Lookup for vulnerable packages by Package URL.
| Purl | pkg:mozilla/Thunderbird@24.1.0 |
|---|
| Type | mozilla |
|---|
| Namespace | |
|---|
| Name | Thunderbird |
|---|
| Version | 24.1.0 |
|---|
| Qualifiers |
|
|---|
| Subpath | |
|---|
| Is_vulnerable | false |
|---|
| Next_non_vulnerable_version | 24.1.1 |
|---|
| Latest_non_vulnerable_version | 151.0.0 |
|---|
| Affected_by_vulnerabilities |
|
|---|
| Fixing_vulnerabilities |
| 0 |
| url |
VCID-6pfh-m9fg-63gn |
| vulnerability_id |
VCID-6pfh-m9fg-63gn |
| summary |
Compiler Engineer Dan Gohman of Google discovered a flaw in
the JavaScript engine where memory was being incorrectly allocated for some
functions and the calls for allocations were not always properly checked for
overflow, leading to potential buffer overflows. When combined with other
vulnerabilities, these flaws could be potentially exploitable.
In general this flaw cannot be exploited through email in the
Thunderbird and Seamonkey products because scripting is disabled, but is
potentially a risk in browser or browser-like contexts. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2013-5595
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6pfh-m9fg-63gn |
|
| 1 |
| url |
VCID-brtx-cy5b-yubs |
| vulnerability_id |
VCID-brtx-cy5b-yubs |
| summary |
Mozilla community member Ezra Pool reported a potentially
exploitable crash on extremely large pages. This was caused when a cycle
collected image object was released on the wrong thread during decoding,
creating a race condition.
In general this flaw cannot be exploited through email in the
Thunderbird and Seamonkey products because scripting is disabled, but is
potentially a risk in browser or browser-like contexts. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2013-5596
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-brtx-cy5b-yubs |
|
| 2 |
| url |
VCID-csp5-2v9h-yqav |
| vulnerability_id |
VCID-csp5-2v9h-yqav |
| summary |
Security researcher Abhishek Arya (Inferno) of the Google
Chrome Security Team used the Address Sanitizer tool to discover a
user-after-free when interacting with HTML document templates. This leads to a
potentially exploitable crash.
In general this flaw cannot be exploited through email in the
Thunderbird and Seamonkey products because scripting is disabled, but is
potentially a risk in browser or browser-like contexts. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2013-5603
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-csp5-2v9h-yqav |
|
| 3 |
| url |
VCID-dcs6-cpsj-mkhs |
| vulnerability_id |
VCID-dcs6-cpsj-mkhs |
| summary |
Security researcher Abhishek Arya (Inferno) of the Google
Chrome Security Team used the Address Sanitizer tool to discover an access
violation due to uninitialized data during Extensible Stylesheet Language
Transformation (XSLT) processing. This leads to a potentially exploitable
crash.
In general this flaw cannot be exploited through email in the
Thunderbird and Seamonkey products because scripting is disabled, but is
potentially a risk in browser or browser-like contexts. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2013-5604
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dcs6-cpsj-mkhs |
|
| 4 |
| url |
VCID-dh2v-wp97-bkcv |
| vulnerability_id |
VCID-dh2v-wp97-bkcv |
| summary |
Mozilla developers identified and fixed several memory safety bugs in the
browser engine used in Firefox and other Mozilla-based products. Some of these
bugs showed evidence of memory corruption under certain circumstances, and we
presume that with enough effort at least some of these could be exploited to run
arbitrary code.In general these flaws cannot be exploited through email in the
Thunderbird and Seamonkey products because scripting is disabled, but are
potentially a risk in browser or browser-like contexts. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2013-5590
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dh2v-wp97-bkcv |
|
| 5 |
| url |
VCID-dmv4-6qcr-xueh |
| vulnerability_id |
VCID-dmv4-6qcr-xueh |
| summary |
Security researcher Nils used the Address Sanitizer tool
while fuzzing to discover missing strong references in browsing engine leading
to use-after-frees. This can lead to a potentially exploitable crash.
In general these flaws cannot be exploited through email in the
Thunderbird and Seamonkey products because scripting is disabled, but are
potentially a risk in browser or browser-like contexts. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2013-5599
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dmv4-6qcr-xueh |
|
| 6 |
| url |
VCID-efrb-cc78-4ygt |
| vulnerability_id |
VCID-efrb-cc78-4ygt |
| summary |
Security researcher Byoungyoung Lee of Georgia Tech
Information Security Center (GTISC) used the Address Sanitizer tool to discover
a use-after-free during state change events while updating the offline cache.
This leads to a potentially exploitable crash.
In general this flaw cannot be exploited through email in the
Thunderbird and Seamonkey products because scripting is disabled, but is
potentially a risk in browser or browser-like contexts. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2013-5597
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-efrb-cc78-4ygt |
|
| 7 |
| url |
VCID-hawk-pzyk-ybgv |
| vulnerability_id |
VCID-hawk-pzyk-ybgv |
| summary |
Security researcher Jordi Chancel discovered a method to put
arbitrary HTML content within <select> elements and place it in arbitrary
locations. This can be used to spoof the displayed addressbar, leading to
clickjacking and other spoofing attacks.
In general this flaw cannot be exploited through email in the
Thunderbird and Seamonkey products because scripting is disabled, but is
potentially a risk in browser or browser-like contexts. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2013-5593
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hawk-pzyk-ybgv |
|
| 8 |
| url |
VCID-qjqw-hjwg-kyfs |
| vulnerability_id |
VCID-qjqw-hjwg-kyfs |
| summary |
Security researcher Nils used the Address Sanitizer tool
while fuzzing to discover a memory corruption issue with the JavaScript engine
when using workers with direct proxies. This results in a potentially
exploitable crash.
In general this flaw cannot be exploited through email in the
Thunderbird and Seamonkey products because scripting is disabled, but is
potentially a risk in browser or browser-like contexts. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2013-5602
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qjqw-hjwg-kyfs |
|
|
|---|
| Risk_score | null |
|---|
| Resource_url | http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@24.1.0 |
|---|