Lookup for vulnerable packages by Package URL.
| Purl | pkg:mozilla/Thunderbird@10.0.0 |
|---|
| Type | mozilla |
|---|
| Namespace | |
|---|
| Name | Thunderbird |
|---|
| Version | 10.0.0 |
|---|
| Qualifiers |
|
|---|
| Subpath | |
|---|
| Is_vulnerable | false |
|---|
| Next_non_vulnerable_version | 10.0.1 |
|---|
| Latest_non_vulnerable_version | 151.0.0 |
|---|
| Affected_by_vulnerabilities |
|
|---|
| Fixing_vulnerabilities |
| 0 |
| url |
VCID-d18w-azwz-nuhn |
| vulnerability_id |
VCID-d18w-azwz-nuhn |
| summary |
Vitaly Nevgen reported that an attacker could replace a
sub-frame in another domain's document by using the name attribute of the
sub-frame as a form submission target. This can potentially allow for phishing
attacks against users and violates the HTML5 frame navigation policy.
Firefox 3.6 and Thunderbird 3.1 are not affected by this
vulnerability. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2012-0445
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-d18w-azwz-nuhn |
|
| 1 |
| url |
VCID-g4c9-yy3u-aqaw |
| vulnerability_id |
VCID-g4c9-yy3u-aqaw |
| summary |
Mozilla developers identified and fixed several memory safety bugs
in the browser engine used in Firefox and other Mozilla-based
products. Some of these bugs showed evidence of memory corruption
under certain circumstances, and we presume that with enough effort at
least some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2012-0443
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-g4c9-yy3u-aqaw |
|
| 2 |
| url |
VCID-jq9x-1rxz-1qb2 |
| vulnerability_id |
VCID-jq9x-1rxz-1qb2 |
| summary |
Mozilla developer Tim Abraldes reported that when encoding
images as image/vnd.microsoft.icon the resulting data was always a
fixed size, with uninitialized memory appended as padding beyond the size of the
actual image. This is the result of mImageBufferSize in the encoder being
initialized with a value different than the size of the source image. There is
the possibility of sensitive data from uninitialized memory being appended to a
PNG image when converted from an ICO format image. This sensitive data may then
be disclosed in the resulting image.
Firefox 3.6 and Thunderbird 3.1 are not affected by this
vulnerability. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2012-0447
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jq9x-1rxz-1qb2 |
|
| 3 |
| url |
VCID-n4a2-kntd-sug6 |
| vulnerability_id |
VCID-n4a2-kntd-sug6 |
| summary |
Mozilla security researcher moz_bug_r_a4 reported that frame
scripts bypass XPConnect security checks when calling untrusted objects. This
allows for cross-site scripting (XSS) attacks through web pages and Firefox
extensions. The fix enables the Script Security Manager (SSM) to force security
checks on all frame scripts.
Firefox 3.6 and Thunderbird 3.1 are not affected by this
vulnerability. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2012-0446
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-n4a2-kntd-sug6 |
|
| 4 |
| url |
VCID-nbbh-ws5y-3uh4 |
| vulnerability_id |
VCID-nbbh-ws5y-3uh4 |
| summary |
Security researcher regenrecht reported via
TippingPoint's Zero Day Initiative the possibility of memory corruption during
the decoding of Ogg Vorbis files. This can cause a crash during decoding and has
the potential for remote code execution. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2012-0444
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nbbh-ws5y-3uh4 |
|
| 5 |
| url |
VCID-rdhz-96c5-mka3 |
| vulnerability_id |
VCID-rdhz-96c5-mka3 |
| summary |
Security researchers Nicolas Grégoire and Aki
Helin independently reported that when processing a malformed
embedded XSLT stylesheet, Firefox can crash due to a memory corruption.
While there is no evidence that this is directly exploitable, there is
a possibility of remote code execution. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2012-0449
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rdhz-96c5-mka3 |
|
| 6 |
| url |
VCID-scmh-n3kp-yqas |
| vulnerability_id |
VCID-scmh-n3kp-yqas |
| summary |
Security researcher regenrecht reported via
TippingPoint's Zero Day Initiative that removed child nodes of nsDOMAttribute
can be accessed under certain circumstances because of a premature notification
of AttributeChildRemoved. This use-after-free of the child nodes could possibly
allow for remote code execution. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2011-3659
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-scmh-n3kp-yqas |
|
|
|---|
| Risk_score | null |
|---|
| Resource_url | http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@10.0.0 |
|---|