Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Mozilla Subscribe
Filtered by product Thunderbird Esr

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-2566 4 Canonical, Fujitsu, Mozilla and 1 more 25 Ubuntu Linux, M10-1, M10-1 Firmware and 22 more 2020-11-23 4.3 MEDIUM 5.9 MEDIUM
The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.
CVE-2018-5168 4 Canonical, Debian, Mozilla and 1 more 12 Ubuntu Linux, Debian Linux, Firefox and 9 more 2020-08-24 5.0 MEDIUM 5.3 MEDIUM
Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.
CVE-2018-5185 4 Canonical, Debian, Mozilla and 1 more 10 Ubuntu Linux, Debian Linux, Thunderbird and 7 more 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
Plaintext of decrypted emails can leak through by user submitting an embedded form. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
CVE-2018-5161 4 Canonical, Debian, Mozilla and 1 more 10 Ubuntu Linux, Debian Linux, Thunderbird and 7 more 2019-03-13 4.3 MEDIUM 4.3 MEDIUM
Crafted message headers can cause a Thunderbird process to hang on receiving the message. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
CVE-2018-5170 4 Canonical, Debian, Mozilla and 1 more 10 Ubuntu Linux, Debian Linux, Thunderbird and 7 more 2019-03-13 4.3 MEDIUM 4.3 MEDIUM
It is possible to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening a remote attachment which is a different file type than expected. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.