security Services (NSS) library where the intern A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Fir

CVE-2017-5414 [MEDIUM] CWE-200 CVE-2017-5414: The file picker dialog can choose and display the wrong local default directory when instantiated. O The file picker dialog can choose and display the wrong local default directory when instantiated. On some operating systems, this can lead to information disclosure, such as the operating system or the local account name. This vulnerability affects Firefox < 52 and Thunderbird < 52.

CVE-2017-7848 [MEDIUM] CWE-74 CVE-2017-7848: RSS fields can inject new lines into the created email structure, modifying the message body. This v RSS fields can inject new lines into the created email structure, modifying the message body. This vulnerability affects Thunderbird < 52.5.2.

CVE-2017-7825 [MEDIUM] CWE-20 CVE-2017-7825: Several fonts on OS X display some Tibetan and Arabic characters as whitespace. When used in the add Several fonts on OS X display some Tibetan and Arabic characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.

CVE-2017-5405 [MEDIUM] CWE-1187 CVE-2017-5405: Certain response codes in FTP connections can result in the use of uninitialized values for ports in Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.

CVE-2017-5466 [MEDIUM] CWE-79 CVE-2017-5466: If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:tex If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:text/html" URL, triggering a reload will run the reloaded "data:text/html" page with its origin set incorrectly. This allows for a cross-site scripting (XSS) attack. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.

CVE-2017-7847 [MEDIUM] CWE-200 CVE-2017-7847: Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name. This Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name. This vulnerability affects Thunderbird < 52.5.2.

CVE-2017-5407 [MEDIUM] CWE-200 CVE-2017-5407: Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure. This vulnerability affects Firefox < 52, Fire

CVE-2016-5291 [MEDIUM] CWE-20 CVE-2016-5291: A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. Thi A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.

CVE-2017-7782 [MEDIUM] CWE-269 CVE-2017-7782: An error in the "WindowsDllDetourPatcher" where a RWX ("Read/Write/Execute") 4k block is allocated b An error in the "WindowsDllDetourPatcher" where a RWX ("Read/Write/Execute") 4k block is allocated but never protected, violating DEP protections. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

CVE-2018-5168 [MEDIUM] CVE-2018-5168: Sites can bypass security checks on permissions to install lightweight themes by manipulating the "b Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and F

CVE-2017-5426 [MEDIUM] CWE-732 CVE-2017-5426: On Linux, if the secure computing mode BPF (seccomp-bpf) filter is running when the Gecko Media Plug On Linux, if the secure computing mode BPF (seccomp-bpf) filter is running when the Gecko Media Plugin sandbox is started, the sandbox fails to be applied and items that would run within the sandbox are run protected only by the running filter which is typically weak compared to the sandbox. Note: this issue only affects Linux. Other operating systems

CVE-2016-9895 [MEDIUM] CWE-254 CVE-2016-9895: Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) th Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.

CVE-2017-16541 [MEDIUM] CVE-2017-16541: Tor Browser before 7 Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected.

CVE-2017-5461 [CRITICAL] CWE-787 CVE-2017-5461: Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x b Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations.

CVE-2016-10196 [HIGH] CWE-787 CVE-2016-10196: Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent befor Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument.

CVE-2016-5824 [MEDIUM] CVE-2016-5824: libical 1 libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file.

CVE-2016-5250 [MEDIUM] thunderbird vulnerabilities thunderbird vulnerabilities Catalin Dumitru discovered that URLs of resources loaded after a navigation start could be leaked to the following page via the Resource Timing API. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5250) Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyso

CVE-2016-2836 [HIGH] thunderbird vulnerabilities thunderbird vulnerabilities Christian Holler, Carsten Book, Gary Kwong, Jesse Ruderman, Andrew McCreight, and Phil Ringnalda discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-2836)

CVE-2016-6354 [CRITICAL] CWE-119 CVE-2016-6354: Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow conte Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read.