Lookup for vulnerable packages by Package URL.
| Purl | pkg:mozilla/Thunderbird%20ESR@17.0.6 |
|---|
| Type | mozilla |
|---|
| Namespace | |
|---|
| Name | Thunderbird ESR |
|---|
| Version | 17.0.6 |
|---|
| Qualifiers |
|
|---|
| Subpath | |
|---|
| Is_vulnerable | false |
|---|
| Next_non_vulnerable_version | 17.0.7 |
|---|
| Latest_non_vulnerable_version | 17.0.11 |
|---|
| Affected_by_vulnerabilities |
|
|---|
| Fixing_vulnerabilities |
| 0 |
| url |
VCID-3ed2-gkvm-87b5 |
| vulnerability_id |
VCID-3ed2-gkvm-87b5 |
| summary |
Mozilla developers identified and fixed several memory safety bugs in the
browser engine used in Firefox and other Mozilla-based products. Some of these
bugs showed evidence of memory corruption under certain circumstances, and we
presume that with enough effort at least some of these could be exploited to run
arbitrary code.In general these flaws cannot be exploited through email in the
Thunderbird product because scripting is disabled, but are
potentially a risk in browser or browser-like contexts. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2013-0801
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3ed2-gkvm-87b5 |
|
| 1 |
| url |
VCID-88s5-md25-fbfg |
| vulnerability_id |
VCID-88s5-md25-fbfg |
| summary |
Security researcher Seb Patane reported an issue with the
Mozilla Maintenance Service on Windows. This issue allows unprivileged users to
local privilege escalation through the system privileges used by the service
when interacting with local malicious software. This allows the user to bypass
integrity checks leading to local privilege escalation. Local file system access
is necessary in order for this issue to be exploitable and it cannot be
triggered through web content. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2013-1672
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-88s5-md25-fbfg |
|
| 2 |
| url |
VCID-ahfy-yfgy-2ugs |
| vulnerability_id |
VCID-ahfy-yfgy-2ugs |
| summary |
Security researcher Abhishek Arya (Inferno) of the Google
Chrome Security Team used the Address Sanitizer tool to discover a series of
use-after-free, out of bounds read, and invalid write problems rated as moderate
to critical as security issues in shipped software. Some of these issues are
potentially exploitable, allowing for remote code execution. We would also like
to thank Abhishek for reporting additional use-after-free flaws in
dir=auto code introduced during Firefox development. These were
fixed before general release. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2013-1676
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ahfy-yfgy-2ugs |
|
| 3 |
| url |
VCID-e43n-qw7k-9fh7 |
| vulnerability_id |
VCID-e43n-qw7k-9fh7 |
| summary |
Mozilla community member Ms2ger discovered that some
DOMSVGZoomEvent functions are used without being properly
initialized, causing uninitialized memory to be used when they are called by web
content. This could lead to a information leakage to sites depending on the
contents of this uninitialized memory.
In general these flaws cannot be exploited through email in the
Thunderbird product because scripting is disabled, but are
potentially a risk in browser or browser-like contexts. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2013-1675
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-e43n-qw7k-9fh7 |
|
| 4 |
| url |
VCID-m5ja-e7ub-juhq |
| vulnerability_id |
VCID-m5ja-e7ub-juhq |
| summary |
Security researcher Cody Crews reported a method to call a
content level constructor that allows for this constructor to have chrome
privileged access. This affects chrome object wrappers (COW) and allows for
write actions on objects when only read actions should be allowed. This can lead
to cross-site scripting (XSS) attacks.
In general these flaws cannot be exploited through email in the
Thunderbird product because scripting is disabled, but are
potentially a risk in browser or browser-like contexts. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2013-1670
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-m5ja-e7ub-juhq |
|
| 5 |
| url |
VCID-qrrc-agxp-bybe |
| vulnerability_id |
VCID-qrrc-agxp-bybe |
| summary |
Security researcher Nils reported a use-after-free when
resizing video while playing. This could allow for arbitrary code execution.
In general these flaws cannot be exploited through email in the
Thunderbird product because scripting is disabled, but are
potentially a risk in browser or browser-like contexts. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2013-1674
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qrrc-agxp-bybe |
|
|
|---|
| Risk_score | null |
|---|
| Resource_url | http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird%2520ESR@17.0.6 |
|---|