Mozilla Thunderbird vulnerabilities
1,818 known vulnerabilities affecting mozilla/thunderbird.
Total CVEs
1,818
CISA KEV
14
actively exploited
Public exploits
58
Exploited in wild
18
Severity breakdown
CRITICAL612HIGH551MEDIUM626LOW29
Vulnerabilities
Page 87 of 91
CVE-2006-6501MEDIUMCVSS 6.8fixed in 1.5.0.92006-12-20
CVE-2006-6501 [MEDIUM] CWE-264 CVE-2006-6501: Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird b
Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to gain privileges and install malicious code via the watch Javascript function.
nvd
CVE-2006-5747HIGHCVSS 7.5v1.0v1.0.1+10 more2006-11-08
CVE-2006-5747 [HIGH] CVE-2006-5747: Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonk
Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary code via the XML.prototype.hasOwnProperty JavaScript function.
nvd
CVE-2006-5463HIGHCVSS 7.5v1.0v1.0.1+10 more2006-11-08
CVE-2006-5463 [HIGH] CVE-2006-5463: Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonk
Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary JavaScript bytecode via unspecified vectors involving modification of a Script object while it is executing.
nvd
CVE-2006-5464MEDIUMCVSS 5.0v1.5v1.5.0.1+5 more2006-11-08
CVE-2006-5464 [MEDIUM] CVE-2006-5464: Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.8, Thunder
Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) via unspecified vectors.
nvd
CVE-2006-5748MEDIUMCVSS 5.0v1.0v1.0.1+10 more2006-11-08
CVE-2006-5748 [MEDIUM] CVE-2006-5748: Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 1.5.0.8, Thu
Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger memory corruption.
nvd
CVE-2006-5462MEDIUMCVSS 6.4v1.5v1.5.0.1+5 more2006-11-08
CVE-2006-5462 [MEDIUM] CVE-2006-5462: Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.
Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates. NOTE: this identifier i
nvd
CVE-2006-4571CRITICALCVSS 10.0≤ 1.5.0.62006-09-15
CVE-2006-4571 [CRITICAL] CVE-2006-4571: Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaM
Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allow remote attackers to cause a denial of service (crash), corrupt memory, and possibly execute arbitrary code via unspecified vectors, some of which involve JavaScript, and possibly large images or plugin data.
nvdosv
CVE-2006-4565CRITICALCVSS 9.3≤ 1.5.0.62006-09-15
CVE-2006-4565 [CRITICAL] CWE-119 CVE-2006-4565: Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMon
Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a JavaScript regular expression with a "minimal quantifier."
nvdosv
CVE-2006-4566MEDIUMCVSS 5.0≤ 1.5.0.62006-09-15
CVE-2006-4566 [MEDIUM] CVE-2006-4566: Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote
Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) via a malformed JavaScript regular expression that ends with a backslash in an unterminated character set ("[\\"), which leads to a buffer over-read.
nvdosv
CVE-2006-4340MEDIUMCVSS 4.0≤ 1.5.0.62006-09-15
CVE-2006-4340 [MEDIUM] CWE-20 CVE-2006-4340: Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.
Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulner
nvdosv
CVE-2006-4568MEDIUMCVSS 4.3≥ 0, < 1.5.0.7-12006-09-15
CVE-2006-4568 [MEDIUM] CVE-2006-4568: Mozilla Firefox before 1
Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows remote attackers to bypass the security model and inject content into the sub-frame of another site via targetWindow.frames[n].document.open(), which facilitates spoofing and other attacks.
osv
CVE-2006-4567LOWCVSS 2.6≤ 1.5.0.62006-09-15
CVE-2006-4567 [LOW] CVE-2006-4567: Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it easy for users to accept self
Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it easy for users to accept self-signed certificates for the auto-update mechanism, which might allow remote user-assisted attackers to use DNS spoofing to trick users into visiting a malicious site and accepting a malicious certificate for the Mozilla update site, which can then be used to inst
nvdosv
CVE-2006-4570LOWCVSS 2.6≤ 1.5.0.62006-09-15
CVE-2006-4570 [LOW] CVE-2006-4570: Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5, with "Load Images" enabled, allows re
Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5, with "Load Images" enabled, allows remote user-assisted attackers to bypass settings that disable JavaScript via a remote XBL file in a message that is loaded when the user views, forwards, or replies to the original message.
nvdosv
CVE-2006-4569LOWCVSS 2.6≥ 0, < 1.5.0.7-12006-09-15
CVE-2006-4569 [LOW] CVE-2006-4569: The popup blocker in Mozilla Firefox before 1
The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked popups" display in the context of the Location bar instead of the subframe from which the popup originated, which might make it easier for remote user-assisted attackers to conduct cross-site scripting (XSS) attacks.
osv
CVE-2006-4253HIGHCVSS 7.6PoC≥ 0, < 1.5.0.7-12006-08-21
CVE-2006-4253 [HIGH] CVE-2006-4253: Concurrency vulnerability in Mozilla Firefox 1
Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads to a concurrency failure that causes structures to be freed incorrectly, as demonstrated by (1) ffoxdie and (2) ffoxd
osv
CVE-2006-3812LOWCVSS 2.6v1.5v1.5.0.1+5 more2006-07-29
CVE-2006-3812 [LOW] CVE-2006-3812: Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote
Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to reference remote files and possibly load chrome: URLs by tricking the user into copying or dragging links.
nvdosv
CVE-2006-3807HIGHCVSS 7.5v1.5v1.5.0.2+1 more2006-07-27
CVE-2006-3807 [HIGH] CVE-2006-3807: Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote
Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code via script that changes the standard Object() constructor to return a reference to a privileged object and calling "named JavaScript functions" that use the constructor.
nvdosv
CVE-2006-3811HIGHCVSS 7.5v1.5v1.5.0.2+1 more2006-07-27
CVE-2006-3811 [HIGH] CVE-2006-3811: Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonke
Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Javascript that leads to memory corruption, including (1) nsListControlFrame::FireMenuItemActiveEvent, (2) buffer overflows in the string class in o
nvdosv
CVE-2006-3113HIGHCVSS 7.5v1.5v1.5.0.2+1 more2006-07-27
CVE-2006-3113 [HIGH] CVE-2006-3113: Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows re
Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via simultaneous XPCOM events, which causes a timer object to be deleted in a way that triggers memory corruption.
nvdosv
CVE-2006-3805HIGHCVSS 7.5v1.5v1.5.0.2+1 more2006-07-27
CVE-2006-3805 [HIGH] CVE-2006-3805: The Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey b
The Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used.
nvdosv