Search Results (Refine Search)
- CPE Product Version: cpe:/a:mozilla:thunderbird:3.1.5
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2010-3776 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Published: December 10, 2010; 2:00:02 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3769 |
The line-breaking implementation in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 on Windows does not properly handle long strings, which allows remote attackers to execute arbitrary code via a crafted document.write call that triggers a buffer over-read. Published: December 10, 2010; 2:00:02 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3768 |
Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 do not properly validate downloadable fonts before use within an operating system's font implementation, which allows remote attackers to execute arbitrary code via vectors related to @font-face Cascading Style Sheets (CSS) rules. Published: December 10, 2010; 2:00:02 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3765 |
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware. Published: October 27, 2010; 8:00:05 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-1585 |
The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remote attackers to execute arbitrary JavaScript with chrome privileges via a javascript: URI in input to an extension, as demonstrated by a javascript:alert sequence in (1) the HREF attribute of an A element or (2) the ACTION attribute of a FORM element. Published: April 28, 2010; 6:30:00 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |