Mozilla Thunderbird vulnerabilities
1,818 known vulnerabilities affecting mozilla/thunderbird.
Total CVEs
1,818
CISA KEV
14
actively exploited
Public exploits
58
Exploited in wild
18
Severity breakdown
CRITICAL612HIGH551MEDIUM626LOW29
Vulnerabilities
Page 71 of 91
CVE-2012-3969CRITICALCVSS 9.3≤ 14.0v1.0+98 more2012-08-29
CVE-2012-3969 [CRITICAL] CWE-189 CVE-2012-3969: Integer overflow in the nsSVGFEMorphologyElement::Filter function in Mozilla Firefox before 15.0, Fi
Integer overflow in the nsSVGFEMorphologyElement::Filter function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via a crafted SVG filter that triggers an incorrect sum calculation, leading to a he
nvd
CVE-2012-1973CRITICALCVSS 10.0fixed in 15.02012-08-29
CVE-2012-1973 [CRITICAL] CWE-416 CVE-2012-1973: Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject function in Mozilla Firefox b
Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified
nvd
CVE-2012-3962CRITICALCVSS 9.3≤ 14.0v1.0+98 more2012-08-29
CVE-2012-3962 [CRITICAL] CVE-2012-3962: Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ES
Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly iterate through the characters in a text run, which allows remote attackers to execute arbitrary code via a crafted document.
nvd
CVE-2012-1975CRITICALCVSS 10.0fixed in 15.02012-08-29
CVE-2012-1975 [CRITICAL] CWE-416 CVE-2012-1975: Use-after-free vulnerability in the PresShell::CompleteMove function in Mozilla Firefox before 15.0,
Use-after-free vulnerability in the PresShell::CompleteMove function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
nvd
CVE-2012-3980CRITICALCVSS 9.3≤ 14.0v1.0+98 more2012-08-29
CVE-2012-3980 [CRITICAL] CWE-94 CVE-2012-3980: The web console in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 1
The web console in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that injects this code and triggers an eval operation.
nvd
CVE-2012-1976CRITICALCVSS 10.0fixed in 15.02012-08-29
CVE-2012-1976 [CRITICAL] CWE-416 CVE-2012-1976: Use-after-free vulnerability in the nsHTMLSelectElement::SubmitNamesValues function in Mozilla Firef
Use-after-free vulnerability in the nsHTMLSelectElement::SubmitNamesValues function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecif
nvd
CVE-2012-1971CRITICALCVSS 9.3≤ 14.0v1.0+98 more2012-08-29
CVE-2012-1971 [CRITICAL] CVE-2012-1971: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Thunderbi
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to garbage collection after certain MethodJIT execution, and unknown
nvd
CVE-2012-3968CRITICALCVSS 10.0fixed in 15.02012-08-29
CVE-2012-3968 [CRITICAL] CWE-416 CVE-2012-3968: Use-after-free vulnerability in the WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR
Use-after-free vulnerability in the WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via vectors related to deletion of a fragment shader by its accessor.
nvd
CVE-2012-3960CRITICALCVSS 10.0fixed in 15.02012-08-29
CVE-2012-3960 [CRITICAL] CWE-416 CVE-2012-3960: Use-after-free vulnerability in the mozSpellChecker::SetCurrentDictionary function in Mozilla Firefo
Use-after-free vulnerability in the mozSpellChecker::SetCurrentDictionary function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecifi
nvd
CVE-2012-3957CRITICALCVSS 10.0fixed in 15.02012-08-29
CVE-2012-3957 [CRITICAL] CWE-787 CVE-2012-3957: Heap-based buffer overflow in the nsBlockFrame::MarkLineDirty function in Mozilla Firefox before 15.
Heap-based buffer overflow in the nsBlockFrame::MarkLineDirty function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors.
nvd
CVE-2012-3961CRITICALCVSS 10.0fixed in 15.02012-08-29
CVE-2012-3961 [CRITICAL] CWE-416 CVE-2012-3961: Use-after-free vulnerability in the RangeData implementation in Mozilla Firefox before 15.0, Firefox
Use-after-free vulnerability in the RangeData implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
nvd
CVE-2012-3956CRITICALCVSS 10.0fixed in 15.02012-08-29
CVE-2012-3956 [CRITICAL] CWE-416 CVE-2012-3956: Use-after-free vulnerability in the MediaStreamGraphThreadRunnable::Run function in Mozilla Firefox
Use-after-free vulnerability in the MediaStreamGraphThreadRunnable::Run function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified
nvd
CVE-2012-3971CRITICALCVSS 10.0≤ 14.0v1.0+98 more2012-08-29
CVE-2012-3971 [CRITICAL] CWE-119 CVE-2012-3971: Summer Institute of Linguistics (SIL) Graphite 2, as used in Mozilla Firefox before 15.0, Thunderbir
Summer Institute of Linguistics (SIL) Graphite 2, as used in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the (1) Silf::readClassMap and (2) Pass::readPass functions.
nvd
CVE-2012-3963CRITICALCVSS 10.0fixed in 15.02012-08-29
CVE-2012-3963 [CRITICAL] CWE-416 CVE-2012-3963: Use-after-free vulnerability in the js::gc::MapAllocToTraceKind function in Mozilla Firefox before 1
Use-after-free vulnerability in the js::gc::MapAllocToTraceKind function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors.
nvd
CVE-2012-3970CRITICALCVSS 10.0≤ 14.0v1.0+98 more2012-08-29
CVE-2012-3970 [CRITICAL] CWE-399 CVE-2012-3970: Use-after-free vulnerability in the nsTArray_base::Length function in Mozilla Firefox before 15.0, F
Use-after-free vulnerability in the nsTArray_base::Length function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving movemen
nvd
CVE-2012-3959CRITICALCVSS 10.0fixed in 15.02012-08-29
CVE-2012-3959 [CRITICAL] CWE-416 CVE-2012-3959: Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode function in Mozilla Firefox bef
Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified ve
nvd
CVE-2012-1974CRITICALCVSS 10.0fixed in 15.02012-08-29
CVE-2012-1974 [CRITICAL] CWE-416 CVE-2012-1974: Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore function in Mozilla Firefox befor
Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vect
nvd
CVE-2012-3972MEDIUMCVSS 5.0fixed in 15.02012-08-29
CVE-2012-3972 [MEDIUM] CWE-200 CVE-2012-3972: The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox E
The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based buffer over-read.
nvd
CVE-2012-3975MEDIUMCVSS 4.3≤ 14.0v1.0+98 more2012-08-29
CVE-2012-3975 [MEDIUM] CWE-200 CVE-2012-3975: The DOMParser component in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey befor
The DOMParser component in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 loads subresources during parsing of text/html data within an extension, which allows remote attackers to obtain sensitive information by providing crafted data to privileged extension code.
nvd
CVE-2012-3974MEDIUMCVSS 6.9≤ 14.0v1.0+100 more2012-08-29
CVE-2012-3974 [MEDIUM] CWE-399 CVE-2012-3974: Untrusted search path vulnerability in the installer in Mozilla Firefox before 15.0, Firefox ESR 10.
Untrusted search path vulnerability in the installer in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 on Windows allows local users to gain privileges via a Trojan horse executable file in a root directory.
nvd