Search for packages
| purl | pkg:rpm/redhat/thunderbird@24.2.0-1?arch=el6_5 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-62px-695g-57bk
Aliases: CVE-2013-5613 |
Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, and SeaMonkey, the worst of which may allow user-assisted execution of arbitrary code. | There are no reported fixed by versions. |
|
VCID-69g6-8d1a-kubz
Aliases: CVE-2013-6671 |
Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, and SeaMonkey, the worst of which may allow user-assisted execution of arbitrary code. | There are no reported fixed by versions. |
|
VCID-b2k8-kjmq-1kh4
Aliases: CVE-2013-5618 |
Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, and SeaMonkey, the worst of which may allow user-assisted execution of arbitrary code. | There are no reported fixed by versions. |
|
VCID-db94-kcvc-zybp
Aliases: CVE-2013-5616 |
Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, and SeaMonkey, the worst of which may allow user-assisted execution of arbitrary code. | There are no reported fixed by versions. |
|
VCID-dbre-65bp-xbf1
Aliases: CVE-2013-6674 |
Security researcher Fabián Cuchietti discovered that it was possible to bypass the restriction on JavaScript execution in mail by embedding an <iframe> with a data: URL within a message. If the victim replied or forwarded the mail after receiving it, quoting it "in-line" using Thunderbird's HTML mail editor, it would run the attached script. The running script would be restricted to the mail composition window where it could observe and potentially modify the content of the mail before it was sent. Scripts were not executed if the recipient merely viewed the mail, only if it was edited as HTML. Turning off HTML composition prevented the vulnerability and forwarding the mail "as attachment" prevented the forwarding variant.Ateeq ur Rehman Khan of Vulnerability Labs reported additional variants of this attack involving the use of the <object> tag and which could be used to attach object data types such as images, audio, or video.This affected the Thunderbird 17 branch. It was fixed in all versions based on Gecko 23 or later. Thunderbird 24 and later are not affected by this vulnerability. | There are no reported fixed by versions. |
|
VCID-gsx1-3jjx-nqan
Aliases: CVE-2013-5612 |
Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, and SeaMonkey, the worst of which may allow user-assisted execution of arbitrary code. | There are no reported fixed by versions. |
|
VCID-t5xp-1qqf-cfht
Aliases: CVE-2013-0772 |
Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, and SeaMonkey, some of which may allow a remote user to execute arbitrary code. | There are no reported fixed by versions. |
|
VCID-vg9h-jcc1-9qeg
Aliases: CVE-2013-5609 |
Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, and SeaMonkey, the worst of which may allow user-assisted execution of arbitrary code. | There are no reported fixed by versions. |
|
VCID-vhq8-wmxx-wqgt
Aliases: CVE-2013-5614 |
Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, and SeaMonkey, the worst of which may allow user-assisted execution of arbitrary code. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||