Mozilla Thunderbird vulnerabilities
1,818 known vulnerabilities affecting mozilla/thunderbird.
Total CVEs
1,818
CISA KEV
14
actively exploited
Public exploits
58
Exploited in wild
18
Severity breakdown
CRITICAL612HIGH551MEDIUM626LOW29
Vulnerabilities
Page 78 of 91
CVE-2011-2362MEDIUMCVSS 5.0≤ 3.1.10v0.1+81 more2011-06-30
CVE-2011-2362 [MEDIUM] CWE-264 CVE-2011-2362: Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distin
Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers.
nvd
CVE-2011-2366MEDIUMCVSS 4.3≤ 3.1.11v0.1+82 more2011-06-30
CVE-2011-2366 [MEDIUM] CWE-20 CVE-2011-2366: Mozilla Gecko before 5.0, as used in Firefox before 5.0 and Thunderbird before 5.0, does not block u
Mozilla Gecko before 5.0, as used in Firefox before 5.0 and Thunderbird before 5.0, does not block use of a cross-domain image as a WebGL texture, which allows remote attackers to obtain approximate copies of arbitrary images via a timing attack involving a crafted WebGL fragment shader.
nvd
CVE-2011-0070CRITICALCVSS 10.0≤ 3.1.9v0.1+68 more2011-05-07
CVE-2011-0070 [CRITICAL] CVE-2011-0070: Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerabil
nvd
CVE-2011-0075CRITICALCVSS 10.0≤ 3.1.9v0.1+68 more2011-05-07
CVE-2011-0075 [CRITICAL] CVE-2011-0075: Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x bef
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0
nvd
CVE-2011-0072CRITICALCVSS 10.0≤ 3.1.9v0.1+68 more2011-05-07
CVE-2011-0072 [CRITICAL] CVE-2011-0072: Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x bef
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0
nvd
CVE-2011-0080CRITICALCVSS 10.0≤ 3.1.9v0.1+68 more2011-05-07
CVE-2011-0080 [CRITICAL] CVE-2011-0080: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 an
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
nvd
CVE-2011-0077CRITICALCVSS 10.0≤ 3.1.9v0.1+68 more2011-05-07
CVE-2011-0077 [CRITICAL] CVE-2011-0077: Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x bef
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0
nvd
CVE-2011-0069CRITICALCVSS 10.0≤ 3.1.9v0.1+68 more2011-05-07
CVE-2011-0069 [CRITICAL] CVE-2011-0069: Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerabil
nvd
CVE-2011-0074CRITICALCVSS 10.0≤ 3.1.9v0.1+68 more2011-05-07
CVE-2011-0074 [CRITICAL] CVE-2011-0074: Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x bef
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0
nvd
CVE-2011-0081CRITICALCVSS 10.0v3.1.1v3.1.2+7 more2011-05-07
CVE-2011-0081 [CRITICAL] CVE-2011-0081: Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.17 and 4.x befor
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.17 and 4.x before 4.0.1, and Thunderbird 3.1.x before 3.1.10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
nvd
CVE-2011-0078CRITICALCVSS 10.0≤ 3.1.9v0.1+68 more2011-05-07
CVE-2011-0078 [CRITICAL] CVE-2011-0078: Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x bef
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0
nvd
CVE-2011-0071MEDIUMCVSS 5.0≤ 3.1.9v0.1+80 more2011-05-07
CVE-2011-0071 [MEDIUM] CWE-22 CVE-2011-0071: Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderb
Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load resources, via vectors involving a resource: URL.
nvd
CVE-2011-1187MEDIUMCVSS 5.0fixed in 12.02011-03-11
CVE-2011-1187 [MEDIUM] CWE-200 CVE-2011-1187: Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspe
Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak."
nvd
CVE-2011-0061CRITICALCVSS 9.3≤ 3.1.7v0.1+78 more2011-03-02
CVE-2011-0061 [CRITICAL] CWE-119 CVE-2011-0061: Buffer overflow in Mozilla Firefox 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey befo
Buffer overflow in Mozilla Firefox 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image.
nvd
CVE-2011-0062CRITICALCVSS 10.0v3.1v3.1.1+6 more2011-03-02
CVE-2011-0062 [CRITICAL] CVE-2011-0062: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.14 an
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.14 and Thunderbird 3.1.x before 3.1.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
nvd
CVE-2011-0053CRITICALCVSS 10.0≤ 3.1.7v0.1+78 more2011-03-02
CVE-2011-0053 [CRITICAL] CVE-2011-0053: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.17 and 3.6.
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
nvd
CVE-2010-3777CRITICALCVSS 9.3v3.1v3.1.1+5 more2010-12-10
CVE-2010-3777 [CRITICAL] CWE-119 CVE-2010-3777: Unspecified vulnerability in Mozilla Firefox 3.6.x before 3.6.13 and Thunderbird 3.1.x before 3.1.7
Unspecified vulnerability in Mozilla Firefox 3.6.x before 3.6.13 and Thunderbird 3.1.x before 3.1.7 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
nvd
CVE-2010-3769CRITICALCVSS 9.3≤ 3.0.10v0.1+76 more2010-12-10
CVE-2010-3769 [CRITICAL] CWE-119 CVE-2010-3769: The line-breaking implementation in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbi
The line-breaking implementation in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 on Windows does not properly handle long strings, which allows remote attackers to execute arbitrary code via a crafted document.write call that triggers a buffer over-read.
nvd
CVE-2010-3778CRITICALCVSS 9.3≤ 3.0.10v0.1+73 more2010-12-10
CVE-2010-3778 [CRITICAL] CWE-119 CVE-2010-3778: Unspecified vulnerability in Mozilla Firefox 3.5.x before 3.5.16, Thunderbird before 3.0.11, and Sea
Unspecified vulnerability in Mozilla Firefox 3.5.x before 3.5.16, Thunderbird before 3.0.11, and SeaMonkey before 2.0.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
nvd
CVE-2010-3776CRITICALCVSS 9.3≤ 3.0.10v0.1+76 more2010-12-10
CVE-2010-3776 [CRITICAL] CWE-119 CVE-2010-3776: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.16 and 3.6.
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
nvd