Download
| Alert*
oval:org.secpod.oval:def:53486
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:701026 thunderbird: Mozilla Open Source mail and newsgroup client Details: USN-1551-1 fixed vulnerabilities in Thunderbird. The new package caused a regression in the message editor and certain performance regressions as well. This update fixes the problems. Original advisory USN-1551-1 introduced regressi ... oval:org.secpod.oval:def:200370 Mozilla Thunderbird is a standalone mail and newsgroup client. It was found that a Certificate Authority issued a fraudulent HTTPS certificate. This update renders any HTTPS certificates signed by that CA as untrusted, except for a select few. The now untrusted certificates that were issued before ... oval:org.secpod.oval:def:120220 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:106494 thunderbird is installed oval:org.secpod.oval:def:200228 Mozilla Thunderbird is a standalone mail and newsgroup client. The RHSA-2011:1243 Thunderbird update rendered HTTPS certificates signed by a certain Certificate Authority as untrusted, but made an exception for a select few. This update removes that exception, rendering every HTTPS certificate sign ... oval:org.secpod.oval:def:201508 Mozilla Thunderbird is a standalone mail and newsgroup client. The RHSA-2011:1243 Thunderbird update rendered HTTPS certificates signed by a certain Certificate Authority as untrusted, but made an exception for a select few. This update removes that exception, rendering every HTTPS certificate sign ... oval:org.secpod.oval:def:201537 Mozilla Thunderbird is a standalone mail and newsgroup client. It was found that a Certificate Authority issued a fraudulent HTTPS certificate. This update renders any HTTPS certificates signed by that CA as untrusted, except for a select few. The now untrusted certificates that were issued before ... oval:org.secpod.oval:def:500152 Mozilla Thunderbird is a standalone mail and newsgroup client. This erratum blacklists a small number of HTTPS certificates. This update also fixes the following bug: * The RHSA-2011:0312 and RHSA-2011:0311 updates introduced a regression, preventing some Java content and plug-ins written in Java f ... oval:org.secpod.oval:def:500168 Mozilla Thunderbird is a standalone mail and newsgroup client. It was found that a Certificate Authority issued a fraudulent HTTPS certificate. This update renders any HTTPS certificates signed by that CA as untrusted, except for a select few. The now untrusted certificates that were issued before ... oval:org.secpod.oval:def:500134 Mozilla Thunderbird is a standalone mail and newsgroup client. The RHSA-2011:1243 Thunderbird update rendered HTTPS certificates signed by a certain Certificate Authority as untrusted, but made an exception for a select few. This update removes that exception, rendering every HTTPS certificate sign ... oval:org.secpod.oval:def:117088 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:116648 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:118391 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:1503304 An updated thunderbird package that fixes one security issue and one bug is now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. Description Mozilla Thunderbird is a standalone mail and newsgroup client. ... oval:org.secpod.oval:def:1503205 An updated thunderbird package that fixes one security issue is now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. Description Mozilla Thunderbird is a standalone mail and newsgroup client. It was foun ... oval:org.secpod.oval:def:1503561 An updated thunderbird package that fixes one security issue is now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. Description Mozilla Thunderbird is a standalone mail and newsgroup client. The RHSA-20 ... oval:org.secpod.oval:def:116179 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:50981 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:700980 thunderbird: Mozilla Open Source mail and newsgroup client Multiple security issues were fixed in Thunderbird. oval:org.secpod.oval:def:201505 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. An HTML mail message containing malicious content could possibly lead to arbitrary code execution with the privileges of the user running Thunderbird. An arbitrary me ... oval:org.secpod.oval:def:201513 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. An HTML mail message containing malicious content could possibly lead to arbitrary code execution with the privileges of the user running Thunderbird. An arbitrary me ... oval:org.secpod.oval:def:701045 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:120885 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:201746 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running ... oval:org.secpod.oval:def:500484 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running ... oval:org.secpod.oval:def:201868 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running ... oval:org.secpod.oval:def:1503212 An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ... oval:org.secpod.oval:def:500410 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Note: JavaScript ... oval:org.secpod.oval:def:500399 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. HTML containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Note: ... oval:org.secpod.oval:def:500341 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running ... oval:org.secpod.oval:def:500433 Mozilla Thunderbird is a standalone mail and newsgroup client. A race condition flaw was found in the way Thunderbird handled Document Object Model element properties. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the ... oval:org.secpod.oval:def:500444 Mozilla Thunderbird is a standalone mail and newsgroup client. A race condition flaw was found in the way Thunderbird handled Document Object Model element properties. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the ... oval:org.secpod.oval:def:201709 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running ... oval:org.secpod.oval:def:201761 Mozilla Thunderbird is a standalone mail and newsgroup client. A race condition flaw was found in the way Thunderbird handled Document Object Model element properties. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the ... oval:org.secpod.oval:def:201767 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running ... oval:org.secpod.oval:def:201883 Mozilla Thunderbird is a standalone mail and newsgroup client. A race condition flaw was found in the way Thunderbird handled Document Object Model element properties. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the ... oval:org.secpod.oval:def:701059 thunderbird: Mozilla Open Source mail and newsgroup client Details: USN-1620-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Thunderbird. Please note that Thunderbird is only affected by window.location issues through RSS feeds and extensions that load web cont ... oval:org.secpod.oval:def:701075 thunderbird: Mozilla Open Source mail and newsgroup client Multiple security issues were fixed in Thunderbird. oval:org.secpod.oval:def:700940 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:201553 Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled malformed JPEG images. An HTML mail message containing a malicious JPEG image could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user runnin ... oval:org.secpod.oval:def:201526 Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled malformed JPEG images. An HTML mail message containing a malicious JPEG image could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user runnin ... oval:org.secpod.oval:def:201623 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found ... oval:org.secpod.oval:def:201659 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found ... oval:org.secpod.oval:def:201539 Mozilla Thunderbird is a standalone mail and newsgroup client. A cross-site scripting flaw was found in the way Thunderbird handled certain multibyte character sets. Malicious, remote content could cause Thunderbird to run JavaScript code with the permissions of different remote content. Note: Thi ... oval:org.secpod.oval:def:201509 Mozilla Thunderbird is a standalone mail and newsgroup client. A cross-site scripting flaw was found in the way Thunderbird handled certain multibyte character sets. Malicious, remote content could cause Thunderbird to run JavaScript code with the permissions of different remote content. Note: Thi ... oval:org.secpod.oval:def:700909 thunderbird: Mozilla Open Source mail and newsgroup client Details: USN-1463-1 fixed vulnerabilities in Firefox. This update provides the corresponding fixes for Thunderbird. Original advisory Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:201554 Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled frame objects with certain names. An attacker could use this flaw to cause a plug-in to grant its content access to another site or the local file system, violating the same-origin policy. ... oval:org.secpod.oval:def:201528 Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled frame objects with certain names. An attacker could use this flaw to cause a plug-in to grant its content access to another site or the local file system, violating the same-origin policy. ... oval:org.secpod.oval:def:121742 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:505222 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.5.1. Security Fix: * Mozilla: Stack overflow due to incorrect parsing of SMTP server response codes For more details about the security issue, including the impact, a CVSS score, acknowledg ... oval:org.secpod.oval:def:122040 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:122188 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:700855 thunderbird: Mozilla Open Source mail and newsgroup client Details: USN-1430-1 fixed vulnerabilities in Firefox. This update provides the corresponding fixes for Thunderbird. Original advisory Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:705315 thunderbird: Mozilla Open Source mail and newsgroup client Details: USN-4202-1 fixed vulnerabilities in Thunderbird. After upgrading, Thunderbird created a new profile for some users. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-4202-1 caused a regression ... oval:org.secpod.oval:def:106154 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:106301 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:106362 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:106493 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:106560 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:106860 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:106911 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:107045 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:107298 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:107324 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:107822 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:107874 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:107996 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:108011 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:108210 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:108611 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:108837 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:108857 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:108865 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:109288 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:109351 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:109573 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:109857 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:109902 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:72093 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:204731 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.5.2. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:110431 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:111312 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:204716 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.5.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:204774 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.7.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 * Mozilla: Memory safety bugs fixed in Firefox ESR 52.7 * Mozilla: Vorbis audio processing out o ... oval:org.secpod.oval:def:204751 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.6.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:701721 thunderbird is installed oval:org.secpod.oval:def:118824 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:202258 Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the processing of malformed content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ma ... oval:org.secpod.oval:def:110481 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:204492 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.1.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:202286 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Two flaws were found in the ... oval:org.secpod.oval:def:110564 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:204855 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.9.1. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 * Mozilla: Buffer overflow using computed size of canvas element * Mozilla: Use ... oval:org.secpod.oval:def:202225 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. Sever ... oval:org.secpod.oval:def:204814 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.8.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 * Mozilla: Backport critical security fixes in Skia * Mozilla: Use-after-free with SVG animations ... oval:org.secpod.oval:def:110197 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:204573 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.4.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:119007 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:204522 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.2.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:202348 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Note: CVE-2011-3101 only af ... oval:org.secpod.oval:def:202323 Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in Sanitiser for OpenType , used by Thunderbird to help prevent potential exploits in malformed OpenType fonts. Malicious content could cause Thunderbird to crash or, under certain conditions, possibly execute arbitrary ... oval:org.secpod.oval:def:119417 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:118589 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:117206 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:117205 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:66508 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.3.0. Security Fix: * Mozilla: Use-after-free in worker destruction * Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 * Mozilla: Buffer overflow in plain text serialize ... oval:org.secpod.oval:def:118626 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:66525 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.5.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5 * Mozilla: Out-of-bounds read when processing certain email messages * Mozilla: Setting a master p ... oval:org.secpod.oval:def:117707 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:105753 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:202493 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A buffer overflow flaw was ... oval:org.secpod.oval:def:202483 Mozilla Thunderbird is a standalone mail and newsgroup client. Multiple flaws were found in the location object implementation in Thunderbird. Malicious content could be used to perform cross-site scripting attacks, bypass the same-origin policy, or cause Thunderbird to execute arbitrary code. Red ... oval:org.secpod.oval:def:202060 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. Sever ... oval:org.secpod.oval:def:119047 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:70144 thunderbird - Mozilla Open Source mail and newsgroup client. Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:202431 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Content containing a malici ... oval:org.secpod.oval:def:119126 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:202400 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Malicious content could byp ... oval:org.secpod.oval:def:202475 Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled security wrappers. Malicious content could cause Thunderbird to execute arbitrary code with the privileges of the user running Thunderbird. Red Hat would like to thank the Mozilla project ... oval:org.secpod.oval:def:204641 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.3.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:202467 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Two flaws in Thunderbird co ... oval:org.secpod.oval:def:117319 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:66569 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.12.0. Security Fix: * Mozilla: Attacker-induced prompt for extension installation * Mozilla: Use-After-Free when aborting an operation For more details about the security issue, including ... oval:org.secpod.oval:def:503464 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.3.0. Security Fix: * Mozilla: Use-after-free in worker destruction * Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 * Mozilla: Buffer overflow in plain text serialize ... oval:org.secpod.oval:def:503468 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.3.0. Security Fix: * Mozilla: Use-after-free in worker destruction * Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 * Mozilla: Buffer overflow in plain text serialize ... oval:org.secpod.oval:def:503465 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.3.0. Security Fix: * Mozilla: Use-after-free in worker destruction * Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 * Mozilla: Buffer overflow in plain text serialize ... oval:org.secpod.oval:def:503486 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.4.1. Security Fix: * Mozilla: IonMonkey type confusion with StoreElementHole and FallibleStoreElement * Mozilla: Bypass of @namespace CSS sanitization during pasting * Mozilla: Type Confus ... oval:org.secpod.oval:def:503484 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.4.1. Security Fix: * Mozilla: IonMonkey type confusion with StoreElementHole and FallibleStoreElement * Mozilla: Bypass of @namespace CSS sanitization during pasting * Mozilla: Type Confus ... oval:org.secpod.oval:def:503489 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.4.1. Security Fix: * Mozilla: IonMonkey type confusion with StoreElementHole and FallibleStoreElement * Mozilla: Bypass of @namespace CSS sanitization during pasting * Mozilla: Type Confus ... oval:org.secpod.oval:def:124700 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:1505979 [91.13.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build [91.13.0-1] - Update to 91.13.0 build1 oval:org.secpod.oval:def:1505974 [91.13.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [91.13.0-1] - Update to 91.13.0 build1 oval:org.secpod.oval:def:507127 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.13.0. Security Fix: * Mozilla: Address bar spoofing via XSLT error handling * Mozilla: Cross-origin XSLT Documents would have inherited the parent"s permissions * Mozilla: Memory safety bu ... oval:org.secpod.oval:def:507124 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.13.0. Security Fix: * Mozilla: Address bar spoofing via XSLT error handling * Mozilla: Cross-origin XSLT Documents would have inherited the parent"s permissions * Mozilla: Memory safety bu ... oval:org.secpod.oval:def:64155 Multiple security issues have been found in Thunderbird which could result in the setup of a non-encrypted IMAP connection, denial of service or potentially the execution of arbitrary code. oval:org.secpod.oval:def:57459 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:66443 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.7.2. Security Fix: * Mozilla: Type confusion in Array.pop * thunderbird: Stack buffer overflow in icalrecur_add_bydayrules in icalrecur.c * Mozilla: Sandbox escape using Prompt:Open * thu ... oval:org.secpod.oval:def:506967 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.9.1. Security Fix: * Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution * Mozilla: Prototype pollution in Top-Level Await implementation For more d ... oval:org.secpod.oval:def:507125 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.13.0. Security Fix: * Mozilla: Address bar spoofing via XSLT error handling * Mozilla: Cross-origin XSLT Documents would have inherited the parent"s permissions * Mozilla: Memory safety bu ... oval:org.secpod.oval:def:124208 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:122133 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:124304 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:121344 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:124480 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:121886 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:123686 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:122339 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:122412 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:122299 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:124483 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:606095 An out-of-bounds write was discovered in Thunderbird, which could be triggered via a malformed email message. oval:org.secpod.oval:def:606122 Two security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. oval:org.secpod.oval:def:79851 Two security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. oval:org.secpod.oval:def:606185 Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code or information disclosure. oval:org.secpod.oval:def:79859 Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code or information disclosure. oval:org.secpod.oval:def:1505983 [91.13.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Reference oracle-indexhtml within Requires [Orabug: 33802044] [91.13.0-1] - Update to 91.13.0 build1 oval:org.secpod.oval:def:1505863 [91.9.1-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Reference oracle-indexhtml within Requires [Orabug: 33802044] [91.9.1-1] - Update to 91.9.1 build1 oval:org.secpod.oval:def:202130 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. Sever ... oval:org.secpod.oval:def:202104 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. Sever ... oval:org.secpod.oval:def:500513 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. Sever ... oval:org.secpod.oval:def:500689 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. Sever ... oval:org.secpod.oval:def:202160 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. Sever ... oval:org.secpod.oval:def:500494 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. Sever ... oval:org.secpod.oval:def:201996 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. Sever ... oval:org.secpod.oval:def:64139 Multiple security issues have been found in Thunderbird which could result in spoofing the displayed sender email address, denial of service or potentially the execution of arbitrary code. oval:org.secpod.oval:def:66549 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.8.0. Security Fix: * Mozilla: Use-after-free during worker shutdown * Mozilla: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 * usrsctp: Buffer overflow in AUTH chunk input va ... oval:org.secpod.oval:def:66448 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.8.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 * Mozilla: Sandbox escape via installation of malicious language pack * Mozilla: Script injection ... oval:org.secpod.oval:def:54108 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:111672 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:111681 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:111848 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:111865 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:111975 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:111983 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:112105 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:112147 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:112335 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:112491 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:125221 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:113092 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:113125 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:113360 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:113464 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:113663 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:113747 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:113772 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:113853 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:113868 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:113992 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:114219 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:114548 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:114557 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:114792 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:114952 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:115101 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:125369 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:125419 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:125557 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:503567 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.6.0. Security Fix: * Mozilla: Use-after-free when removing data about origins * Mozilla: BodyStream::OnInputStreamReady was missing protections against state confusion * Mozilla: Use-after ... oval:org.secpod.oval:def:503568 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.6.0. Security Fix: * Mozilla: Use-after-free when removing data about origins * Mozilla: BodyStream::OnInputStreamReady was missing protections against state confusion * Mozilla: Use-after ... oval:org.secpod.oval:def:503569 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.6.0. Security Fix: * Mozilla: Use-after-free when removing data about origins * Mozilla: BodyStream::OnInputStreamReady was missing protections against state confusion * Mozilla: Use-after ... oval:org.secpod.oval:def:66533 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.6.0. Security Fix: * Mozilla: Use-after-free when removing data about origins * Mozilla: BodyStream::OnInputStreamReady was missing protections against state confusion * Mozilla: Use-after ... oval:org.secpod.oval:def:115222 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:115277 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:115290 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:115401 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:115424 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:115915 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:116122 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:116136 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:202270 Mozilla Thunderbird is a standalone mail and newsgroup client. A heap-based buffer overflow flaw was found in the way Thunderbird handled PNG images. An HTML mail message or remote content containing a specially-crafted PNG image could cause Thunderbird to crash or, possibly, execute arbitrary code ... oval:org.secpod.oval:def:202251 Mozilla Thunderbird is a standalone mail and newsgroup client. A use-after-free flaw was found in the way Thunderbird removed nsDOMAttribute child nodes. In certain circumstances, due to the premature notification of AttributeChildRemoved, a malicious script could possibly use this flaw to cause Thu ... oval:org.secpod.oval:def:202288 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Two flaws were found in the ... oval:org.secpod.oval:def:202398 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Malicious content could byp ... oval:org.secpod.oval:def:202353 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Note: CVE-2011-3101 only af ... oval:org.secpod.oval:def:202320 Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in Sanitiser for OpenType , used by Thunderbird to help prevent potential exploits in malformed OpenType fonts. Malicious content could cause Thunderbird to crash or, under certain conditions, possibly execute arbitrary ... oval:org.secpod.oval:def:202495 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A buffer overflow flaw was ... oval:org.secpod.oval:def:202482 Mozilla Thunderbird is a standalone mail and newsgroup client. Multiple flaws were found in the location object implementation in Thunderbird. Malicious content could be used to perform cross-site scripting attacks, bypass the same-origin policy, or cause Thunderbird to execute arbitrary code. Red ... oval:org.secpod.oval:def:202432 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Content containing a malici ... oval:org.secpod.oval:def:202474 Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled security wrappers. Malicious content could cause Thunderbird to execute arbitrary code with the privileges of the user running Thunderbird. Red Hat would like to thank the Mozilla project ... oval:org.secpod.oval:def:202466 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Two flaws in Thunderbird co ... oval:org.secpod.oval:def:204495 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.1.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:204572 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.4.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:204552 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.3.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:204523 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.2.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:204732 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.5.2. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:204712 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.5.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:204775 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.7.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 * Mozilla: Memory safety bugs fixed in Firefox ESR 52.7 * Mozilla: Vorbis audio processing out o ... oval:org.secpod.oval:def:204750 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.6.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:204858 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.9.1. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 * Mozilla: Buffer overflow using computed size of canvas element * Mozilla: Use ... oval:org.secpod.oval:def:204897 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.2.1. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 * Mozilla: Use-after-free in driver timers * Mozilla: Use-after-free in IndexedDB * Mozilla: Prox ... oval:org.secpod.oval:def:204812 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.8.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 * Mozilla: Backport critical security fixes in Skia * Mozilla: Use-after-free with SVG animations ... oval:org.secpod.oval:def:125950 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:125909 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:507409 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.5.0. Security Fix: * Mozilla: Service Workers might have learned size of cross-origin media files * Mozilla: Fullscreen notification bypass * Mozilla: Use-after-free in InputStream implem ... oval:org.secpod.oval:def:507415 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.5.0. Security Fix: * Mozilla: Service Workers might have learned size of cross-origin media files * Mozilla: Fullscreen notification bypass * Mozilla: Use-after-free in InputStream implem ... oval:org.secpod.oval:def:507414 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.5.0. Security Fix: * Mozilla: Service Workers might have learned size of cross-origin media files * Mozilla: Fullscreen notification bypass * Mozilla: Use-after-free in InputStream implem ... oval:org.secpod.oval:def:1506196 [102.5.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build [102.5.0-2] - Update to 102.5.0 build2 [102.5.0-1] - Update to 102.5.0 build1 [102.4.0-1] - Update to 102.4.0 build1 oval:org.secpod.oval:def:1506214 [102.5.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.5.0-2] - Update to 102.5.0 build2 [102.5.0-1] - Update to 102.5.0 build1 oval:org.secpod.oval:def:506974 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.10.0. Security Fix: * Mozilla: Braille space character caused incorrect sender email to be shown for a digitally signed email * Mozilla: Cross-Origin resource"s length leaked * Mozilla: He ... oval:org.secpod.oval:def:506980 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.10.0. Security Fix: * Mozilla: Braille space character caused incorrect sender email to be shown for a digitally signed email * Mozilla: Cross-Origin resource"s length leaked * Mozilla: He ... oval:org.secpod.oval:def:506981 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.10.0. Security Fix: * Mozilla: Braille space character caused incorrect sender email to be shown for a digitally signed email * Mozilla: Cross-Origin resource"s length leaked * Mozilla: He ... oval:org.secpod.oval:def:1505865 [91.11.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Reference oracle-indexhtml within Requires [Orabug: 33802044] [91.11.0-2] - Update to 91.11.0 build2 [91.11.0-1] - Update to 91.11.0 build1 oval:org.secpod.oval:def:1505881 [91.10.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Reference oracle-indexhtml within Requires [Orabug: 33802044] [91.10.0-1] - Update to 91.10.0 build1 oval:org.secpod.oval:def:1505822 [91.11.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build [91.11.0-2] - Update to 91.11.0 build2 [91.11.0-1] - Update to 91.11.0 build1 oval:org.secpod.oval:def:608637 Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:608320 Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:506966 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.9.0. Security Fix: * Mozilla: Bypassing permission prompt in nested browsing contexts * Mozilla: iframe Sandbox bypass * Mozilla: Fullscreen notification bypass using popups * Mozilla: Le ... oval:org.secpod.oval:def:88531 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:1505870 [91.9.0-3.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Reference oracle-indexhtml within Requires [Orabug: 33802044] [91.9.0-3] - Update to 91.9.0 build3 [91.9.0-2] - Update to 91.9.0 build2 [91.9.0-1] - Update to 91.9.0 oval:org.secpod.oval:def:79890 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:78148 Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:507230 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.4.0. Security Fix: * Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack by malicious server administrators * Mozilla: Matrix SDK bundled with Thunderbird vu ... oval:org.secpod.oval:def:507247 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.4.0. Security Fix: * Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack by malicious server administrators * Mozilla: Matrix SDK bundled with Thunderbird vu ... oval:org.secpod.oval:def:507246 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.4.0. Security Fix: * Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack by malicious server administrators * Mozilla: Matrix SDK bundled with Thunderbird vu ... oval:org.secpod.oval:def:85611 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:1506317 [102.6.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build [102.6.0-2] - Update to 102.6.0 build2 [102.6.0-1] - Update to 102.6.0 build1 [102.5.0-3] - Use openssl for the librnp crypto backend to enable the openpgp encryption oval:org.secpod.oval:def:1506318 [102.6.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.6.0-2] - Update to 102.6.0 build2 [102.6.0-1] - Update to 102.6.0 build1 [102.5.0-3] - Use openssl for the librnp crypto backend to enable the openpgp encryption oval:org.secpod.oval:def:1506320 [102.6.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.6.0-2] - Update to 102.6.0 build2 [102.6.0-1] - Update to 102.6.0 build1 [102.5.0-3] - Use openssl for the librnp crypto backend to enable the openpgp encryption oval:org.secpod.oval:def:506030 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.10.0. Security Fix: * Mozilla: Out of bound write due to lazy initialization * Mozilla: Use-after-free in Responsive Design Mode * Mozilla: More internal network hosts could have been prob ... oval:org.secpod.oval:def:506031 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.10.0. Security Fix: * Mozilla: Out of bound write due to lazy initialization * Mozilla: Use-after-free in Responsive Design Mode * Mozilla: More internal network hosts could have been prob ... oval:org.secpod.oval:def:71613 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.10.0. Security Fix: * Mozilla: Out of bound write due to lazy initialization * Mozilla: Use-after-free in Responsive Design Mode * Mozilla: More internal network hosts could have been prob ... oval:org.secpod.oval:def:126272 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:126266 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:4501251 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.3.0. Security Fix: * Mozilla: Use-after-free in HTTP2 Session object * Mozilla: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3 * Mozilla: iframe sandbox rules did not apply to X ... oval:org.secpod.oval:def:88444 Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code or information disclosure. oval:org.secpod.oval:def:2500906 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:2600121 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:500790 Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in Sanitiser for OpenType , used by Thunderbird to help prevent potential exploits in malformed OpenType fonts. Malicious content could cause Thunderbird to crash or, under certain conditions, possibly execute arbitrary ... oval:org.secpod.oval:def:1503916 An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity rating ... oval:org.secpod.oval:def:1063 Mozilla Thunderbird is installed on Mac OS. oval:org.secpod.oval:def:2004244 This CVE is missing description oval:org.secpod.oval:def:75784 The host is missing a high severity security update according to the Mozilla advisory MFSA2021-50 and is prone to multiple vulnerabilities. The flas are present in the application, which fails to properly handle unspecified vectors. Successful exploitation allows an attacker to have unspecified impa ... oval:org.secpod.oval:def:2500392 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:14258 Mozilla Thunderbird ESR is installed on Mac OS. oval:org.secpod.oval:def:1062 The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to unspecified vulnerability. A flaw is present in the application, which fails to handle browser engine. Successful exploitation could allow remote attackers to cause a denial of service (memory corruption ... oval:org.secpod.oval:def:1065 The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to directory traversal vulnerability. A flaw is present in the application, which fails to handle vectors involving a resource: URL. Successful exploitation could allow remote attackers to determine the exis ... oval:org.secpod.oval:def:1066 The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle browser engine. Successful exploitation could allow remote attackers to cause a denial of service (memory corru ... oval:org.secpod.oval:def:1067 The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to unspecified vulnerability. A flaw is present in the application, which fails to handle nsDirIndexParser. Successful exploitation could allow remote attackers to cause a denial of service (memory corruptio ... oval:org.secpod.oval:def:10674 The host is installed with Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5 or SeaMonkey before 2.17 and is prone to untrusted search path vulnerability. A flaw is present in the applications, which fail to handle a Trojan hor ... oval:org.secpod.oval:def:10682 The host is missing a security update according to Mozilla advisory, MFSA 2013-34. The update is required to fix untrusted search path vulnerability. A flaw is present in the applications, which fail to handle a Trojan horse DLL file in an unspecified directory. Successful exploitation allows local ... oval:org.secpod.oval:def:1069 The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle memory safety issues. Successful exploitation could allow remote attackers to cause a denial of service (memory ... oval:org.secpod.oval:def:1070 The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle memory safety issues. Successful exploitation could allow remote attackers to cause a denial of service (memory ... oval:org.secpod.oval:def:1071 The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle memory safety issues. Successful exploitation could allow remote attackers to cause a denial of service (memory ... oval:org.secpod.oval:def:1072 The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle memory safety issues. Successful exploitation could allow remote attackers to cause a denial of service (memory ... oval:org.secpod.oval:def:1074 The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle memory safety issues. Successful exploitation could allow remote attackers to cause a denial of service (memory ... oval:org.secpod.oval:def:500219 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. An HTML mail message containing malicious content could possibly lead to arbitrary code execution with the privileges of the user running Thunderbird. An arbitrary me ... oval:org.secpod.oval:def:1075 The host is installed with Mozilla Firefox or Mozilla Thunderbird or SeaMonkey and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle memory safety issues. Successful exploitation could allow remote attackers to cause a denial of service (memory ... oval:org.secpod.oval:def:1503532 An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ... oval:org.secpod.oval:def:500124 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. An HTML mail message containing malicious content could possibly lead to arbitrary code execution with the privileges of the user running Thunderbird. An arbitrary me ... oval:org.secpod.oval:def:16246 Firefox user Sijie Xia reported that if a user explicitly removes the trust for extended validation (EV) capable root certificates in the certificate manager, the change is not properly used when validating EV certificates, causing the setting to be ignored. This removes the ability of users to exp ... oval:org.secpod.oval:def:16248 Mozilla developer Eric Faust reported that during JavaScript compilation GetElementIC typed array stubs can be generated outside observed typesets. This could lead to unpredictable behavior with a potential security impact. oval:org.secpod.oval:def:16250 Google notified Mozilla that an intermediate certificate, which chains up to a root included in Mozilla's root store, was loaded into a man-in-the-middle (MITM) traffic management device. This certificate was issued by Agence nationale de la scurit des systmesd' information (ANSSI), an agency of th ... oval:org.secpod.oval:def:16257 The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does not properly enforce certain typeset restrictions on the generation of GetElementIC typed array stubs, which has unspecified impact and remote attack ve ... oval:org.secpod.oval:def:16262 Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circumstances via a valid ... oval:org.secpod.oval:def:16290 Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a user-after-free when interacting with HTML document templates. This leads to a potentially exploitable crash. oval:org.secpod.oval:def:16292 Security researcher Jordi Chancel discovered a method to put arbitrary HTML content within lt;selectgt; elements and place it in arbitrary locations. This can be used to spoof the displayed addressbar, leading to clickjacking and other spoofing attacks. oval:org.secpod.oval:def:16295 Mozilla community member Ezra Pool reported a potentially exploitable crash on extremely large pages. This was caused when a cycle collected image object was released on the wrong thread during decoding, creating a race condition. oval:org.secpod.oval:def:16299 Unspecified vulnerability in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unkno ... oval:org.secpod.oval:def:16301 The SELECT element implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly restrict the nature or placement of HTML within a dropdown menu, which allows remote attackers to spoof the address bar or conduct clic ... oval:org.secpod.oval:def:16303 The cycle collection (CC) implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly determine the thread for release of an image object, which allows remote attackers to execute arbitrary code or cause a denial o ... oval:org.secpod.oval:def:16310 Use-after-free vulnerability in the nsContentUtils::ContentIsHostIncludingDescendantOf function in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory ... oval:org.secpod.oval:def:16329 Security researcher Seb Patane reported stack buffer overflows in both the Maintenance Service and the Mozilla Updater when unexpectedly long paths were encountered. A local attacker could pass these as command-line arguments to the Maintenance Service to crash either program and potentially lead t ... oval:org.secpod.oval:def:16334 Security researcher Ash reported an issue with the Mozilla Updater on Windows 7 and later versions of Windows. On vulnerable platforms, the Mozilla Updater can be made to load a specific malicious DLL file from the local system. This DLL file can run in a privileged context through the Mozilla Main ... oval:org.secpod.oval:def:16360 Stack-based buffer overflow in maintenanceservice.exe in the Mozilla Maintenance Service in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 allows local users to gain privileges via a long pathname on the command line. oval:org.secpod.oval:def:16361 Stack-based buffer overflow in Mozilla Updater in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 allows local users to gain privileges via a long pathname on the command line to the Mozilla Maintenance Service. oval:org.secpod.oval:def:16366 Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Updater in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 on Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012 allow local user ... oval:org.secpod.oval:def:16372 Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG found that the HTML5 Tree Builder does not properly store state when interacting with template elements. Because some stack information is incorrectly stored, the template insertion mode stack can be used when it is emp ... oval:org.secpod.oval:def:16375 Mozilla developer Masayuki Nakano discovered that the NativeKey widget continues handling key messages even when it is destroyed by dispatched event listeners. This could result in some key events being applied to other objects or plugins if the widget memory is reallocated to them, leading to a n ... oval:org.secpod.oval:def:16376 Security researcher Scott Bell used the Address Sanitizer tool to discover a use-after-free when using a lt;selectgt; element in a form after it has been destroyed. This could lead to a potentially exploitable crash. oval:org.secpod.oval:def:16378 Security researcher Seb Patane reported that the Mozilla Updater does not write-lock the MAR update file when it is in use by the Updater. This leaves open the possibility of altering the contents of the MAR file after the signature on the file has been verified as valid but before it has been used ... oval:org.secpod.oval:def:16380 Software developer Dan Gohman of Google reported uninitialized data and variables in the IonMonkey Javascript engine when running the engine in Valgrind mode. This could be combined with additional exploits to allow the reading and use of previously allocated memory in some circumstances. oval:org.secpod.oval:def:16387 Security researcher Nils reported a potentially exploitable use-after-free in an early test version of Firefox 25. Mozilla developer Bobby Holley found that the cause was an older garbage collection bug that a more recent change made easier to trigger. oval:org.secpod.oval:def:16389 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. oval:org.secpod.oval:def:16390 The nsHtml5TreeBuilder::resetTheInsertionMode function in the HTML5 Tree Builder in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 does not properly maintain the state of the insertion-mode stack for template elements, which allows remote attackers to execute arbitra ... oval:org.secpod.oval:def:16393 The NativeKey widget in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 processes key messages after destruction by a dispatched event listener, which allows remote attackers to cause a denial of service (application crash) by leveraging incorrect event usage after wi ... oval:org.secpod.oval:def:16394 Use-after-free vulnerability in the mozilla::dom::HTMLFormElement::IsDefaultSubmitElement function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors in ... oval:org.secpod.oval:def:16396 Mozilla Updater in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 does not ensure exclusive access to a MAR file, which allows local users to gain privileges by creating a Trojan horse file after MAR ... oval:org.secpod.oval:def:16398 The IonMonkey JavaScript engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21, when Valgrind mode is used, does not properly initialize memory, which makes it easier for remote attackers to obtain sensitive information via unspecified vectors. oval:org.secpod.oval:def:16406 Use-after-free vulnerability in the JS_GetGlobalForScopeChain function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code by leveraging incorrect garbage collection in situations involving default compartments and fram ... oval:org.secpod.oval:def:16833 Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in a (1) OBJECT or (2) EMBED ... oval:org.secpod.oval:def:16836 The host is missing a security update according to Mozilla advisory, MFSA 2013-103. The update is required to fix denial of service vulnerability. A flaw is present in the application, which fails to handle a crafted X.509 certificate. Successful exploitation allows attackers to cause an application ... oval:org.secpod.oval:def:17301 Security researcher Ash reported an issue where the extracted files for updates to existing files are not read only during the update process. This allows for the potential replacement or modification of these files during the update process if a malicious application is present on the local system ... oval:org.secpod.oval:def:17319 Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 might allow local users to gain privileges by modifying the extracted Mar contents during an update. oval:org.secpod.oval:def:500207 Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled malformed JPEG images. An HTML mail message containing a malicious JPEG image could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user runnin ... oval:org.secpod.oval:def:1769 The host is installed with Mozilla Firefox before 3.6.18 or 4.x through 4.0.1 or Thunderbird before 3.1.11 and is prone to CRLF injection vulnerability. A flaw is present in the applications which fail to properly handle a string containing a \n (newline) character. Successful exploitation allows re ... oval:org.secpod.oval:def:1503476 An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ... oval:org.secpod.oval:def:500261 Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled malformed JPEG images. An HTML mail message containing a malicious JPEG image could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user runnin ... oval:org.secpod.oval:def:1770 The host is installed with Mozilla Firefox before 3.6.18 or 4.x through 4.0.1 or Thunderbird before 3.1.11 or Seamonkey before 2.2 and is prone to memory corruption vulnerability. A flaw is present in the applications which fail to properly handle multipart/x-mixed-replace images. Successful exploit ... oval:org.secpod.oval:def:1771 The host is installed with Mozilla Firefox before 3.6.18 or before 5.0 or Thunderbird before 3.1.11 or Seamonkey before 2.2 and is prone to multiple unspecified vulnerabilities. The flaws are present in the application which fails to properly handle memory. Successful exploitation allows remote atta ... oval:org.secpod.oval:def:1772 The host is installed with Mozilla Firefox before 5.0 or before 3.6.18 or Thunderbird through 3.1.11 or Seamonkey before 2.2 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications which fail to properly handle memory. Successful exploitation allows remote att ... oval:org.secpod.oval:def:1773 The host is installed with Mozilla Firefox before 3.6.18 or 4.x through 4.0.1 or Thunderbird before 3.1.11 or Seamonkey before 2.2 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications which fail to properly handle memory. Successful exploitation allows remo ... oval:org.secpod.oval:def:1774 The host is installed with Mozilla Firefox before 3.6.18 or 4.x through 4.0.1 or Thunderbird before 3.1.11 or Seamonkey before 2.2 and is prone to use-after-free vulnerability. A flaw is present in the applications which fails to properly handle memory when JavaScript is disabled. Successful exploit ... oval:org.secpod.oval:def:1775 The host is installed with Mozilla Firefox before 3.6.18 or 4.x through 4.0.1 or Thunderbird before 3.1.11 or Seamonkey before 2.2 and is prone to integer overflow vulnerability. A flaw is present in the applications which fails to validate the length of a JavaScript Array object. Successful exploit ... oval:org.secpod.oval:def:1780 The host is installed with Mozilla Firefox 3.6.x before 3.6.18 or Thunderbird before 3.1.11 or and is prone to unspecified vulnerability. A flaw is present in the applications which fails to properly handle memory. Successful exploitation allows remote attacker to execute arbitrary code. oval:org.secpod.oval:def:1781 The host is installed with Mozilla Firefox 3.6.18 or before 5.0 or Thunderbird before 3.1.11 and is prone to unspecified vulnerability. A flaw is present in the applications which fails to properly handle memory. Successful exploitation allows remote attacker to execute arbitrary code. oval:org.secpod.oval:def:1782 The host is installed with Mozilla Firefox before 3.6.18 or Thunderbird before 3.1.11 and is prone to use-after-free vulnerability. A flaw is present in the applications which fails to properly handle user-supplied callback. Successful exploitation allows remote attacker to execute arbitrary code an ... oval:org.secpod.oval:def:1783 The host is installed with Mozilla Firefox before 3.6.18 or Thunderbird before 3.1.11 and is prone to information-disclosure vulnerability. A flaw is present in the applications which fails to properly distinguish between cookies for two domain names that differ only in a trailing dot. Successful ex ... oval:org.secpod.oval:def:1784 The host is installed with Mozilla Firefox before 3.6.18 or Thunderbird before 3.1.11 and is prone to use-after-free vulnerability. A flaw is present in the applications which fails to properly handle XUL document. Successful exploitation allows remote attacker to execute arbitrary code. oval:org.secpod.oval:def:1785 The host is installed with Mozilla Firefox before 3.6.18 or Thunderbird before 3.1.11 and is prone to use-after-free vulnerability. A flaw is present in the applications which fails to properly handle user-supplied callback. Successful exploitation allows remote attacker to execute arbitrary code an ... oval:org.secpod.oval:def:2316 The host is installed with Mozilla Firefox 4 or 5 or Thunderbird before 6 or SeaMonkey 2.x before 2.3 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to validate user supplied input. Successful exploitation could allow attackers to crash the servi ... oval:org.secpod.oval:def:2317 The host is installed with Mozilla Firefox 4 or 5 or Thunderbird before 6 or SeaMonkey 2.x before 2.3 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to implement javascript properly. Successful exploitation could allow attackers to crash the serv ... oval:org.secpod.oval:def:2319 The host is installed with Mozilla Firefox 4 or 5 or Thunderbird before 6 or SeaMonkey 2.x before 2.3 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to implement WebGL properly. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:2320 The host is installed with Mozilla Firefox 4 or 5 or Thunderbird before 6 or SeaMonkey 2.x before 2.3 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to prevent a buffer overflow in an unspecified string class in the WebGL shader implementation. S ... oval:org.secpod.oval:def:2321 The host is installed with Mozilla Firefox 4 or 5 or Thunderbird before 6 or SeaMonkey 2.x before 2.3 and is prone to a heap based buffer overflow vulnerability. A flaw is present in the applications, which fail to sanitize user supplied input. Successful exploitation could allow attackers to execut ... oval:org.secpod.oval:def:2322 The host is installed with Mozilla Firefox 4 or 5 or Thunderbird before 6 or SeaMonkey 2.x before 2.3 and is prone to multiple unspecified vulnerabilities. The flaw are present in the applications, which fail to handle memory safety issues. Successful exploitation could allow remote attackers to exe ... oval:org.secpod.oval:def:2323 The host is installed with Mozilla Firefox before 3.6.20 or Thunderbird 3.x before 3.1.12 and is prone to a privilege escalation vulnerability. The flaws are present in the applications, which allow remote attackers to gain chrome privileges by establishing a content area and registering for drop ev ... oval:org.secpod.oval:def:2324 The host is installed with Mozilla Firefox before 3.6.20 or Thunderbird 2.x and 3.x before 3.1.12 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to handle RegExp.input property and allows remote attackers to bypass the Same Origin Policy and read d ... oval:org.secpod.oval:def:2325 The host is installed with Mozilla Firefox before 3.6.20 or Thunderbird 2.x or 3.x before 3.1.12 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to sanitize user supplied input. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:1503172 An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ... oval:org.secpod.oval:def:500139 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found ... oval:org.secpod.oval:def:500235 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A dangling pointe ... oval:org.secpod.oval:def:2326 The host is installed with Mozilla Firefox before 3.6.20 or Thunderbird 3.x before 3.1.12 and is prone to a security bypass vulnerability. A flaw is present in the applications, which do not properly select the context for script to run. Successful exploitation could allow attackers to bypass securi ... oval:org.secpod.oval:def:2327 The host is installed with Mozilla Firefox before 3.6.20 or Thunderbird 3.x before 3.1.12 and is prone to an untrusted search path vulnerability. A flaw is present in the applications, which allow local users to gain privileges by leveraging write access in an unspecified directory to place a Trojan ... oval:org.secpod.oval:def:2328 The host is installed with Mozilla Firefox before 3.6.20 or Thunderbird 3.x before 3.1.12 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to handle DOM objects. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:2329 The host is installed with Mozilla Firefox before 3.6.20 or 4 or 5 orThunderbird before 6 or SeaMonkey 2.x before 2.3 and is prone to a remote code execution vulnerability. A flaw is present in the applications, which fail to handle SVG text. Successful exploitation could allow attackers to execute ... oval:org.secpod.oval:def:2702 The host is installed with Mozilla Firefox before 7.0, Thunderbird before 7.0 or SeaMonkey before 2.4, Apple Safari before 5.1.1 or Apple iTunes before 10.5 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fails to handle a crafted javascript code. Succ ... oval:org.secpod.oval:def:2703 The host is installed with Mozilla Firefox 4.x through 6, Thunderbird before 7.0 or SeaMonkey before 2.4 and is prone to a use-after-free vulnerability. The flaw is present in the applications, which fail to handle crafted OCG headers. Successful exploitation could allow attackers to crash the servi ... oval:org.secpod.oval:def:2707 The host is installed with Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to prevent manual add-on installation in response to the holding of the Enter key. Successfu ... oval:org.secpod.oval:def:2708 The host is installed with Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 and is prone to a HTTP response splitting vulnerability. A flaw is present in the applications, which fail to handle HTTP responses that contain multiple Location, Content-Len ... oval:org.secpod.oval:def:2709 The host is installed with Mozilla Firefox before 3.6.23 or 4.x through 5, Thunderbird before 6.0 or SeaMonkey before 2.3 and is prone to a same origin policy bypass vulnerability. A flaw is present in the applications, which fail to handle "location" as the name of a frame. Successful exploitation ... oval:org.secpod.oval:def:500055 Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled frame objects with certain names. An attacker could use this flaw to cause a plug-in to grant its content access to another site or the local file system, violating the same-origin policy. ... oval:org.secpod.oval:def:1503176 An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ... oval:org.secpod.oval:def:500113 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thun ... oval:org.secpod.oval:def:2713 The host is installed with Mozilla Firefox before 3.6.23 or 4.x through 6 or Thunderbird before 7.0 or SeaMonkey before 2.4 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to prevent user assisted remote attackers from bypassing security restriction ... oval:org.secpod.oval:def:3202 The host is installed with Mozilla Firefox before 3.6.24 or Thunderbird before 3.1.6 and is prone to privilege escalation vulnerability. A flaw is present in the applications, which fail to properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on. Successful exploitati ... oval:org.secpod.oval:def:1503374 An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ... oval:org.secpod.oval:def:3203 The host is installed with Mozilla Firefox before 3.6.24 or 4.x through 7.0 or Thunderbird before 3.1.6 or 5.0 through 7.0 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which fail to handle Shift-JIS encodings. Successful exploitation allows remote ... oval:org.secpod.oval:def:500051 Mozilla Thunderbird is a standalone mail and newsgroup client. A cross-site scripting flaw was found in the way Thunderbird handled certain multibyte character sets. Malicious, remote content could cause Thunderbird to run JavaScript code with the permissions of different remote content. Note: Thi ... oval:org.secpod.oval:def:500266 Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled certain add-ons. Malicious, remote content could cause an add-on to elevate its privileges, which could lead to arbitrary code execution with the privileges of the user running Thunderbird. ... oval:org.secpod.oval:def:3204 The host is installed with Mozilla Firefox before 3.6.24 or 4.x through 7.0 or Thunderbird before 3.1.6 or 5.0 through 7.0 and is prone to denial of service vulnerability. A flaw is present in the applications, which fail to properly handle JavaScript files that contain many functions. Successful ex ... oval:org.secpod.oval:def:3205 The host is installed with Mozilla Firefox 7.0 or Thunderbird 7.0 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle memory. Successful exploitation allows remote attackers to cause a denial of service (memory corruption and ... oval:org.secpod.oval:def:3206 The host is installed with Mozilla Firefox before 8.0 or Thunderbird before 8.0 and is prone to memory corruption vulnerability. A flaw is present in the applications, which fail to properly allocate memory. Successful exploitation allows remote attackers to cause a denial of service or possibly exe ... oval:org.secpod.oval:def:3207 The host is installed with Mozilla Firefox before 8.0 or Thunderbird before 8.0 and is prone to denial of service vulnerability. A flaw is present in the applications, which fail to properly handle links from SVG mpath elements to non-SVG elements. Successful exploitation allows remote attackers to ... oval:org.secpod.oval:def:3208 The host is installed with Mozilla Firefox 4.x through 7.0 or Thunderbird 5.0 through 7.0 and is prone to elevation of privilege vulnerability. A flaw is present in the applications, which perform access control without checking for use of the NoWaiverWrapper wrapper. Successful exploitation allows ... oval:org.secpod.oval:def:3209 The host is installed with Mozilla Firefox before 8.0 or Thunderbird before 8.0 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to properly interact with the GPU memory behavior of a certain driver for Intel integrated GPUs. Successful exploitation al ... oval:org.secpod.oval:def:3662 The host is installed with Mozilla Firefox 4.x through 8.0 or Thunderbird 5.0 through 8.0 or SeaMonkey before 2.6 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle memory safety issues. Successful exploitation could allow remote att ... oval:org.secpod.oval:def:3663 The host is installed with Mozilla Firefox 4.x through 8.0 or Thunderbird 5.0 through 8.0 or SeaMonkey before 2.6 and is prone to multiple denial of service vulnerabilities. The flaws are present in the applications, which fail to handle YARR regular expression library that could be triggered by jav ... oval:org.secpod.oval:def:3664 The host is installed with Mozilla Firefox 4.x through 8.0 or Thunderbird 5.0 through 8.0 or SeaMonkey before 2.6 and is prone to multiple information disclosure vulnerabilities. The flaws are present in the applications, which fail to handle SVG animation accessKey events. Successful exploitation c ... oval:org.secpod.oval:def:3665 The host is installed with Mozilla Firefox 4.x through 8.0 or Thunderbird 5.0 through 8.0 or SeaMonkey before 2.6 and is prone to multiple denial of service vulnerabilities. The flaws are present in the applications, which fail to handle scaling of an OGG <video> element to extreme sizes. Successful ... oval:org.secpod.oval:def:3666 The host is installed with Mozilla Firefox 8.0 or Thunderbird 8.0 or SeaMonkey 2.5 and is prone to multiple denial of service vulnerabilities. The flaws are present in the applications, which fail to handle DOMAttrModified event handler. Successful exploitation could allow remote attackers to execut ... oval:org.secpod.oval:def:3667 The host is installed with Mozilla Firefox before 3.6.25 or Thunderbird before 3.1.17 and is prone to multiple information disclosure vulnerabilities. The flaws are present in the applications, which fail to handle a crafted .jar files. Successful exploitation could allow remote attackers to execute ... oval:org.secpod.oval:def:3668 The host is installed with Mozilla Firefox before 9.0 or Thunderbird before 9.0 or SeaMonkey before 2.6 and is prone to multiple denial of service vulnerabilities. The flaws are present in the applications, which fail to handle DOM frame deletions by plugins. Successful exploitation could allow remo ... oval:org.secpod.oval:def:500042 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Note: JavaScript ... oval:org.secpod.oval:def:38572 The host is installed with Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8 or Mozilla SeaMonkey before 2.0.12 and is prone to a denial of service vulnerability. A flaw is present in the applications which fails to properly handle unknown vectors. Successful exploitati ... oval:org.secpod.oval:def:38573 The host is missing a critical security update according to Mozilla advisory, MFSA2011-01. A flaw is present in the applications which fails to properly handle unknown vectors. Successful exploitation allow remote attackers to cause a denial of service (memory corruption and application crash) or po ... oval:org.secpod.oval:def:38586 The host is installed with Mozilla Firefox 3.6.x before 3.6.14, Mozilla SeaMonkey 2.0.12 or Mozilla Thunderbird before 3.1.8 and is prone to a buffer overflow vulnerability. A flaw is present in the applications which fails to properly handle crafted JPEG image. Successful exploitation allow remote ... oval:org.secpod.oval:def:38587 The host is missing a critical security update according to Mozilla advisory, MFSA2011-09. A flaw is present in the applications which fails to properly handle crafted JPEG image. Successful exploitation allow remote attackers to execute arbitrary code or cause a denial of service (application crash ... oval:org.secpod.oval:def:1503603 An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ... oval:org.secpod.oval:def:500133 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found ... oval:org.secpod.oval:def:38588 The host is installed with Mozilla Firefox 3.6.x before 3.6.14, Thunderbird before 3.1.8 or SeaMonkey before 2.0.12 and is prone to a denial of service vulnerability. A flaw is present in the applications which fails to properly handle unknown vectors. Successful exploitation allow remote attackers ... oval:org.secpod.oval:def:41112 Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable c ... oval:org.secpod.oval:def:41113 Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. oval:org.secpod.oval:def:41114 Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free vulnerability during video control operations when a 'track' element holds a reference to an older window if that window has been replaced in the DOM. This results in a potentially exploitable crash. oval:org.secpod.oval:def:41115 Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. oval:org.secpod.oval:def:41116 Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require sp ... oval:org.secpod.oval:def:41117 Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- An out-of-bounds read in WebGL with a maliciously crafted ImageInfo object during WebGL operations. oval:org.secpod.oval:def:41118 Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially exploitable crash. oval:org.secpod.oval:def:41119 Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. This results in a potentially exploitable crash. oval:org.secpod.oval:def:41120 Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1. ... oval:org.secpod.oval:def:41121 Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use. oval:org.secpod.oval:def:41123 Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- Characters from the "Canadian Syllabics" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw "punycode" form, allowing for domain name spoofing ... oval:org.secpod.oval:def:41125 Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- Mozilla developers and community members Tyson Smith, Mats Palmgren, Philipp, Masayuki Nakano, Christian Holler, Andrew McCreight, Gary Kwong, Andre Bargull, Carsten Book, Jesse Schwartzentruber, Julian Hector, Marcia ... oval:org.secpod.oval:def:41126 Mozilla Firefox before 54.0, Firefox ESR before 52.2 or Thunderbird before 52.2 :- Default fonts on OS X display some Tibetan characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. oval:org.secpod.oval:def:41129 The host is missing a critical security update according to Mozilla advisory, MFSA2017-17. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ... oval:org.secpod.oval:def:4166 The host is missing a critical security update according to MFSA 2012-10. A flaw is present in the applications, which fail to properly handle nsXBLDocumentInfo::ReadPrototypeBindings function call. Successful exploitation allows remote attackers to cause arbitrary code to be executed on the target ... oval:org.secpod.oval:def:4165 The host is installed with Mozilla Firefox 10.x before 10.0.1 or Thunderbird before 10.0.1 or SeaMonkey before 2.7.1 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle nsXBLDocumentInfo::ReadPrototypeBindings function call. Successful e ... oval:org.secpod.oval:def:4457 The host is installed with Mozilla Firefox before 3.6.26 or 4.x before 10, Thunderbird before 3.1.18 or 5.0 before 10.0, or SeaMonkey before 2.7 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle a malformed XSLT stylesheet that is embedde ... oval:org.secpod.oval:def:4458 The host is missing a critical security update according to Adobe advisory, MFSA 2012-08. The update is required to fix a memory corruption vulnerability. A flaw is present in the applications, which fail to handle a malformed XSLT stylesheet that is embedded in a document. Successful exploitation c ... oval:org.secpod.oval:def:4460 The host is missing a critical security update according to Adobe advisory, MFSA 2012-06. The update is required to fix an information disclosure vulnerability. A flaw is present in the applications, which fail to properly initialize data for image/vnd.microsoft.icon images. Successful exploitation ... oval:org.secpod.oval:def:4459 The host is installed with Mozilla Firefox 4.x before 10.0, Thunderbird 5.0 before 10.0, or SeaMonkey before 2.7 and is prone to information disclosure vulnerability. A flaw is present in the applications, which fail to properly initialize data for image/vnd.microsoft.icon images. Successful exploit ... oval:org.secpod.oval:def:4461 The host is installed with Mozilla Firefox 4.x before 10, Thunderbird 5.0 before 10, or SeaMonkey before 2.7 and is prone to multiple cross site scripting vulnerabilities. The flaws are present in the applications, which fail to properly enforce XPConnect security restrictions for frame scripts that ... oval:org.secpod.oval:def:4462 The host is missing a critical security update according to Mozilla advisory, MFSA 2012-05. The update is required to fix multiple cross site scripting vulnerabilities. The flaws are present in the applications, which fail to properly enforce XPConnect security restrictions for frame scripts that ca ... oval:org.secpod.oval:def:4463 The host is installed with Mozilla Firefox 4.x before 10.0, Thunderbird 5.0 before 10, or SeaMonkey before 2.7 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to handle a form submission target with a sub-frame's name attribute. Successful exploitat ... oval:org.secpod.oval:def:4464 The host is missing a critical security update according to Mozilla advisory, MFSA 2012-03. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to handle a form submission target with a sub-frame's name attribute. Successful exploitation c ... oval:org.secpod.oval:def:4465 The host is installed with Mozilla Firefox before 3.6.26, 4.x before 10.0, Thunderbird before 3.1.18, 5.0 before 10.0, or SeaMonkey before 2.7 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle a crafted Ogg Vorbis file. Successful exploita ... oval:org.secpod.oval:def:4466 The host is missing a critical security update according to Mozilla advisory, MFSA 2012-07. The update is required to fix a memory corruption vulnerability. A flaw is present in the applications, which fail to handle a crafted Ogg Vorbis file. Successful exploitation could allow attackers to execute ... oval:org.secpod.oval:def:4467 The host is installed with Mozilla Firefox 4.x before 10.0, Thunderbird 5.0 before 10.0, or SeaMonkey before 2.7 and is prone to a multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to e ... oval:org.secpod.oval:def:4468 The host is missing a critical security update according to Mozilla advisory, MFSA 2012-01. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to execute ar ... oval:org.secpod.oval:def:4469 The host is installed with Mozilla Firefox before 3.6.26 or 4.x before 10.0, Thunderbird before 3.1.18 or 5.0 before 10.0, or SeaMonkey before 2.7 and is prone to a multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful explo ... oval:org.secpod.oval:def:4470 The host is installed with Mozilla Firefox before 3.6.26 or 4.x before 7.0, Thunderbird before 3.1.18 or 5.0 before 7.0, or SeaMonkey before 2.4 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to handle XMLHttpRequest calls through a proxy. ... oval:org.secpod.oval:def:4471 The host is missing a critical security update according to Mozilla advisory, MFSA 2012-02. The update is required to fix an information disclosure vulnerability. A flaw is present in the applications, which fail to handle XMLHttpRequest calls through a proxy. Successful exploitation could allow att ... oval:org.secpod.oval:def:500710 Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the processing of malformed content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ma ... oval:org.secpod.oval:def:1503737 An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ... oval:org.secpod.oval:def:4472 The host is installed with Mozilla Firefox before 3.6.26 or 4.x before 10.0, Thunderbird before 3.1.18, 5.0 before 10.0, or SeaMonkey before 2.7 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related to incorrect AttributeChildRem ... oval:org.secpod.oval:def:4473 The host is missing a critical security update according to Mozilla advisory, MFSA 2012-04. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related to incorrect AttributeChildRemoved notifications. Successful exploita ... oval:org.secpod.oval:def:500756 Mozilla Thunderbird is a standalone mail and newsgroup client. A use-after-free flaw was found in the way Thunderbird removed nsDOMAttribute child nodes. In certain circumstances, due to the premature notification of AttributeChildRemoved, a malicious script could possibly use this flaw to cause Thu ... oval:org.secpod.oval:def:4926 The host is installed with Mozilla Firefox before 3.6.28, 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20, 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to an use-after-free vulnerability. A flaw is present in the applications, ... oval:org.secpod.oval:def:4927 The host is installed with Mozilla Firefox before 3.6.28, 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20, 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a denial of service vulnerability. A flaw is present in the application ... oval:org.secpod.oval:def:4930 The host is missing a critical security update according to Mozilla advisory, MFSA2012-19. The update is required to fix an multiple memory corruption vulnerabilities. The flaws are present in the applications, which fail to sanitize user supplied input. Successful exploitation could allow attackers ... oval:org.secpod.oval:def:4931 The host is installed with Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to handle a crafte ... oval:org.secpod.oval:def:4932 The host is missing a critical security update according to Mozilla advisory, MFSA2012-17. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to handle a crafted web page. Successful exploitation could allow attackers to crash the service ... oval:org.secpod.oval:def:4933 The host is installed with Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to handle dynami ... oval:org.secpod.oval:def:4934 The host is missing a critical security update according to Mozilla advisory, MFSA2012-17. The update is required to fix a denial of service vulnerability. A flaw is present in the applications, which fail to handle dynamic modification of a keyframe followed by access to the cssText of the keyframe ... oval:org.secpod.oval:def:1503761 An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity rating ... oval:org.secpod.oval:def:4935 The host is installed with Mozilla Firefox before 3.6.28, 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20, 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a privilege escalation vulnerability. A flaw is present in the applicat ... oval:org.secpod.oval:def:4936 The host is missing a critical security update according to Mozilla advisory, MFSA2012-16. The update is required to fix a privilege escalation vulnerability. A flaw is present in the applications, which fail to properly restrict setting the home page through the dragging of a URL to the home button ... oval:org.secpod.oval:def:500767 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Two flaws were found in the ... oval:org.secpod.oval:def:4937 The host is installed with Mozilla Firefox before 3.6.28, 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20, 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a use after free vulnerability. A flaw is present in the applications, ... oval:org.secpod.oval:def:4938 The host is installed with Mozilla Firefox before 3.6.28, 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20, 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to an information disclosure vulnerability. A flaw is present in the appli ... oval:org.secpod.oval:def:4939 The host is missing a critical security update according to Mozilla advisory, MFSA2012-14. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to properly sanitize user supplied input. Successful exploitation could allow attackers to obtain s ... oval:org.secpod.oval:def:4940 The host is installed with Mozilla Firefox before 3.6.28, 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20, 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a cross site scripting vulnerability. A flaw is present in the applicat ... oval:org.secpod.oval:def:4941 The host is missing a moderate security update according to Mozilla advisory, MFSA2012-13. The update is required to fix a cross site scripting vulnerability. A flaw is present in the applications, which fail to properly restrict drag-and-drop operations on javascript: URLs. Successful exploitation ... oval:org.secpod.oval:def:4942 The host is installed with Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a CRLF injection vulnerability. A flaw is present in the applications, which fail to handle crafted H ... oval:org.secpod.oval:def:4943 The host is missing a moderate security update according to Mozilla advisory, MFSA2012-15. The update is required to fix a CRLF injection vulnerability. A flaw is present in the applications, which fail to handle crafted HTTP headers. Successful exploitation could allow attackers to bypass intended ... oval:org.secpod.oval:def:5485 The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle ... oval:org.secpod.oval:def:5486 The host is installed with Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, or SeaMonkey before 2.9 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle vectors related to jsval.h and the js::array_shift function. Succes ... oval:org.secpod.oval:def:5484 The host is missing a critical security update according to Mozilla advisory, MFSA2012-20. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle the browser engine. Successful exploitation could allow attackers to execute ... oval:org.secpod.oval:def:5487 The host is missing a critical security update according to Mozilla advisory, MFSA2012-22. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related to crafted IndexedDB data. Successful exploitation could allow attackers ... oval:org.secpod.oval:def:5488 The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors rel ... oval:org.secpod.oval:def:5490 The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle ... oval:org.secpod.oval:def:5489 The host is missing a critical security update according to Mozilla advisory, MFSA2012-23. The update is required to fix heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle the nsSVGFEDiffuseLightingElement::LightPixel function. Successful exploitati ... oval:org.secpod.oval:def:5492 The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle multi ... oval:org.secpod.oval:def:5491 The host is missing a critical security update according to Mozilla advisory, MFSA2012-24. The update is required to fix cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle multibyte character set. Successful exploitation could allow attackers to inject ar ... oval:org.secpod.oval:def:5494 The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to information disclosure vulnerability. A flaw is present in the applications, which fail to handle the ... oval:org.secpod.oval:def:5493 The host is missing a critical security update according to Mozilla advisory, MFSA2012-26. The update is required to fix information disclosure vulnerability. A flaw is present in the applications, which fail to handle the WebGLBuffer::FindMaxUshortElement function. Successful exploitation could all ... oval:org.secpod.oval:def:5496 The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle the d ... oval:org.secpod.oval:def:5495 The host is missing a critical security update according to Mozilla advisory, MFSA2012-27. The update is required to fix cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle the docshell implementation. Successful exploitation could allow attackers to injec ... oval:org.secpod.oval:def:5498 The host is installed with Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, or SeaMonkey before 2.9 and is prone to origin bypass vulnerability. A flaw is present in the applications, which fail to properly construct the Origin and Sec-WebSocket-Origin HTTP headers. Successful exploit ... oval:org.secpod.oval:def:5497 The host is missing a critical security update according to Mozilla advisory, MFSA2012-28. The update is required to fix origin bypass vulnerability. A flaw is present in the applications, which fail to properly construct the Origin and Sec-WebSocket-Origin HTTP headers. Successful exploitation coul ... oval:org.secpod.oval:def:5499 The host is missing a moderate security update according to Mozilla advisory, MFSA2012-29. The update is required to fix multiple cross-site scripting vulnerabilities. The flaws are present in the applications, which fail to handle the decoding of ISO-2022-KR and ISO-2022-CN character sets. Successf ... oval:org.secpod.oval:def:5500 The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to cross-site scripting vulnerabilities. The flaws are present in the applications, which fail to handle ... oval:org.secpod.oval:def:5502 The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to remote code execution vulnerability. A flaw is present in the applications, which fail to handle the ... oval:org.secpod.oval:def:5501 The host is missing a critical security update according to Mozilla advisory, MFSA2012-30. The update is required to fix remote code execution vulnerability. A flaw is present in the applications, which fail to handle the texImage2D implementation. Successful exploitation could allow attackers to ex ... oval:org.secpod.oval:def:5504 The host is installed with Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, or SeaMonkey before 2.9 and is prone to address bar spoofing vulnerability. A flaw is present in the applications, which fail to properly loa ... oval:org.secpod.oval:def:5503 The host is missing a high security update according to Mozilla advisory, MFSA2012-33. The update is required to fix address bar spoofing vulnerability. A flaw is present in the applications, which fail to properly load RSS and Atom feed content. Successful exploitation could allow attackers to spoo ... oval:org.secpod.oval:def:55484 The host is missing a high security update according to Mozilla advisory, MFSA2019-17. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to crash the service. oval:org.secpod.oval:def:55485 Mozilla Thunderbird 60.7.1: A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing certain email messages, resulting in a potentially exploitable crash. oval:org.secpod.oval:def:55486 Mozilla Thunderbird 60.7.1: A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in icalmemory_strdup_and_dequote when processing certain email messages, resulting in a potentially exploitable crash. oval:org.secpod.oval:def:55487 Mozilla Thunderbird 60.7.1: A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in icalrecur_add_bydayrules when processing certain email messages, resulting in a potentially exploitable crash. oval:org.secpod.oval:def:55488 Mozilla Thunderbird 60.7.1: A flaw in Thunderbird's implementation of iCal causes a type confusion in icaltimezone_get_vtimezone_properties when processing certain email messages, resulting in a crash. oval:org.secpod.oval:def:5647 The host is installed with Mozilla Firefox before 3.5.12 or 3.6.x before 3.6.9 or Thunderbird before 3.0.7 or 3.1.x before 3.1.3 or SeaMonkey before 2.0.7 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to handle a specially crafted font in a data ... oval:org.secpod.oval:def:500806 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Note: CVE-2011-3101 only af ... oval:org.secpod.oval:def:6122 The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to denial of service vulnerability. A flaw is present in the applications, which fail to properly mitig ... oval:org.secpod.oval:def:6121 The host is missing a critical security update according to Mozilla advisory, MFSA2012-34. The update is required to fix memory corruption vulnerability. A flaw is present in the applications, which fail to handle the browser engine. Successful exploitation could allow attackers to run arbitrary cod ... oval:org.secpod.oval:def:6123 The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handl ... oval:org.secpod.oval:def:6124 The host is installed with Mozilla Firefox before 13.0, Thunderbird before 13.0, SeaMonkey before 2.10 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle methodjit/ImmutableSync.cpp and js/src/jsarray.cpp files. Successful exploitati ... oval:org.secpod.oval:def:1503850 An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity rating ... oval:org.secpod.oval:def:6125 The host is installed with Mozilla Firefox ESR 10.x before 10.0.5, Thunderbird ESR 10.x before 10.0.5 and is prone to denial of service vulnerability. A flaw is present in the applications, which fail to handle a crafted JavaScript code. Successful exploitation could allow attackers to cause memory ... oval:org.secpod.oval:def:6127 The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle the ... oval:org.secpod.oval:def:6126 The host is missing a high security update according to Mozilla advisory, MFSA2012-36. The update is required to fix cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle the Content Security Policy implementation. Successful exploitation could allow remote ... oval:org.secpod.oval:def:6129 The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to information disclosure vulnerability. A flaw is present in the applications, which fail to handle Wi ... oval:org.secpod.oval:def:6128 The host is missing a high security update according to Mozilla advisory, MFSA2012-37. The update is required to fix information disclosure vulnerability. A flaw is present in the applications, which fail to handle Windows file shares and shortcut files. Successful exploitation could allow local use ... oval:org.secpod.oval:def:6131 The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly document ... oval:org.secpod.oval:def:6130 The host is missing a critical security update according to Mozilla advisory, MFSA2012-38. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to properly document changes involving replacement or insertion of a node. Successful exploitation ... oval:org.secpod.oval:def:6133 The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to denial of service vulnerability. A flaw is present in the applications, which fail to handle the ASN ... oval:org.secpod.oval:def:6132 The host is missing a moderate security update according to Mozilla advisory, MFSA2012-38. The update is required to fix denial of service vulnerability. A flaw is present in the applications, which fail to handle the ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services. Succes ... oval:org.secpod.oval:def:6135 The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle nsFrameLis ... oval:org.secpod.oval:def:6136 The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handl ... oval:org.secpod.oval:def:6134 The host is missing a critical security update according to Mozilla advisory, MFSA2012-40. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle nsFrameList and nsHTMLReflowState functions. Successful exploitation could allow attacker ... oval:org.secpod.oval:def:6137 The host is installed with Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, or SeaMonkey before 2.10 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handl ... oval:org.secpod.oval:def:6168 The host is installed with Mozilla Firefox 4.x through 8.0 or Thunderbird 5.0 through 8.0 or SeaMonkey before 2.6 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle nsHTMLSelectElement when the parent node of the element is no longer active. Suc ... oval:org.secpod.oval:def:6167 The host is missing a critical security update according to Mozilla advisory, MFSA 2012-41. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle nsHTMLSelectElement when the parent node of the element is no longer active. Successful ... oval:org.secpod.oval:def:63627 The host is missing a high severity security update according to Mozilla advisory, MFSA2020-22. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle multiple vectors. Successful exploitation can cause multiple impacts. oval:org.secpod.oval:def:63628 Mozilla Thunderbird 68.9.0 : If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection. oval:org.secpod.oval:def:6473 The host is missing a critical security update according to Mozilla advisory, MFSA2012-56. The update is required to fix an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to handle a crafted javascript: URL. Successful exploitation could allow attackers to ... oval:org.secpod.oval:def:6455 The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to hand ... oval:org.secpod.oval:def:6474 The host is missing a security update according to Mozilla advisory, MFSA2012-46. The update is required to fix a cross site scripting vulnerability. A flaw is present in the application, which fails to handle crafted data:URLs. Successful exploitation could allow attackers to execute arbitrary code ... oval:org.secpod.oval:def:6456 The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to handle crafted data:URLs. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:6476 The host is missing a security update according to Mozilla advisory, MFSA2012-55. The update is required to fix a clickjacking attack vulnerability. A flaw is present in the applications, which fail to handle a crafted IFRAME element. Successful exploitation could allow man-in-the-middle attackers t ... oval:org.secpod.oval:def:6458 The host is installed with Mozilla Firefox 4.x before 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 before 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.10 and is prone to a clickjacking attack vulnerability. A flaw is present in the applications, which fail to handle a cra ... oval:org.secpod.oval:def:6477 The host is missing a security update according to Mozilla advisory, MFSA2012-53. The update is required to fix an information disclosure vulnerability. A flaw is present in the applications, which fail to sanitize the blocked uri parameter. Successful exploitation could allow attackers to retrieve ... oval:org.secpod.oval:def:6459 The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to saniti ... oval:org.secpod.oval:def:1503759 An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity rating ... oval:org.secpod.oval:def:500849 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Malicious content could byp ... oval:org.secpod.oval:def:6460 The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors ... oval:org.secpod.oval:def:6478 The host is missing a security update according to Mozilla advisory, MFSA2012-52. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors involving strings with multiple dependencies. Successful exploitation could allow attac ... oval:org.secpod.oval:def:6461 The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to a clickjacking attack vulnerability. A flaw is present in the applications, which fail to handle a F ... oval:org.secpod.oval:def:6479 The host is missing a security update according to Mozilla advisory, MFSA2012-51. The update is required to fix a clickjacking attack vulnerability. A flaw is present in the applications, which fail to handle a FRAME element. Successful exploitation could allow attackers to conduct clickjacking atta ... oval:org.secpod.oval:def:6480 The host is missing a security update according to Mozilla advisory, MFSA2012-51. The update is required to fix an information disclosure vulnerability. A flaw is present in the applications, which fail to handle a crafted color profile. Successful exploitation could allow attackers to trigger an ou ... oval:org.secpod.oval:def:6462 The host is installed with Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, or SeaMonkey before 2.11 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to handle a crafted color profile. Successful exploitation could allow attack ... oval:org.secpod.oval:def:6481 The host is missing a security update according to Mozilla advisory, MFSA2012-49. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to handle crafted content. Successful exploitation could allow attackers to bypass intended XBL access re ... oval:org.secpod.oval:def:6463 The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to handle crafted ... oval:org.secpod.oval:def:6482 The host is missing a security update according to Mozilla advisory, MFSA2012-48. The update is required to fix a cross site scripting vulnerability. A flaw is present in the applications, which fail to properly handle EMBED elements within description elements in RSS feeds. Successful exploitation ... oval:org.secpod.oval:def:6465 The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to a cross site scripting vulnerability. A flaw is present in the applications, which fail to properly ... oval:org.secpod.oval:def:6484 The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to an address bar spoofing vulnerability. A flaw is present in the applications, which fail to properly ... oval:org.secpod.oval:def:6483 The host is missing a security update according to Mozilla advisory, MFSA2012-45. The update is required to fix an address bar spoofing vulnerability. A flaw is present in the applications, which fail to properly handle vectors involving history.forward and history.back calls. Successful exploitatio ... oval:org.secpod.oval:def:6485 The host is missing a security update according to Mozilla advisory, MFSA2012-45. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to properly handle crafted data. Successful exploitation could remote attackers to cause a denial of service ... oval:org.secpod.oval:def:6466 The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to properly handl ... oval:org.secpod.oval:def:6469 The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to prop ... oval:org.secpod.oval:def:6468 The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to prop ... oval:org.secpod.oval:def:6467 The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to multiple vulnerabilities. The flaws are present in the applications, which fail to properly handle v ... oval:org.secpod.oval:def:6487 The host is missing a security update according to Mozilla advisory, MFSA2012-42. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:6472 The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to multiple vulnerabilities. The flaws are present in the applications, which fail to handle crafted da ... oval:org.secpod.oval:def:6471 The host is installed with Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, or SeaMonkey before 2.11 and is prone to multiple vulnerabilities. The flaws are present in the applications, which fail to handle crafted data. Successful exploitation could allow attackers to execute arbitra ... oval:org.secpod.oval:def:6488 The host is missing a security update according to Mozilla advisory, MFSA2012-48. The update is required to fix an use after free vulnerability. A flaw is present in the applications, which fail to properly handle vectors related to focused content. Successful exploitation could allow attackers to e ... oval:org.secpod.oval:def:6464 The host is installed with Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, or SeaMonkey before 2.11 and is prone to an use after free vulnerability. A flaw is present in the applications, which fail to properly handl ... oval:org.secpod.oval:def:68017 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.5.1. Security Fix: * Mozilla: Stack overflow due to incorrect parsing of SMTP server response codes For more details about the security issue, including the impact, a CVSS score, acknowledg ... oval:org.secpod.oval:def:1504608 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504610 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:69587 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.7.0. Security Fix: * Mozilla: Cross-origin information leakage via redirected PDF requests * Mozilla: Type confusion when using logical assignment operators in JavaScript switch statements ... oval:org.secpod.oval:def:6864 The host is missing a security update according to Mozilla advisory, MFSA 2012-59. The update is required to fix a cross site scripting vulnerability. A flaw is present in the applications, which fails to use the Object.defineProperty method to shadow the location object. Successful exploitation cou ... oval:org.secpod.oval:def:6863 The host is installed with Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 and is prone to a cross site scripting vulnerability. A flaw is present in the applications, which fails to use the Object.defineProperty method to shadow the location object. Successful exploi ... oval:org.secpod.oval:def:6866 The host is installed with Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle vectors related to garbage collection. Successful exploitation could allow ... oval:org.secpod.oval:def:6865 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown ... oval:org.secpod.oval:def:6867 The host is missing a security update according to Mozilla advisory, MFSA 2012-57. The update is required to fix multiple cross site scripting vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to execute ar ... oval:org.secpod.oval:def:6882 The host is missing a security update according to Mozilla advisory, MFSA 2012-57. The update is required to fix multiple use-after-free vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to execute arbitrar ... oval:org.secpod.oval:def:6881 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vect ... oval:org.secpod.oval:def:6880 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vect ... oval:org.secpod.oval:def:6869 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vect ... oval:org.secpod.oval:def:6868 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vect ... oval:org.secpod.oval:def:6873 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vect ... oval:org.secpod.oval:def:6872 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vect ... oval:org.secpod.oval:def:6871 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vect ... oval:org.secpod.oval:def:6870 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vect ... oval:org.secpod.oval:def:6877 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vecto ... oval:org.secpod.oval:def:6876 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vecto ... oval:org.secpod.oval:def:6875 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vecto ... oval:org.secpod.oval:def:6874 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle unspe ... oval:org.secpod.oval:def:6879 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to handle a craf ... oval:org.secpod.oval:def:6878 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vecto ... oval:org.secpod.oval:def:6886 The host is missing a security update according to Mozilla advisory, MFSA 2012-61. The update is required to fix a memory corruption vulnerability. A flaw is present in the applications, which fail to handle a negative height value in a BMP image within a .ICO file. Successful exploitation could all ... oval:org.secpod.oval:def:6885 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle a negative hei ... oval:org.secpod.oval:def:6888 The host is missing a security update according to Mozilla advisory, MFSA 2012-62. The update is required to fix a use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related to deletion of a fragment. Successful exploitation could allow attackers to exe ... oval:org.secpod.oval:def:6887 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related t ... oval:org.secpod.oval:def:500878 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Content containing a malici ... oval:org.secpod.oval:def:6889 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an integer overflow vulnerability. A flaw is present in the applications, which fail to handle a crafted SVG ... oval:org.secpod.oval:def:6891 The host is missing a security update according to Mozilla advisory, MFSA 2012-63. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle crafted inputs. Successful exploitation could allow attackers to execute arbitrary code or crash ... oval:org.secpod.oval:def:6890 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors involvin ... oval:org.secpod.oval:def:1503845 An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity rating ... oval:org.secpod.oval:def:6893 The host is installed with Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to the (1) Silf::readClassMap and (2) Pass::readPass functions. Su ... oval:org.secpod.oval:def:6892 The host is installed with Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle vectors related to the (1) Silf::readClassMap and (2) Pass::readPass functions. Su ... oval:org.secpod.oval:def:6895 The host is missing a security update according to Mozilla advisory, MFSA 2012-65. The update is required to fix an out-of-bounds read vulnerability. A flaw is present in the applications, which fail to properly implement XSLT implementation. Successful exploitation could allow attackers to obtain s ... oval:org.secpod.oval:def:6894 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to an out-of-bounds read vulnerability. A flaw is present in the applications, which fail to properly implement ... oval:org.secpod.oval:def:6899 The host is installed with Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to handle crafted data in privileged extension code. Successful exploitation could all ... oval:org.secpod.oval:def:6898 The host is installed with Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to handle crafted data in privileged extension code. Successful exploitation could all ... oval:org.secpod.oval:def:6903 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to properly follow the sec ... oval:org.secpod.oval:def:6902 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to properly follow the sec ... oval:org.secpod.oval:def:6905 The host is missing a security update according to Mozilla advisory, MFSA 2012-72. The update is required to fix an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to properly handle a crafted web site that injects this code and triggers an eval operation. S ... oval:org.secpod.oval:def:6904 The host is installed with Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, or Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and is prone to an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to properly handle a crafted web site t ... oval:org.secpod.oval:def:1504950 [78.11.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [78.11.0-1] - Update to 78.11.0 build1 oval:org.secpod.oval:def:1504951 [78.11.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [78.11.0-1] - Update to 78.11.0 build1 oval:org.secpod.oval:def:4500048 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.11.0. For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. oval:org.secpod.oval:def:4500090 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.11.0 ESR. For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to ... oval:org.secpod.oval:def:73637 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.11.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11 * Mozilla: Thunderbird stored OpenPGP secret keys without master password protection * Mozilla: ... oval:org.secpod.oval:def:2500399 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:4500073 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.12.0. For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. oval:org.secpod.oval:def:1505070 [78.13.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [78.13.0-1] - Update to 78.13.0 build1 oval:org.secpod.oval:def:1505072 [78.13.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [78.13.0-1] - Update to 78.13.0 build1 [78.12.0-3] - Rebuild to pickup older nss oval:org.secpod.oval:def:74582 Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. For the stable distribution , these problems have been fixed in version 1:78.13.0-1~deb11u1. oval:org.secpod.oval:def:4500060 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.13.0 ESR. For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to ... oval:org.secpod.oval:def:4500089 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.13.0. For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. oval:org.secpod.oval:def:2500427 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:205895 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.14.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 92, Firefox ESR 78.14 and Firefox ESR 91.1 For more details about the security issue, including the impact, a CVSS score, ... oval:org.secpod.oval:def:4500036 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.14.0. For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. oval:org.secpod.oval:def:4500070 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.14.0 ESR. For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to ... oval:org.secpod.oval:def:2500410 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:605632 Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. oval:org.secpod.oval:def:1700735 Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, ... oval:org.secpod.oval:def:706204 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:2500306 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:205900 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.2.0. Security Fix: * Mozilla: Use-after-free in MessageTask * Mozilla: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2 * Mozilla: Memory safety bugs fixed i ... oval:org.secpod.oval:def:4500052 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.2.0. For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. oval:org.secpod.oval:def:75779 Mozilla Firefox 94, Mozilla Firefox ESR 91.3 and Thunderbird 91.3 : By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the user potentially being tricked in ... oval:org.secpod.oval:def:75778 Mozilla Firefox 94, Mozilla Firefox ESR 91.3 and Thunderbird 91.3 : The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections o ... oval:org.secpod.oval:def:75777 Mozilla Firefox 94, Mozilla Firefox ESR 91.3 and Thunderbird 91.3 : Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing. oval:org.secpod.oval:def:75776 Mozilla Firefox 94, Mozilla Firefox ESR 91.3 and Thunderbird 91.3 : When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. oval:org.secpod.oval:def:75775 Mozilla Firefox 94, Mozilla Firefox ESR 91.3 and Thunderbird 91.3 : The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. oval:org.secpod.oval:def:75781 Mozilla Firefox 94, Mozilla Firefox ESR 91.3 and Thunderbird 91.3 : The executable file warning was not presented when downloading .inetloc files, which can run commands on a user's computer. oval:org.secpod.oval:def:75780 Mozilla Firefox 94, Mozilla Firefox ESR 91.3 and Thunderbird 91.3 : Due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbitrary (although unstyled) contents could be displayed over top an uncontrolled webpage of the attacker's choosing. oval:org.secpod.oval:def:2500297 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:205907 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.3.0. Security Fix: * Mozilla: Use-after-free in HTTP2 Session object * Mozilla: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3 * Mozilla: iframe sandbox rules did not apply to X ... oval:org.secpod.oval:def:7632 The host is missing a security update according to Mozilla advisory, MFSA 2012-75. The update is required to fix a click-jacking attack and spoofing vulnerability. The flaws are present in the applications, which fail to properly handle SELECT elements. Successful exploitation could allow attackers ... oval:org.secpod.oval:def:7633 The host is installed with Mozilla Firefox before 16.0, Thunderbird before 16.0 or SeaMonkey before 2.13 and is prone to click-jacking attack vulnerability. A flaw is present in the applications, which fail to properly handle navigation away from a web page that has multiple menus of SELECT elements ... oval:org.secpod.oval:def:7634 The host is installed with Mozilla Firefox before 16.0, Thunderbird before 16.0 or SeaMonkey before 2.13 and is prone to spoofing vulnerability. A flaw is present in the applications, which fail to properly handle navigation away from a web page that has a SELECT element's menu active. Successful ex ... oval:org.secpod.oval:def:7635 The host is missing a security update according to Mozilla advisory, MFSA 2012-74. The update is required to fix a multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle vectors related to memory. Successful exploitation could allow attackers t ... oval:org.secpod.oval:def:7636 The host is installed with Mozilla Firefox before 16.0, Thunderbird before 16.0 or SeaMonkey before 2.13 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle vectors related to memory. Successful exploitation could allow attac ... oval:org.secpod.oval:def:7637 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle ... oval:org.secpod.oval:def:7638 The host is missing a security update according to Mozilla advisory, MFSA 2012-76. The update is required to fix a cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle implementation of the HTML5 Same Origin Policy. Successful exploitation could allow attac ... oval:org.secpod.oval:def:7639 The host is installed with Mozilla Firefox before 16.0, Thunderbird before 16.0 or SeaMonkey before 2.13 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle implementation of the HTML5 Same Origin Policy. Successful exploitation could allow ... oval:org.secpod.oval:def:7640 The host is missing a security update according to Mozilla advisory, MFSA 2012-77. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to properly restrict calls to DOMWindowUtils (aka nsDOMWindowUtils) methods. Successful exploitation cou ... oval:org.secpod.oval:def:7641 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to properly restrict calls to ... oval:org.secpod.oval:def:7642 The host is missing a security update according to Mozilla advisory, MFSA 2012-79. The update is required to fix a use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle vectors involving use of mozRequestFullScreen to enter full-screen mode, and use of th ... oval:org.secpod.oval:def:7643 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle vectors invo ... oval:org.secpod.oval:def:7644 The host is missing a security update according to Mozilla advisory, MFSA 2012-80. The update is required to fix an arbitrary code execution vulnerability. A flaw is present in the applications, which fail to properly perform a cast of an unspecified variable during use of the instanceof operator on ... oval:org.secpod.oval:def:7645 The host is installed with Mozilla Firefox before 16.0, Thunderbird before 16.0 or SeaMonkey before 2.13 and is prone to arbitrary code execution vulnerability. A flaw is present in the applications, which fail to properly perform a cast of an unspecified variable during use of the instanceof operat ... oval:org.secpod.oval:def:7646 The host is missing a security update according to Mozilla advisory, MFSA 2012-81. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to properly restrict JSAPI access to the GetProperty function. Successful exploitation could allow attac ... oval:org.secpod.oval:def:7647 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to properly restrict JSAPI acc ... oval:org.secpod.oval:def:7648 The host is missing a security update according to Mozilla advisory, MFSA 2012-82. The update is required to fix a cross-site scripting vulnerability. A flaw is present in the applications, which fail to properly handle binary plugin that uses Object.defineProperty to shadow the top object, and leve ... oval:org.secpod.oval:def:7649 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which fail to properly handle binary ... oval:org.secpod.oval:def:7650 The host is missing a security update according to Mozilla advisory, MFSA 2012-83. The update is required to fix a privilege escalation vulnerabilities. The flaws are present in the applications, which fail to properly interact with failures of InstallTrigger methods. Successful exploitation could a ... oval:org.secpod.oval:def:7651 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to privilege escalation vulnerabilities. The flaws are present in the applications, which fail to properly interac ... oval:org.secpod.oval:def:7652 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to privilege escalation vulnerabilities. The flaws are present in the applications, which fail to prevent access t ... oval:org.secpod.oval:def:7653 The host is missing a security update according to Mozilla advisory, MFSA 2012-84. The update is required to fix a cross-site scripting vulnerability. A flaw is present in the applications, which fail to properly manage history data. Successful exploitation could allow attackers to conduct cross-sit ... oval:org.secpod.oval:def:7654 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which fail to properly manage histor ... oval:org.secpod.oval:def:7655 The host is missing a security update according to Mozilla advisory, MFSA 2012-85. The update is required to fix a multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle certain functions. Successful exploitation could allow attackers to run ar ... oval:org.secpod.oval:def:7656 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to remote code execution vulnerability. A flaw is present in the applications, which fail to properly handle IsCSS ... oval:org.secpod.oval:def:76565 Mozilla Thunderbird 91.4.1 : OpenPGP signature status doesn't consider additional message content. When receiving an OpenPGP/MIME signed email message that contains an additional outer MIME message layer, for example a message footer added by a mailing list gateway, Thunderbird only considered the i ... oval:org.secpod.oval:def:76564 The host is missing a moderate severity security update according to the Mozilla advisory MFSA2021-55 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to properly handle unspecified vectors. Successful exploitation allows an attacker to have unspecified ... oval:org.secpod.oval:def:76566 Mozilla Thunderbird 91.4.1 : Matrix chat library libolm bundled with Thunderbird vulnerable to a buffer overflow. Thunderbird users who use the Matrix chat protocol were vulnerable to a buffer overflow in libolm, that an attacker may trigger by a crafted sequence of messages. The overflow content is ... oval:org.secpod.oval:def:1503747 An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings ... oval:org.secpod.oval:def:7657 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle nsHTMLCSSUti ... oval:org.secpod.oval:def:500905 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Two flaws in Thunderbird co ... oval:org.secpod.oval:def:7658 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle ... oval:org.secpod.oval:def:7659 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle nsSMILAnimat ... oval:org.secpod.oval:def:7660 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle nsTextEditRu ... oval:org.secpod.oval:def:7661 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle DOMSVGTests: ... oval:org.secpod.oval:def:7662 The host is missing a security update according to Mozilla advisory, MFSA 2012-86. The update is required to fix a multiple heap memory corruption vulnerabilities. The flaws are present in the applications, which fail to properly handle vectors related to memory. Successful exploitation could allow ... oval:org.secpod.oval:def:7663 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle nsCharTrait ... oval:org.secpod.oval:def:7664 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle ... oval:org.secpod.oval:def:7665 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly manage ... oval:org.secpod.oval:def:7666 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handle ... oval:org.secpod.oval:def:7667 The host is missing a security update according to Mozilla advisory, MFSA 2012-87. The update is required to fix a use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle vectors related to the nsIContent::GetNameSpaceID function. Successful exploitation co ... oval:org.secpod.oval:def:7668 The host is installed with Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8 or SeaMonkey before 2.13 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle vectors rela ... oval:org.secpod.oval:def:7669 The host is missing a security update according to Mozilla advisory, MFSA 2012-88. The update is required to fix a memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle the mozilla::net::FailDelayManager::Lookup function in the WebSockets implementatio ... oval:org.secpod.oval:def:7670 The host is installed with Mozilla Firefox before 16.0.1, Thunderbird before 16.0.1 or SeaMonkey before 2.13.1 and is prone to memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle the mozilla::net::FailDelayManager::Lookup function in the WebSockets i ... oval:org.secpod.oval:def:7671 The host is missing a security update according to Mozilla advisory, MFSA 2012-89. The update is required to fix a security bypass vulnerability. The flaws are present in the applications, which fail to properly handle access to the Location object. Successful exploitation could allow attackers to e ... oval:org.secpod.oval:def:1503767 An updated thunderbird package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, ... oval:org.secpod.oval:def:7672 The host is installed with Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9 or SeaMonkey before 2.13.1 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to properly handle the d ... oval:org.secpod.oval:def:500908 Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled security wrappers. Malicious content could cause Thunderbird to execute arbitrary code with the privileges of the user running Thunderbird. Red Hat would like to thank the Mozilla project ... oval:org.secpod.oval:def:7673 The host is installed with Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9 or SeaMonkey before 2.13.1 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to properly handle the d ... oval:org.secpod.oval:def:2500529 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:1700864 The Mozilla Foundation Security Advisory describes this flaw as:It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. The Mozilla Foundation Security Advisory describes this flaw as:Constructing audio sinks could have lead to a race condition when playing ... oval:org.secpod.oval:def:205931 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.5.0. Security Fix: * Mozilla: Iframe sandbox bypass with XSLT * Mozilla: Race condition when playing audio files * Mozilla: Heap-buffer-overflow in blendGaussianBlur * Mozilla: Use-after- ... oval:org.secpod.oval:def:7727 The host is installed with Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10 or SeaMonkey before 2.13.2 and is prone to same origin policy bypass vulnerability. A flaw is present in the applications, which fail to properly ... oval:org.secpod.oval:def:7728 The host is installed with Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10 or SeaMonkey before 2.13.2 and is prone to cross-site scripting (XSS) vulnerabilities. The flaws are present in the applications, which fail to pr ... oval:org.secpod.oval:def:7729 The host is installed with Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10 or SeaMonkey before 2.13.2 and is prone to cross-site scripting (XSS) vulnerabilities. The flaws are present in the applications, which fail to pr ... oval:org.secpod.oval:def:1503714 An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratin ... oval:org.secpod.oval:def:7730 The host is missing a security update according to Mozilla advisory, MFSA 2012-90. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to certain objects and functions. Successful exploitation allows attackers to conduct cross-site scripting ... oval:org.secpod.oval:def:500916 Mozilla Thunderbird is a standalone mail and newsgroup client. Multiple flaws were found in the location object implementation in Thunderbird. Malicious content could be used to perform cross-site scripting attacks, bypass the same-origin policy, or cause Thunderbird to execute arbitrary code. Red ... oval:org.secpod.oval:def:2500539 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:4500919 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.6.0. Security Fix: * Mozilla: Extensions could have bypassed permission confirmation during update * Mozilla: Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6 * Mozilla: Drag an ... oval:org.secpod.oval:def:605885 Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:78127 Mozilla Firefox 98, Mozilla Firefox ESR 91.7.0 or Mozilla Thunderbird 91.7.0: An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash. oval:org.secpod.oval:def:78129 Mozilla Firefox 98, Mozilla Firefox ESR 91.7.0 or Mozilla Thunderbird 91.7.0: When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification. oval:org.secpod.oval:def:78130 Mozilla Firefox 98, Mozilla Firefox ESR 91.7.0 or Mozilla Thunderbird 91.7.0: If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. oval:org.secpod.oval:def:78132 Mozilla Firefox ESR 91.7.0 or Mozilla Thunderbird 91.7.0: Previously Firefox for macOS and Linux would download temporary files to a user-specific directory in /tmp, but this behavior was changed to download them to /tmp where they could be affected by other local users. This behavior was reverted t ... oval:org.secpod.oval:def:78133 Mozilla Firefox 98, Mozilla Firefox ESR 91.7.0 or Mozilla Thunderbird 91.7.0: When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified and Firefox would not have noticed. oval:org.secpod.oval:def:78136 The host is missing a high severity security update according to the Mozilla advisory MFSA2022-12 and is prone to a multiple vulnerabilities. The flaws are present in the application, which fails to properly handle unspecified vectors. Successful exploitation allows an attacker to cause unspecified ... oval:org.secpod.oval:def:2500576 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:1700905 The Mozilla Foundation Security Advisory describes this flaw as:NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. The Mozilla Foundation Security Advisory describes th ... oval:org.secpod.oval:def:80395 Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:2500609 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:88356 Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:1505729 [91.9.1-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [91.9.1-1] - Update to 91.9.1 build1 oval:org.secpod.oval:def:8035 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle memory. Successful exploitation allows remote attackers to cause a d ... oval:org.secpod.oval:def:8036 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handl ... oval:org.secpod.oval:def:8037 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to properly handle memory. Successful exploitation allows remote attackers to cause a denial of ser ... oval:org.secpod.oval:def:8038 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handl ... oval:org.secpod.oval:def:8039 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle memory. Successful exploitation allows remote attackers to cause a denial of ... oval:org.secpod.oval:def:8041 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to denial of service vulnerability. A flaw is present in the applications, which fail to handle the setting of Cascading Style Sheets (CSS) properties in conjunction with SVG text. S ... oval:org.secpod.oval:def:8042 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to integer overflow vulnerability. A flaw is present in the applications, which fail to handle crafted data. Suc ... oval:org.secpod.oval:def:8043 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to denial of service vulnerability. A flaw is present in the applications, which fail to handle function calls i ... oval:org.secpod.oval:def:8044 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to Heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to properly handl ... oval:org.secpod.oval:def:8045 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle memory. Successful exploitation allows remote attackers to execute arbitrary code or caus ... oval:org.secpod.oval:def:8046 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle memory. Successful exploitation allows remote attackers to execute arbitrary code or caus ... oval:org.secpod.oval:def:8047 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle memory. Successful ... oval:org.secpod.oval:def:8048 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle memory. Successful ... oval:org.secpod.oval:def:8049 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle memory. Successful ... oval:org.secpod.oval:def:8050 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle memory. Successful exploitation allows remote attackers to execute arbitrary code or caus ... oval:org.secpod.oval:def:8051 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle memory. Successful exploitation allows remote attackers to execute arbitrary code or caus ... oval:org.secpod.oval:def:8052 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11 and is prone to arbitrary code execution vulnerability. A flaw is present in the applications, which fail to properly restrict the context of HTML markup and Cascading Style Sheets (CSS) token sequences. Successf ... oval:org.secpod.oval:def:8053 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which fail to prevent use of ... oval:org.secpod.oval:def:8054 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to consider the compartment during property filtering. Successful exploitation allows remote attac ... oval:org.secpod.oval:def:8055 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which fail to properly handl ... oval:org.secpod.oval:def:8056 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to cross-site request forgery (CSRF) vulnerability. A flaw is present in the applications, which assign the system principal, rather than the sandbox principal, to XMLHttpRequest obj ... oval:org.secpod.oval:def:8057 The host is installed with Mozilla Firefox before 17.0, Thunderbird before 17.0 or SeaMonkey before 2.14 and is prone to denial of service vulnerability. A flaw is present in the applications, which fail to handle the str_unescape function in the JavaScript engine. Successful exploitation allows rem ... oval:org.secpod.oval:def:8059 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fails to handle crafte ... oval:org.secpod.oval:def:8060 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which uses an incorrect context du ... oval:org.secpod.oval:def:8061 The host is missing a critical security update according to MFSA 2012-104. The update is required to fix arbitrary code execution vulnerability. A flaw is present in the applications, which fail to properly restrict the context of HTML markup and Cascading Style Sheets (CSS) token sequences. Success ... oval:org.secpod.oval:def:8062 The host is missing a security update according to MFSA 2012-103. The update is required to fix cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which fail to prevent use of a "top" frame name-attribute value to access the location property. Successful exploitation al ... oval:org.secpod.oval:def:8064 The host is missing a security update according to MFSA 2012-101. The update is required to fix cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which fail to properly handle a ~ (tilde) character in proximity to a chunk delimiter. Successful exploitation allows remot ... oval:org.secpod.oval:def:1503673 An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings ... oval:org.secpod.oval:def:500927 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A buffer overflow flaw was ... oval:org.secpod.oval:def:8065 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which does not properly rest ... oval:org.secpod.oval:def:8066 The host is missing a security update according to MFSA 2012-100. The update is required to fix cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which does not properly restrict write actions. Successful exploitation allows remote attackers to conduct cross-site scrip ... oval:org.secpod.oval:def:8067 The host is missing a security update according to MFSA 2012-91. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle memory. Successful exploitation allows remote attackers to cause a denial of service (memory c ... oval:org.secpod.oval:def:8068 The host is missing a security update according to MFSA 2012-92. The update is required to fix heap-based buffer overflow vulnerability. A flaw is present in the applications, which fails to handle crafted GIF image. Successful exploitation allows remote attackers to execute arbitrary code. oval:org.secpod.oval:def:8069 The host is missing a security update according to MFSA 2012-93. The update is required to fix cross-site scripting vulnerability. A flaw is present in the applications, which uses an incorrect context during the handling of JavaScript code that sets the location.href property. Successful exploitati ... oval:org.secpod.oval:def:8070 The host is missing a security update according to MFSA 2012-94. The update is required to fix denial of service vulnerability. A flaw is present in the applications, which fail to handle the setting of Cascading Style Sheets (CSS) properties in conjunction with SVG text. Successful exploitation all ... oval:org.secpod.oval:def:8072 The host is missing a security update according to MFSA 2012-96. The update is required to fix denial of service vulnerability. A flaw is present in the applications, which fails to handle the str_unescape function in the JavaScript engine. Successful exploitation allows remote attackers to execute ... oval:org.secpod.oval:def:8073 The host is missing a security update according to MFSA 2012-97. The update is required to fix cross-site request forgery (CSRF) vulnerability. A flaw is present in the applications, which assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes. ... oval:org.secpod.oval:def:8074 The host is missing a security update according to MFSA 2012-97. The update is required to fix security bypass vulnerability. A flaw is present in the applications, which fail to consider the compartment during property filtering. Successful exploitation allows remote attackers to bypass intended ch ... oval:org.secpod.oval:def:1505728 [91.10.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build [91.10.0-1] - Update to 91.10.0 build1 oval:org.secpod.oval:def:88365 Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:8075 The host is missing a security update according to MFSA 2012-106. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle certain function calls and crafted data. Successful exploitation allows remote attackers to execute arbitrary code ... oval:org.secpod.oval:def:8076 The host is missing a security update according to MFSA 2012-105. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle certain vectors. Successful exploitation allows remote attackers to execute arbitrary code. oval:org.secpod.oval:def:8077 The host is installed with Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11 or SeaMonkey before 2.14 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle an HTML document. S ... oval:org.secpod.oval:def:2600014 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:88372 Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:83376 The host is missing a high severity security update according to the Mozilla advisory MFSA2022-37 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to properly handle unspecified vectors. Successful exploitation allows an attacker to have unspecified imp ... oval:org.secpod.oval:def:83377 The host is missing a high severity security update according to the Mozilla advisory MFSA2022-36 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to properly handle unspecified vectors. Successful exploitation allows an attacker to have unspecified imp ... oval:org.secpod.oval:def:83381 Mozilla Firefox 104.0, Mozilla Firefox ESR 91.13 or 102.2 and Mozilla Thunderbird 91.13 or 102.2: An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into sub ... oval:org.secpod.oval:def:83382 Mozilla Firefox 104.0, Mozilla Firefox ESR 91.13 or 102.2 and Mozilla Thunderbird 91.13 or 102.2 : A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access). oval:org.secpod.oval:def:83384 Mozilla Firefox ESR 102.2 and Mozilla Thunderbird 102.2: A data race could occur in the PK11_ChangePW function, potentially leading to a use-after-free vulnerability. In Firefox, this lock protected the data when a user changed their master password. oval:org.secpod.oval:def:83385 Mozilla Firefox 104.0, Mozilla Firefox ESR 102.2 and Mozilla Thunderbird 102.2: Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103 and Firefox ESR 102.1. Some of these bugs showed evidence of memory corruption and we presume that with enoug ... oval:org.secpod.oval:def:2600004 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:83386 Mozilla Firefox 104.0, Mozilla Firefox ESR 91.13 or 102.2 and Mozilla Thunderbird 91.13 or 102.2 : Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12. Some of these bugs showed evidence of memory corruption and we presume tha ... oval:org.secpod.oval:def:2600021 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:2500811 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:88408 Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:707801 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:2600020 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:2500822 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:85588 The host is missing a high severity security update according to the Mozilla advisory MFSA2022-49 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to properly handle unspecified vectors. Successful exploitation allows an attacker to have unspecified imp ... oval:org.secpod.oval:def:85592 Mozilla Firefox 107, Mozilla Firefox ESR 102.5 or Mozilla Thunderbird 102.5: Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with Range requests might have allowed them to determine the presence or le ... oval:org.secpod.oval:def:85593 Mozilla Firefox 107, Mozilla Firefox ESR 102.5 or Mozilla Thunderbird 102.5: Through a series of popup and codewindow.print()/code calls, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks. oval:org.secpod.oval:def:85594 Mozilla Firefox 107, Mozilla Firefox ESR 102.5 or Mozilla Thunderbird 102.5: Freeing arbitrary codensIInputStream/code's on a different thread than creation could have led to a use-after-free and potentially exploitable crash. oval:org.secpod.oval:def:85595 Mozilla Firefox 107, Mozilla Firefox ESR 102.5 or Mozilla Thunderbird 102.5: If an out-of-memory condition occurred when creating a JavaScript global, a JavaScript realm may be deleted while references to it lived on in a BaseShape. This could lead to a use-after-free causing a potentially exploitab ... oval:org.secpod.oval:def:85597 Mozilla Firefox 107, Mozilla Firefox ESR 102.5 or Mozilla Thunderbird 102.5: Through a series of popups that reuse windowName, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks. oval:org.secpod.oval:def:4501034 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.5.0. Security Fix: * Mozilla: Service Workers might have learned size of cross-origin media files * Mozilla: Fullscreen notification bypass * Mozilla: Use-after-free in InputStream implem ... oval:org.secpod.oval:def:85598 Mozilla Firefox 107, Mozilla Firefox ESR 102.5 or Mozilla Thunderbird 102.5: The garbage collector could have been aborted in several states and zones and code GCRuntime::finishCollection /code may not have been called, leading to a use-after-free and potentially exploitable crash oval:org.secpod.oval:def:2600011 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:205992 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:2500893 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:85599 Mozilla Firefox 107, Mozilla Firefox ESR 102.5 or Mozilla Thunderbird 102.5: When a ServiceWorker intercepted a request with code FetchEvent/code, the origin of the request was lost after the ServiceWorker took ownership of it. This had the effect of negating SameSite cookie protections. This was a ... oval:org.secpod.oval:def:85600 Mozilla Firefox 107, Mozilla Firefox ESR 102.5 or Mozilla Thunderbird 102.5: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript (such as cookies protected by HTTPOnly) ... oval:org.secpod.oval:def:85601 Mozilla Firefox 107, Mozilla Firefox ESR 102.5 or Mozilla Thunderbird 102.5: When resolving a symlink such as codefile:///proc/self/fd/1/code, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer. oval:org.secpod.oval:def:85603 Mozilla Firefox 107, Mozilla Firefox ESR 102.5 or Mozilla Thunderbird 102.5: Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed. oval:org.secpod.oval:def:85605 Mozilla Firefox 107, Mozilla Firefox ESR 102.5 or Mozilla Thunderbird 102.5: If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks. oval:org.secpod.oval:def:85607 Mozilla Firefox 107, Mozilla Firefox ESR 102.5 or Mozilla Thunderbird 102.5: Using tables inside of an iframe, an attacker could have caused iframe contents to be rendered outside the boundaries of the iframe, resulting in potential user confusion or spoofing attacks. oval:org.secpod.oval:def:85608 Mozilla Firefox 107, Mozilla Firefox ESR 102.5 or Mozilla Thunderbird 102.5: Mozilla developers Andrew McCreight and Gabriele Svelto reported memory safety bugs present in Firefox 106 and Firefox ESR 102.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effor ... oval:org.secpod.oval:def:85804 The host is installed with Mozilla Thunderbird before 102.5.1 and is prone to a sensitive information disclosure vulnerability. A flaw is present in the application, which fails to handle issues in quoting from an HTML email. Successful exploitation allow attackers to trigger network requests and lo ... oval:org.secpod.oval:def:85805 The host is missing a high severity security update according to the Mozilla advisory MFSA2022-50 and is prone to sensitive information disclosure vulnerability. A flaw is present in the application, which fails to handle issues in quoting from an HTML email. Successful exploitation allow attackers ... oval:org.secpod.oval:def:9619 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to stack-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle an HTM ... oval:org.secpod.oval:def:9620 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle a craft ... oval:org.secpod.oval:def:9621 The host is installed with Mozilla Firefox before 18.0, Thunderbird before 17.0.2 or SeaMonkey before 2.15 and is prone to multiple unspecified vulnerabilities. The flaw are present in the applications, which fail to properly handle certain unknown vectors. Successful exploitation allows remote atta ... oval:org.secpod.oval:def:9625 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to remote code execution vulnerability. A flaw is present in the applications, which fail to ensure thread safet ... oval:org.secpod.oval:def:9626 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related to ... oval:org.secpod.oval:def:9628 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle some unspecified ve ... oval:org.secpod.oval:def:9629 The host is installed with Mozilla Firefox before 18.0, Thunderbird before 17.0.2 or SeaMonkey before 2.15 and is prone to buffer overflow vulnerability. A flaw is present in the applications, which fail to handle a crafted document. Successful exploitation allows remote attackers to execute arbitra ... oval:org.secpod.oval:def:9632 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to arbitrary code execution vulnerability. A flaw is present in the applications, which fail to prevent modifica ... oval:org.secpod.oval:def:9633 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle a crafted web page ... oval:org.secpod.oval:def:9634 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related to ... oval:org.secpod.oval:def:9637 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to memory corruption vulnerability. A flaw is present in the applications, which fail to handle a crafted XBL fi ... oval:org.secpod.oval:def:9640 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle some un ... oval:org.secpod.oval:def:9642 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to same-origin policy bypass vulnerability. A flaw is present in the applications, which fail to properly enforc ... oval:org.secpod.oval:def:9644 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to remote code executio vulnerability. A flaw is present in the applications, which fail to properly interact wi ... oval:org.secpod.oval:def:9648 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-03. The update is required to fix stack-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle an HTML document that specifies invalid width and height values. Successfu ... oval:org.secpod.oval:def:9649 The host is missing a security update according to Mozilla advisory, MFSA 2013-07. The update is required to fix remote code execution vulnerability. A flaw is present in the applications, which fail to ensure thread safety for SSL sessions. Successful exploitation allows remote attackers to execute ... oval:org.secpod.oval:def:9652 The host is missing a security update according to Mozilla advisory, MFSA 2013-14. The update is required to fix arbitrary code execution vulnerability. A flaw is present in the applications, which fail to prevent modifications to the prototype of an object. Successful exploitation allows remote att ... oval:org.secpod.oval:def:9653 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-19. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle a crafted web page referencing JavaScript Proxy objects that are not properly handled du ... oval:org.secpod.oval:def:9654 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-18. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related to the domDoc pointer. Successful exploitation allows remote attackers t ... oval:org.secpod.oval:def:9657 The host is missing a security update according to Mozilla advisory, MFSA 2013-13. The update is required to fix memory corruption vulnerability. A flaw is present in the applications, which fail to handle a crafted XBL file with multiple bindings that have SVG content. Successful exploitation allow ... oval:org.secpod.oval:def:9661 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-08. The update is required to fix remote code execution vulnerability. A flaw is present in the applications, which fail to properly interact with garbage collection. Successful exploitation allows remote attacke ... oval:org.secpod.oval:def:9663 The host is missing a security update according to Mozilla advisory, MFSA 2013-10. The update is required to fix same-origin policy bypass vulnerability. A flaw is present in the applications, which fail to properly enforce the Same Origin Policy. Successful exploitation allows remote attackers to c ... oval:org.secpod.oval:def:9929 The host is installed with Mozilla Firefox before 19.0, Thunderbird before 17.0.3 or SeaMonkey before 2.16 and is prone to out-of-bounds read vulnerability. A flaw is present in the applications, which fail to handle the ClusterIterator::NextCluster function. Successful exploitation allows remote at ... oval:org.secpod.oval:def:9932 The host is installed with Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3 and SeaMonkey before 2.16 and is prone to information disclosure vulnerability. A flaw is present in the applications, which fail to prevent JavaScrip ... oval:org.secpod.oval:def:9933 The host is installed with Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3 or SeaMonkey before 2.16 and is prone to information disclosure vulnerability. A flaw is present in the applications, which fail to prevent modificati ... oval:org.secpod.oval:def:9937 The host is installed with Mozilla Firefox before 19.0, Thunderbird before 17.0.3 or SeaMonkey before 2.16 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle the nsPrintEngine::CommonPrint function. Successful exploitation allows remote attacker ... oval:org.secpod.oval:def:9939 The host is installed with Mozilla Firefox before 19.0, Thunderbird before 17.0.3 or SeaMonkey before 2.16 and is prone to out-of-bounds read vulnerability. A flaw is present in the applications, which fail to handle the nsCodingStateMachine::NextState function. Successful exploitation allows remote ... oval:org.secpod.oval:def:9940 The host is installed with Mozilla Firefox before 19.0, Thunderbird before 17.0.3 or SeaMonkey before 2.16 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle the nsDisplayBoxShadowOuter::Paint function. Successful exploitation allows remote atta ... oval:org.secpod.oval:def:9942 The host is installed with Mozilla Firefox before 19.0, Thunderbird before 17.0.3 or SeaMonkey before 2.16 and is prone to multiple memory safety vulnerabilities. The flaws are present in the applications, which fail to handle certain unspecified vectors. Successful exploitation allows remote attack ... oval:org.secpod.oval:def:9947 The host is missing a security update according to Mozilla advisory, MFSA 2013-24. The update is required to fix information disclosure vulnerability. A flaw is present in the applications, which fail to prevent modifications to a prototype. Successful exploitation allows remote attackers to obtain ... oval:org.secpod.oval:def:9948 The host is missing a security update according to Mozilla advisory, MFSA 2013-25. The update is required to fix information disclosure vulnerability. A flaw is present in the applications, which fail to prevent JavaScript workers from reading the browser-profile directory name. Successful exploitat ... oval:org.secpod.oval:def:95179 A security issue was discovered in Thunderbird, which could result in spoofing of filenames of email attachments. oval:org.secpod.oval:def:16377 Mozilla community member Ms2ger found a mechanism where a new Javascript object with a compartment is uninitialized could be entered through web content. When the scope for this object is called, it leads to a potentially exploitable crash. oval:org.secpod.oval:def:16370 Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly restrict local-filesystem access by Java applets, which allows user-assisted remote attackers to read arbitrary files by leveraging a ... oval:org.secpod.oval:def:16371 Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be explo ... oval:org.secpod.oval:def:16374 Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a use-after-free problem in the Animation Manager during the cloning of stylesheets. This can lead to a potentially exploitable crash. oval:org.secpod.oval:def:16388 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allow remote attackers to cause a denial of service (memory corruption and application cra ... oval:org.secpod.oval:def:16385 Security researcher Nils reported two potentially exploitable memory corruption bugs involving scrolling. The first was a use-after-free condition due to scrolling an image document. The second was due to nodes in a range request being added as children of two different parents. oval:org.secpod.oval:def:16386 Mozilla developer Boris Zbarsky reported that user-defined getters on DOM proxies would incorrectly get the expando object as this . It is unlikely that this is directly exploitable but could lead to JavaScript client or add-on code making incorrect security sensitive decisions based on hacker supp ... oval:org.secpod.oval:def:16383 Security researcher Sachin Shinde reported that moving certain XBL-backed nodes from a document into the replacement document created by document.open() can cause a JavaScript compartment mismatch which can often lead to exploitable conditions. Starting with Firefox 20 this condition was turned ... oval:org.secpod.oval:def:16384 Security researcher Aki Helin reported that combining lists, floats, and multiple columns could trigger a potentially exploitable buffer overflow. oval:org.secpod.oval:def:16356 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (memory corruption and application c ... oval:org.secpod.oval:def:16352 The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly restrict use of DefaultValue for method calls, which allows remote attackers to execute arbitrary JavaScript code with ch ... oval:org.secpod.oval:def:16367 Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 use an incorrect URI within unspecified comparisons during enforcement of the Same Origin Policy, which allows remote attackers to conduct cross-site ... oval:org.secpod.oval:def:16368 The Web Workers implementation in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 does not properly restrict XMLHttpRequest calls, which allows remote attackers to bypass the Same Origin Policy and ... oval:org.secpod.oval:def:16363 Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly handle the interaction between FRAME elements and history, which allows remote attackers to conduct cross-site scripting (XSS) attacks ... oval:org.secpod.oval:def:16364 The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows remote attackers to execute arbitrary JavaScript code or conduct cross-site scripting (XSS) attacks ... oval:org.secpod.oval:def:1500232 An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity rating ... oval:org.secpod.oval:def:1500235 An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity rating ... oval:org.secpod.oval:def:16392 Use-after-free vulnerability in the nsAnimationManager::BuildAnimations function in the Animation Manager in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrar ... oval:org.secpod.oval:def:16395 Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not ensure that initialization occurs for JavaScript objects with compartments, which allows remote attackers to execute arbitrary code by leveraging ... oval:org.secpod.oval:def:16335 Security researcher Cody Crews reported that some Javascript components will perform checks against the wrong uniform resource identifier (URI) before performing security sensitive actions. This will return an incorrect location for the originator of the call. This could be used to bypass same-orig ... oval:org.secpod.oval:def:16332 Mozilla security researcher moz_bug_r_a4 reported a mechanism to execute arbitrary code or a cross-site scripting (XSS) attack when Certificate Request Message Format (CRMF) request is generated in certain circumstances. oval:org.secpod.oval:def:16338 Security researcher Georgi Guninski reported an issue with Java applets where in some circumstances the applet could access files on the local system when loaded using the a file:/// URI and violate file origin policy due to interaction with the codebase parameter. This affects applets running on ... oval:org.secpod.oval:def:16339 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execu ... oval:org.secpod.oval:def:16336 Mozilla community member Federico Lanusse reported a mechanism where a web worker can violate same-origin policy and bypass cross-origin checks through XMLHttpRequest. This could allow for cross-site scripting (XSS) attacks by web workers. oval:org.secpod.oval:def:16331 Mozilla security researcher moz_bug_r_a4 reported that through an interaction of frames and browser history it was possible to make the browser believe attacker-supplied content came from the location of a previous page in browser history. This allows for cross-site scripting (XSS) attacks by loadi ... oval:org.secpod.oval:def:16346 Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possib ... oval:org.secpod.oval:def:16343 Use-after-free vulnerability in the mozilla::ResetDir function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via ... oval:org.secpod.oval:def:16344 The System Only Wrapper (SOW) and Chrome Object Wrapper (COW) implementations in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly restrict XBL user-defined functions, which allows remote attackers to execut ... oval:org.secpod.oval:def:16349 The PreserveWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly handle the lack of a wrapper, which allows remote attackers to cause a denial of service (application crash) or possi ... oval:org.secpod.oval:def:16347 Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not prevent the inclusion of body data in an XMLHttpRequest HEAD request, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks ... oval:org.secpod.oval:def:16348 The SVG filter implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to read pixel values, and possibly bypass the Same Origin Policy and read text from a different domain, by observing ... oval:org.secpod.oval:def:16341 Use-after-free vulnerability in the mozilla::dom::HTMLMediaElement::LookupMediaElementURITable function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denia ... oval:org.secpod.oval:def:16342 Use-after-free vulnerability in the nsIDocument::GetRootElement function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corru ... oval:org.secpod.oval:def:1500252 An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity rating ... oval:org.secpod.oval:def:16312 Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be explo ... oval:org.secpod.oval:def:16313 Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free problems rated critical as security issues in shipped software. Some of these issues are potentially exploitable, allowing for remote code execution. ... oval:org.secpod.oval:def:16316 Security researcher Nils reported that specially crafted web content using the onreadystatechange event and reloading of pages could sometimes cause a crash when unmapped memory is executed. This crash is potentially exploitable. oval:org.secpod.oval:def:16317 Security researcher Johnathan Kuskos reported that Firefox is sending data in the body of XMLHttpRequest (XHR) HEAD requests, which goes against the XHR specification. This can potentially be used for Cross-Site Request Forgery (CSRF) attacks against sites which do not distinguish between HEAD and ... oval:org.secpod.oval:def:16314 Security researcher Mariusz Mlynski reported that it is possible to compile a user-defined function in the XBL scope of a specific element and then trigger an event within this scope to run code. In some circumstances, when this code is run, it can access content protected by System Only Wrappers ( ... oval:org.secpod.oval:def:16322 Mozilla security researcher moz_bug_r_a4 reported that XrayWrappers can be bypassed to call content-defined toString and valueOf methods through DefaultValue . This can lead to unexpected behavior when privileged code acts on the incorrect values. oval:org.secpod.oval:def:16326 Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be explo ... oval:org.secpod.oval:def:16318 Security researcher Paul Stone of Context Information Security discovered that timing differences in the processing of SVG format images with filters could allow for pixel values to be read. This could potentially allow for text values to be read across domains, leading to information disclosure. oval:org.secpod.oval:def:16319 Mozilla developer Boris Zbarsky found that when PreserveWrapper was used in cases where a wrapper is not set, the preserved-wrapper flag on the wrapper cache is cleared. This could potentially lead to an exploitable crash. oval:org.secpod.oval:def:202557 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. It was found that, after ca ... oval:org.secpod.oval:def:701194 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:202564 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. It was found that, after ca ... oval:org.secpod.oval:def:10673 The host is installed with Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5 or SeaMonkey before 2.17 and is prone to integer signedness error vulnerability. A flaw is present in the applications, which fail to handle crafted v ... oval:org.secpod.oval:def:10681 The host is installed with Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5 or SeaMonkey before 2.17 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handl ... oval:org.secpod.oval:def:10683 The host is missing a security update according to Mozilla advisory, MFSA 2013-36. The update is required to fix security bypass vulnerability. A flaw is present in the applications, which fail to prevent use of the cloneNode method for cloning a protected node. Successful exploitation allows remote ... oval:org.secpod.oval:def:10685 The host is missing a security update according to Mozilla advisory, MFSA 2013-38. The update is required to fix cross site scripting vulnerability. A flaw is present in the applications, which fail to ensure the correctness of the address bar during history navigation. Successful exploitation allow ... oval:org.secpod.oval:def:10675 The host is installed with Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5 or SeaMonkey before 2.17 and is prone to security bypass vulnerability. A flaw is present in the applications, which fail to prevent use of the cloneN ... oval:org.secpod.oval:def:701126 thunderbird: Mozilla Open Source mail and newsgroup client Details: USN-1681-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Thunderbird. Original advisory Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:202945 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way ... oval:org.secpod.oval:def:10677 The host is installed with Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5 or SeaMonkey before 2.17 and is prone to cross site scripting vulnerability. A flaw is present in the applications, which fail to ensure the correctne ... oval:org.secpod.oval:def:10679 The host is installed with Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5 or SeaMonkey before 2.17 and is prone to out of bounds memory corruption vulnerability. A flaw is present in the applications, which fail to handle a ... oval:org.secpod.oval:def:202938 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way ... oval:org.secpod.oval:def:202935 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. It was found that Thunderbi ... oval:org.secpod.oval:def:202919 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. It was found that Thunderbi ... oval:org.secpod.oval:def:202515 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way ... oval:org.secpod.oval:def:202505 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way ... oval:org.secpod.oval:def:10687 The host is missing a security update according to Mozilla advisory, MFSA 2013-40. The update is required to fix out of bounds memory corruption vulnerability. A flaw is present in the applications, which fail to handle a crafted certificate. Successful exploitation allows remote attackers to cause ... oval:org.secpod.oval:def:10688 The host is missing a security update according to Mozilla advisory, MFSA 2013-30. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle vectors related to the nsContentUtils::HoldJSObjects function and the nsAuto ... oval:org.secpod.oval:def:10689 The host is missing a security update according to Mozilla advisory, MFSA 2013-31. The update is required to fix integer signedness error vulnerability. A flaw is present in the applications, which fail to handle crafted values that trigger attempted use of a negative box boundary or negative box si ... oval:org.secpod.oval:def:1500118 An updated thunderbird package that fixes one security issue is nowavailable for Red Hat Enterprise Linux 5 and 6.The Red Hat Security Response Team has rated this update as havingimportant security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is ... oval:org.secpod.oval:def:1500175 An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity rating ... oval:org.secpod.oval:def:16400 Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly handle movement of XBL-backed nodes between documents, which allows remote attackers to execute arbitrary code or cause a denial of serv ... oval:org.secpod.oval:def:16404 The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vect ... oval:org.secpod.oval:def:16405 Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the "this" object during use of user-defined getter methods on DOM proxies, which might allow remote attackers to bypass intend ... oval:org.secpod.oval:def:16402 Buffer overflow in the nsFloatManager::GetFlowArea function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via crafted use of lists and floats wit ... oval:org.secpod.oval:def:16403 Use-after-free vulnerability in the mozilla::layout::ScrollbarActivity function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via vectors related ... oval:org.secpod.oval:def:1500139 An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity rating ... oval:org.secpod.oval:def:10396 The host is installed with Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4 or SeaMonkey before 2.16.1 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors involvi ... oval:org.secpod.oval:def:10397 The host is missing a security update according to Mozilla advisory, MFSA 2013-29. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors involving an execCommand call. Successful exploitation allows remote attackers to execute ... oval:org.secpod.oval:def:202660 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way ... oval:org.secpod.oval:def:11220 The host is installed with Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6 or Thunderbird ESR 17.x before 17.0.6 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors involving an onresize event during ... oval:org.secpod.oval:def:11221 The host is missing a security update according to Mozilla advisory, MFSA 2013-46. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors involving an onresize event during the playing of a video. Successful exploitation allows ... oval:org.secpod.oval:def:11224 The host is installed with Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6 or Thunderbird ESR 17.x before 17.0.6 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which fail to prevent acquisition of chrome privile ... oval:org.secpod.oval:def:11214 The host is installed with Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6 or Thunderbird ESR 17.x before 17.0.6 and is prone to invalid write operation vulnerability. A flaw is present in the applications, which fail to handle certain vectors related to memory ... oval:org.secpod.oval:def:11215 The host is installed with Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6 or Thunderbird ESR 17.x before 17.0.6 and is prone to out of Bounds Read vulnerability. A flaw is present in the applications, which fail to handle certain vectors related to memory. Suc ... oval:org.secpod.oval:def:11216 The host is installed with Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6 or Thunderbird ESR 17.x before 17.0.6 and is prone to out of bounds read vulnerability. A flaw is present in the applications, which fail to handle certain vectors related to memory. Suc ... oval:org.secpod.oval:def:11217 The host is missing a security update according to Mozilla advisory, MFSA 2013-48. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle certain vectors related to memory. Successful exploitation allows attackers to execute arbitrary ... oval:org.secpod.oval:def:202656 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way ... oval:org.secpod.oval:def:11218 The host is installed with Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6 or Thunderbird ESR 17.x before 17.0.6 and is prone to information disclosure vulnerability. A flaw is present in the applications, which fail to properly initialize data structures for t ... oval:org.secpod.oval:def:11219 The host is missing a security update according to Mozilla advisory, MFSA 2013-47. The update is required to fix information disclosure vulnerability. A flaw is present in the applications, which fail to properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEv ... oval:org.secpod.oval:def:11225 The host is missing a security update according to Mozilla advisory, MFSA 2013-42. The update is required to fix cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which fail to prevent acquisition of chrome privileges during calls to content level constructors. Success ... oval:org.secpod.oval:def:11227 The host is missing a security update according to Mozilla advisory, MFSA 2013-41. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the application, which fails to properly handle certain unknown vectors. Successful exploitation allows attackers to cause a ... oval:org.secpod.oval:def:11228 The host is installed with Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6 or Thunderbird ESR 17.x before 17.0.6 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which oval:org.secpod.oval:def:701279 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:701245 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:701211 thunderbird: Mozilla Open Source mail and newsgroup client Details: USN-1758-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Thunderbird. Original advisory Thunderbird could be made to crash or run programs as your login. oval:org.secpod.oval:def:202635 Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the processing of malformed content. Malicious content could cause Thunderbird to crash or execute arbitrary code with the privileges of the user running Thunderbird. Red Hat would like to thank the Mozilla project f ... oval:org.secpod.oval:def:202638 Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the processing of malformed content. Malicious content could cause Thunderbird to crash or execute arbitrary code with the privileges of the user running Thunderbird. Red Hat would like to thank the Mozilla project f ... oval:org.secpod.oval:def:11211 The host is installed with Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6 or Thunderbird ESR 17.x before 17.0.6 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle certain vectors related to memory. Success ... oval:org.secpod.oval:def:11212 The host is installed with Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6 or Thunderbird ESR 17.x before 17.0.6 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle certain vectors related to memory. Success ... oval:org.secpod.oval:def:11213 The host is installed with Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6 or Thunderbird ESR 17.x before 17.0.6 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle certain vectors related to memory. Success ... oval:org.secpod.oval:def:9931 The host is installed with Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3 or SeaMonkey before 2.16 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle the the nsImageLoad ... oval:org.secpod.oval:def:9930 The host is installed with Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3 and SeaMonkey before 2.16 and is prone to address spoofing vulnerability. A flaw is present in the applications, which fail to handle a proxy server t ... oval:org.secpod.oval:def:9936 The host is installed with Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3 or SeaMonkey before 2.16 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle the nsS ... oval:org.secpod.oval:def:9938 The host is installed with Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3 or SeaMonkey before 2.16 and is prone to use-after-free vulnerability. A flaw is present in the applications, which fail to handle a crafted document ... oval:org.secpod.oval:def:701417 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:9944 The host is missing a security update according to Mozilla advisory, MFSA 2013-28. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle certain functions. Successful exploitation allows remote attackers to execute arbitrary code or c ... oval:org.secpod.oval:def:9943 The host is missing a security update according to Mozilla advisory, MFSA 2013-21. The update is required to fix multiple memory safety vulnerabilities. The flaws are present in the applications, which fail to handle certain unspecified vectors. Successful exploitation allows remote attackers to cau ... oval:org.secpod.oval:def:9941 The host is installed with Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3 or SeaMonkey before 2.16 and is prone to multiple memory safety vulnerabilities. The flaws are present in the applications, which fail to handle certa ... oval:org.secpod.oval:def:9949 The host is missing a security update according to Mozilla advisory, MFSA 2013-26. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle the the nsImageLoadingContent::OnStopContainer function. Successful exploitation allows remote at ... oval:org.secpod.oval:def:1500060 An updated thunderbird package that fixes several security issues is nowavailable for Red Hat Enterprise Linux 5 and 6.The Red Hat Security Response Team has rated this update as having criticalsecurity impact. Common Vulnerability Scoring System base scores,which give detailed severity ratings, ar ... oval:org.secpod.oval:def:500973 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. It was found that, after ca ... oval:org.secpod.oval:def:1500077 An updated thunderbird package that fixes several security issues is nowavailable for Red Hat Enterprise Linux 5 and 6.The Red Hat Security Response Team has rated this update as having criticalsecurity impact. Common Vulnerability Scoring System base scores,which give detailed severity ratings, ar ... oval:org.secpod.oval:def:9950 The host is missing a security update according to Mozilla advisory, MFSA 2013-27. The update is required to fix address spoofing vulnerability. A flaw is present in the applications, which fail to handle a proxy server that provides a 407 HTTP status code accompanied by web script. Successful explo ... oval:org.secpod.oval:def:500942 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way ... oval:org.secpod.oval:def:701384 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:501023 Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the processing of malformed content. Malicious content could cause Thunderbird to crash or execute arbitrary code with the privileges of the user running Thunderbird. Red Hat would like to thank the Mozilla project f ... oval:org.secpod.oval:def:501036 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way ... oval:org.secpod.oval:def:701345 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:501088 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way ... oval:org.secpod.oval:def:202909 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way ... oval:org.secpod.oval:def:202907 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way ... oval:org.secpod.oval:def:501055 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way ... oval:org.secpod.oval:def:501075 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. It was found that Thunderbi ... oval:org.secpod.oval:def:9659 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-12. The update is required to fix Integer overflow vulnerability. A flaw is present in the applications, which fail to handle a crafted string concatenation, leading to improper memory allocation. Successful expl ... oval:org.secpod.oval:def:9656 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-16. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle crafted web content. Successful exploitation allows remote attackers to execute arbitrar ... oval:org.secpod.oval:def:9655 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-17. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors that involve the triggering of garbage collection after memory allocation for li ... oval:org.secpod.oval:def:9650 The host is missing a security update according to Mozilla advisory, MFSA 2013-04. The update is required to fix URL spoofing vulnerability. A flaw is present in the applications, which fail to handle vectors involving authentication information in the userinfo field of a URL. Successful exploitatio ... oval:org.secpod.oval:def:9651 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-15. The update is required to fix privilege escalation vulnerability. A flaw is present in the applications, which fail to handle improper interaction between plugin objects and SVG elements. Successful exploitat ... oval:org.secpod.oval:def:9664 The host is missing a security update according to Mozilla advisory, MFSA 2013-11. The update is required to fix information disclosure vulnerability. A flaw is present in the applications, which fail to prevent calling the toString function of an XBL object. Successful exploitation allows remote at ... oval:org.secpod.oval:def:9660 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-05. The update is required to fix use-after-free vulnerability. A flaw is present in the applications, which fail to handle an HTML document with a table containing many columns and column groups. Successful expl ... oval:org.secpod.oval:def:9662 The host is missing a security update according to Mozilla advisory, MFSA 2013-09. The update is required to fix denial of service vulnerability. A flaw is present in the applications, which fail to properly implement quickstubs that use the jsval data type for their return values. Successful exploi ... oval:org.secpod.oval:def:9636 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applic ... oval:org.secpod.oval:def:9635 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applic ... oval:org.secpod.oval:def:9631 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to privilege escalation vulnerability. A flaw is present in the ... oval:org.secpod.oval:def:9639 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to Integer overflow vulnerability. A flaw is present in the appl ... oval:org.secpod.oval:def:9630 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to URL spoofing vulnerability. A flaw is present in the applicat ... oval:org.secpod.oval:def:9647 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-01. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle certain vectors and memory. Successful exploitation allows attackers to execute arbitra ... oval:org.secpod.oval:def:9646 The host is missing a critical security update according to Mozilla advisory, MFSA 2013-02. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle certain vectors and memory. Successful exploitation allows attackers to execute arbitrar ... oval:org.secpod.oval:def:9643 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to denial of service vulnerability. A flaw is present in the app ... oval:org.secpod.oval:def:9645 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applic ... oval:org.secpod.oval:def:9641 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2 or SeaMonkey before 2.15 and is prone to information disclosure vulnerability. A flaw is present in th ... oval:org.secpod.oval:def:9624 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applic ... oval:org.secpod.oval:def:9627 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to use-after-free vulnerability. A flaw is present in the applic ... oval:org.secpod.oval:def:9623 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to denial of service vulnerability. A flaw is present in the app ... oval:org.secpod.oval:def:9622 The host is installed with Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1 or SeaMonkey before 2.15 and is prone to multiple unspecified vulnerabilities. The flaws are present i ... oval:org.secpod.oval:def:202882 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way ... oval:org.secpod.oval:def:202880 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way ... oval:org.secpod.oval:def:501100 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way ... oval:org.secpod.oval:def:1500696 An updated thunderbird package that fixes two security issues is now available for Red Hat Enterprise Linux 5 and 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availab ... oval:org.secpod.oval:def:52420 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:701616 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:1500650 An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity rating ... oval:org.secpod.oval:def:52444 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:1500285 An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity rating ... oval:org.secpod.oval:def:16302 The JavaScript engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly allocate memory for unspecified functions, which allows remote attackers to conduct bu ... oval:org.secpod.oval:def:16306 Use-after-free vulnerability in the nsIPresShell::GetPresContext function in the PresShell (aka presentation shell) implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before ... oval:org.secpod.oval:def:16304 Use-after-free vulnerability in the nsDocLoader::doStopDocumentLoad function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code ... oval:org.secpod.oval:def:203452 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. N ... oval:org.secpod.oval:def:500749 Mozilla Thunderbird is a standalone mail and newsgroup client. A heap-based buffer overflow flaw was found in the way Thunderbird handled PNG images. An HTML mail message or remote content containing a specially-crafted PNG image could cause Thunderbird to crash or, possibly, execute arbitrary code ... oval:org.secpod.oval:def:16311 The txXPathNodeUtils::getBaseURI function in the XSLT processor in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly initialize data, which allows remote attacke ... oval:org.secpod.oval:def:16309 The Worker::SetEventListener function in the Web workers implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or c ... oval:org.secpod.oval:def:16307 Use-after-free vulnerability in the nsIOService::NewChannelFromURIWithProxyFlags function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute a ... oval:org.secpod.oval:def:16308 Use-after-free vulnerability in the nsEventListenerManager::SetEventHandler function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitr ... oval:org.secpod.oval:def:702077 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:203490 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ... oval:org.secpod.oval:def:203493 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ... oval:org.secpod.oval:def:203409 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. R ... oval:org.secpod.oval:def:23569 The host is installed with Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4 or SeaMonkey before 2.32 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to handle a crafted web site. Successful exploitation allows attac ... oval:org.secpod.oval:def:23572 The host is missing a security update according to Mozilla advisory, MFSA 2015-04. The update is required to fix a session-fixation vulnerability. A flaw is present in the applications, which do not properly interpret Set-Cookie headers within responses that have a 407 (aka Proxy Authentication Requ ... oval:org.secpod.oval:def:23571 The host is installed with Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4 or SeaMonkey before 2.32 and is prone to a session-fixation vulnerability. A flaw is present in the applications, which do not properly interpret Set-Cookie headers within responses that hav ... oval:org.secpod.oval:def:23570 The host is missing a security update according to Mozilla advisory, MFSA 2015-03. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to handle a crafted web site. Successful exploitation allows attackers to bypass intended CORS access-co ... oval:org.secpod.oval:def:23564 The host is missing a security update according to Mozilla advisory, MFSA 2015-01. The update is required to fix to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation allows attackers to cause a denial of ser ... oval:org.secpod.oval:def:23562 The host is installed with Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4 or SeaMonkey before 2.32 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation allows ... oval:org.secpod.oval:def:702490 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:203415 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. R ... oval:org.secpod.oval:def:23989 The host is installed with Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to handle a crafted web site. Successful exploitation could allow attackers to bypass i ... oval:org.secpod.oval:def:23988 The host is missing a critical security update according to Mozilla advisory, MSFA-2015-40. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to handle vectors involving anchor navigation. Successful exploitation could allow attackers to ... oval:org.secpod.oval:def:23987 The host is installed with Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to handle vectors involving anchor navigation. Successful exploitation could allow atta ... oval:org.secpod.oval:def:23995 The host is missing a critical security update according to Mozilla advisory, MSFA-2015-30. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to cause a de ... oval:org.secpod.oval:def:23993 The host is installed with Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to ca ... oval:org.secpod.oval:def:20000 Use-after-free vulnerability in the RefreshDriverTimer::TickDriver function in the SMIL Animation Controller in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruptio ... oval:org.secpod.oval:def:23992 The host is missing a critical security update according to Mozilla advisory, MSFA-2015-33. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which do not properly restrict resource: URLs. Successful exploitation could allow attackers to execute ar ... oval:org.secpod.oval:def:23991 The host is installed with Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 and is prone to a security bypass vulnerability. A flaw is present in the applications, which do not properly restrict resource: URLs. Successful exploitation could allow attackers to ex ... oval:org.secpod.oval:def:23990 The host is missing a critical security update according to Mozilla advisory, MSFA-2015-37. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to handle a crafted web site. Successful exploitation could allow attackers to bypass intended ... oval:org.secpod.oval:def:702446 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:501270 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ... oval:org.secpod.oval:def:21358 Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1 ... oval:org.secpod.oval:def:21356 Antoine Delignat-Lavaud , security researcher at Inria Paris in team Prosecco, reported an issue in Network Security Services (NSS) libraries affecting all versions. He discovered that NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is ... oval:org.secpod.oval:def:501210 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. S ... oval:org.secpod.oval:def:202971 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. It was found that the Thund ... oval:org.secpod.oval:def:202967 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. It was found that the Thund ... oval:org.secpod.oval:def:1500575 An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity rating ... oval:org.secpod.oval:def:17329 The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of service (out-of-bounds read and application crash ... oval:org.secpod.oval:def:17327 The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a different d ... oval:org.secpod.oval:def:19986 Mozilla developers and community identified identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least som ... oval:org.secpod.oval:def:19987 Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a number of use-after-free and out of bounds read issues using the Address Sanitizer tool. These issues are potentially exploitable, allowing for remote code execution. oval:org.secpod.oval:def:17320 The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process heap memory, cause a denial of service (out-of-bounds read and appli ... oval:org.secpod.oval:def:17335 vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not validate the length of the destination array before a copy operation, which allows remote attackers to execute arbitrary code or cause a denial of service ... oval:org.secpod.oval:def:17334 TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an ArrayBuffer object, which allows remote attackers to execute arbitrary code or cause a denial of service (h ... oval:org.secpod.oval:def:17333 Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by triggering extensive memory consumption while garbage co ... oval:org.secpod.oval:def:19997 Use-after-free vulnerability in the nsTextEditRules::CreateMozBR function in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. oval:org.secpod.oval:def:19993 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. oval:org.secpod.oval:def:17332 Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors. oval:org.secpod.oval:def:17331 The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call. oval:org.secpod.oval:def:17330 Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allows remote attackers to execute arbitrary code via a crafted extension that renders fonts in a PDF docu ... oval:org.secpod.oval:def:19990 Security researcher Nils used the Address Sanitizer to discover a use-after-free problem with the SMIL Animation Controller when interacting with and rendering improperly formed web content. This causes a potentially exploitable crash. oval:org.secpod.oval:def:203595 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ... oval:org.secpod.oval:def:203598 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ... oval:org.secpod.oval:def:203583 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ... oval:org.secpod.oval:def:17302 Security researcher Atte Kettunen from OUSPG reported an out of bounds read during the decoding of WAV format audio files for playback. This could allow web content access to heap data as well as causing a crash. oval:org.secpod.oval:def:17300 Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these ... oval:org.secpod.oval:def:17314 Security research firm VUPEN , via TippingPoint"s Pwn2Own contest, reported that memory pressure during Garbage Collection could lead to memory corruption of TypeObjects in the JS engine, resulting in an exploitable use-after-free condition. oval:org.secpod.oval:def:17313 Security researcher Mariusz Mlynski , via TippingPoint"s Pwn2Own contest, reported that it is possible for untrusted web content to load a chrome-privileged page by getting JavaScript-implemented WebIDL to call window.open() . A second bug allowed the bypassing of the popup-blocker without user inte ... oval:org.secpod.oval:def:17312 Mozilla developer Robert O"Callahan reported a mechanism for timing attacks involving SVG filters and displacements input to feDisplacementMap . This allows displacements to potentially be correlated with values derived from content. This is similar to the previously reported techniques used for SV ... oval:org.secpod.oval:def:17311 Security researcher John Thomson discovered a memory corruption in the Cairo graphics library during font rendering of a PDF file for display. This memory corruption leads to a potentially exploitable crash and to a denial of service (DOS). This issues is not able to be triggered in a default confi ... oval:org.secpod.oval:def:17317 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code ... oval:org.secpod.oval:def:17316 Security researcher George Hotz , via TippingPoint"s Pwn2Own contest, discovered an issue where values are copied from an array into a second, neutered array. This allows for an out-of-bounds write into memory, causing an exploitable crash leading to arbitrary code execution. oval:org.secpod.oval:def:17315 Security researcher Juri Aedla , via TippingPoint"s Pwn2Own contest, reported that TypedArrayObject does not handle the case where ArrayBuffer objects are neutered, setting their length to zero while still in use. This leads to out-of-bounds reads and writes into the JavaScript heap, allowing for ... oval:org.secpod.oval:def:17310 Security researcher Tyson Smith and Jesse Schwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover an out-of-bounds read during polygon rendering in MathML. This can allow web content to potentially read protected memory addresse ... oval:org.secpod.oval:def:1503642 An updated thunderbird package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is ava ... oval:org.secpod.oval:def:21048 Security researcher Holger Fuhrmannek discovered an out-of-bounds read during the creation of an audio timeline in Web Audio. This results in a crash and could allow for the reading of random memory values. oval:org.secpod.oval:def:21049 Security researcher regenrecht reported, via TippingPoint"s Zero Day Initiative, a use-after-free during text layout when interacting with the setting of text direction. This results in a use-after-free which can lead to arbitrary code execution. oval:org.secpod.oval:def:21038 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vecto ... oval:org.secpod.oval:def:21046 Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a use-after-free during cycle collection. This was found in interactions with the SVG content through the document object model (DOM) with animating SVG content. This leads to ... oval:org.secpod.oval:def:21047 Google security researcher Michal Zalewski discovered that when a malformated GIF image is rendered in certain circumstances, memory is not properly initialized before use. The resulting image then uses this memory during rendering. This could allow for the a script in web content to access this uni ... oval:org.secpod.oval:def:21044 Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to execute arbitrary code via text that is improperly handled during the interactio ... oval:org.secpod.oval:def:21045 Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these ... oval:org.secpod.oval:def:21042 Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 do not properly initialize memory for GIF rendering, which allows remote attackers to obtain sensitive information from process memory via crafted web script that interacts with a CANVAS element associated wi ... oval:org.secpod.oval:def:21043 The mozilla::dom::AudioEventTimeline function in the Web Audio API implementation in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 does not properly create audio timelines, which allows remote attackers to obtain sensitive information from process memory ... oval:org.secpod.oval:def:21040 Unspecified vulnerability in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute ... oval:org.secpod.oval:def:21041 Use-after-free vulnerability in the mozilla::DOMSVGLength::GetTearOff function in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG animation w ... oval:org.secpod.oval:def:23686 The host is missing an important security update according to Mozilla advisory, MFSA-2015-24. The update is required to fix an information disclosure vulnerability. A flaw is present in the applications, which fails to properly handle crafted JavaScript code. Successful exploitation could allow atta ... oval:org.secpod.oval:def:23685 The host is installed with Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fails to properly handle crafted JavaScript code. Successful exploitation could allo ... oval:org.secpod.oval:def:501319 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. R ... oval:org.secpod.oval:def:203568 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ... oval:org.secpod.oval:def:203566 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ... oval:org.secpod.oval:def:17835 Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a fixed offset out of bounds read issue while decoding specifically formatted JPG format images. This causes a non-exploitable crash. oval:org.secpod.oval:def:17833 Mozilla developers and community identified identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least som ... oval:org.secpod.oval:def:203533 Mozilla Thunderbird is a standalone mail and newsgroup client. Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. It was found ... oval:org.secpod.oval:def:203532 Mozilla Thunderbird is a standalone mail and newsgroup client. Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. It was found ... oval:org.secpod.oval:def:21439 The WebRTC video-sharing feature in dom/media/MediaManager.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not properly recognize Stop Sharing actions for videos in IFRAME elements, which allows remote attackers to obtain sensitive information ... oval:org.secpod.oval:def:1500603 An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity rating ... oval:org.secpod.oval:def:21435 Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and la ... oval:org.secpod.oval:def:21433 The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bo ... oval:org.secpod.oval:def:21434 The get_tile function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly execute arbitrary code via WebM frames with invalid tile sizes that are im ... oval:org.secpod.oval:def:501372 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. R ... oval:org.secpod.oval:def:21440 content/base/src/nsDocument.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not consider whether WebRTC video sharing is occurring, which allows remote attackers to obtain sensitive information from the local camera in certain IFRAME situations ... oval:org.secpod.oval:def:21427 Mozilla developers Eric Shepherd and Jan-Ivar Bruaroey reported issues with privacy and video sharing using WebRTC. Once video sharing has started within a WebRTC session running within an iframe , video will continue to be shared even if the user selects the Stop Sharing button in the controls. T ... oval:org.secpod.oval:def:21424 Using the Address Sanitizer tool, security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team found an out-of-bounds write when buffering WebM format video containing frames with invalid tile sizes. This can lead to a potentially exploitable crash during WebM video playback. oval:org.secpod.oval:def:21425 Security researcher regenrecht reported, via TippingPoint"s Zero Day Initiative, a use-after-free during text layout when interacting with text direction. This results in a crash which can lead to arbitrary code execution. oval:org.secpod.oval:def:21422 Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG discovered a buffer overflow when making capitalization style changes during CSS parsing. This can cause a crash that is potentially exploitable. oval:org.secpod.oval:def:21423 Security researcher Holger Fuhrmannek used the used the Address Sanitizer tool to discover an out-of-bounds read issue with Web Audio when interacting with custom waveforms with invalid values. This results in a crash and could allow for the reading of random memory which may contain sensitive data ... oval:org.secpod.oval:def:21432 Heap-based buffer overflow in the nsTransformedTextRun function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via Cascading Style Sheets (CSS) token sequences that trigger changes to capitalization sty ... oval:org.secpod.oval:def:21430 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vecto ... oval:org.secpod.oval:def:21421 Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these ... oval:org.secpod.oval:def:23669 The host is installed with Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fails to properly handle crafted content during IndexedDB index creation. Successful exploit ... oval:org.secpod.oval:def:23676 The host is missing a security update according to Mozilla advisory, MFSA-2015-19. The update is required to fix a heap-based buffer overflow vulnerability. A flaw is present in the applications, which fails to properly handle a malformed SVG graphic. Successful exploitation could allow attackers di ... oval:org.secpod.oval:def:23675 The host is installed with Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the applications, which fails to properly handle a malformed SVG graphic. Successful exploitation could a ... oval:org.secpod.oval:def:23670 The host is missing a critical security update according to Mozilla advisory, MFSA-2015-16. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fails to properly handle crafted content during IndexedDB index creation. Successful exploitation co ... oval:org.secpod.oval:def:23662 The host is missing a critical security update according to Mozilla advisory, MFSA2015-11. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation could allow attackers to execute arb ... oval:org.secpod.oval:def:23660 The host is installed with Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to ex ... oval:org.secpod.oval:def:501340 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. R ... oval:org.secpod.oval:def:20634 Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use UTF-8 character encoding in a required context, a different vulnerability than CVE-2014-1558. oval:org.secpod.oval:def:20635 Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use ASCII character encoding in a required context. oval:org.secpod.oval:def:20632 The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data during function execution, which allows remote attackers to execute arbitrary code by triggering prolong ... oval:org.secpod.oval:def:20633 Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use UTF-8 character encoding in a required context, a different vulnerability than CVE-2014-1559. oval:org.secpod.oval:def:20630 Use-after-free vulnerability in the nsDocLoader::OnProgress function in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allows remote attackers to execute arbitrary code via vectors that trigger a FireOnStateChange event. oval:org.secpod.oval:def:20631 Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to execute arbitrary code via crafted WebGL content constructed with the Cesium JavaScript library. oval:org.secpod.oval:def:52225 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:20625 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. oval:org.secpod.oval:def:20626 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. oval:org.secpod.oval:def:20623 Mozilla developer Boris Zbarsky discovered an issue where network-level redirects cause an iframe sandbox to forget its unique origin and behave as if the allow-same-origin keyword were applied. This allows the sandboxed content to access other content from the same origin without explicit approv ... oval:org.secpod.oval:def:20621 Mozilla community member John reported a crash in the Skia library when scaling high quality images if the scaling operation takes too long. This is caused by the image data being discarded while still in use by the scaling operation. This crash is potentially exploitable on some systems. oval:org.secpod.oval:def:20622 Mozilla security researcher Christian Holler discovered several issues while fuzzing the parsing of SSL certificates. Two of these issues were a result of using characters that are not UTF-8 in certificates when various functions expected all strings to be UTF-8 format. The third issue was a result ... oval:org.secpod.oval:def:20629 Mozilla Firefox before 31.0 and Thunderbird before 31.0 do not properly implement the sandbox attribute of the IFRAME element, which allows remote attackers to bypass intended restrictions on same-origin content via a crafted web site in conjunction with a redirect. oval:org.secpod.oval:def:20627 The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer function in Mozilla Firefox before 31.0 and Thunderbird before 31.0 does not properly allocate Web Audio buffer memory, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and applica ... oval:org.secpod.oval:def:20628 Use-after-free vulnerability in the MediaInputPort class in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging incorrect Web Audio control-message ordering. oval:org.secpod.oval:def:52239 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:20614 Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these ... oval:org.secpod.oval:def:20615 Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG discovered a buffer overflow during interaction with the Web Audio buffer for playback because of an error in the amount of allocated memory for buffers. This leads to a potentially exploitable crash with some audio cont ... oval:org.secpod.oval:def:20618 Security researcher Jethro Beekman of the University of California, Berkeley reported a crash when the FireOnStateChange event is triggered in some circumstances. This leads to a use-after-free and a potentially exploitable crash when it occurs. oval:org.secpod.oval:def:20619 Developer Patrick Cozzi reported a crash in some circumstances when using the Cesium JavaScript library to generate WebGL content. Mozilla developers determined that this crash is potentially exploitable. oval:org.secpod.oval:def:20616 Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG discovered a use-after-free in Web Audio due to an issue with how control messages for Web Audio are ordered and processed. This leads to a potentially exploitable crash. oval:org.secpod.oval:def:1500879 An updated thunderbird package that fixes three security issues is now available for Red Hat Enterprise Linux 5 and 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are avail ... oval:org.secpod.oval:def:1500407 An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity rating ... oval:org.secpod.oval:def:17841 Security researcher Nils discovered a use-after-free error in which the imgLoader object is freed while an image is being resized. This results in a potentially exploitable crash. oval:org.secpod.oval:def:17840 Mozilla security researcher moz_bug_r_a4 reported a method to use browser navigations through history to load a website with that page"s baseURI property pointing to that of another site instead of the seemingly loaded one. The user will continue to see the incorrect site in the addressbar of the b ... oval:org.secpod.oval:def:17845 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code ... oval:org.secpod.oval:def:17843 Security researchers Tyson Smith and Jesse Schwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a use-after-free during host resolution in some circumstances. This leads to a potentially exploitable crash. oval:org.secpod.oval:def:203223 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. S ... oval:org.secpod.oval:def:17839 Security researcher Mariusz Mlynski discovered an issue where sites that have been given notification permissions by a user can bypass security checks on source components for the Web Notification API. This allows for script to be run in a privileged context through notifications, leading to arbitr ... oval:org.secpod.oval:def:17836 Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a buffer overflow when a script uses a non-XBL object as an XBL object because the XBL status of the object is not properly validated. The resulting memory corruption is potent ... oval:org.secpod.oval:def:17853 The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page for ... oval:org.secpod.oval:def:17856 Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap m ... oval:org.secpod.oval:def:17855 Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corru ... oval:org.secpod.oval:def:17854 The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting (XSS) attacks, via a crafted web site ... oval:org.secpod.oval:def:203216 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. S ... oval:org.secpod.oval:def:17849 The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of se ... oval:org.secpod.oval:def:17848 Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image. oval:org.secpod.oval:def:108354 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:501429 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. N ... oval:org.secpod.oval:def:702263 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:108326 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:702230 thunderbird: Mozilla Open Source mail and newsgroup client Details: USN-2360-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Thunderbird. Original advisory Fraudulent security certificates could allow sensitive information to be exposed when accessing the Inter ... oval:org.secpod.oval:def:501485 Mozilla Thunderbird is a standalone mail and newsgroup client. Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. It was found ... oval:org.secpod.oval:def:1500973 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ... oval:org.secpod.oval:def:1500975 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ... oval:org.secpod.oval:def:702204 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:1500920 Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these ... oval:org.secpod.oval:def:1500938 Multiple unspecified vulnerabilities in the browser engine in Mozilla Thunderbird before 31.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. oval:org.secpod.oval:def:501460 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ... oval:org.secpod.oval:def:52295 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:16258 Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corrupt ... oval:org.secpod.oval:def:16255 Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via ... oval:org.secpod.oval:def:16259 Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code by trig ... oval:org.secpod.oval:def:16251 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code ... oval:org.secpod.oval:def:16261 The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements. oval:org.secpod.oval:def:52355 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:1500338 An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity rating ... oval:org.secpod.oval:def:16238 Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be explo ... oval:org.secpod.oval:def:204278 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. N ... oval:org.secpod.oval:def:16247 Security researchers Tyson Smith and JesseSchwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a user-after-free in the functions for synthetic mouse movement handling. Security researcher Atte Kettunen from OUSPG also repor ... oval:org.secpod.oval:def:16245 Security researchers Tyson Smith and JesseSchwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a mechanism where inserting an ordered list into a document through script could lead to a potentially exploitable crash that can ... oval:org.secpod.oval:def:52381 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:16242 Security researchers Tyson Smith and JesseSchwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a user-after-free when interacting with event listeners from the mListeners array. This leads to a potentially exploitable crash. oval:org.secpod.oval:def:16243 Security researcher Nils used the Address Sanitizer tool while fuzzing to discover a use-after-free problem in the table editing user interface of the editor during garbage collection. This leads to a potentially exploitable crash. oval:org.secpod.oval:def:16293 Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover an access violation due to uninitialized data during Extensible Stylesheet Language Transformation (XSLT) processing. This leads to a potentially exploitable crash. oval:org.secpod.oval:def:16294 Compiler Engineer Dan Gohman of Google discovered a flaw in the JavaScript engine where memory was being incorrectly allocated for some functions and the calls for allocations were not always properly checked for overflow, leading to potential buffer overflows. When combined with other vulnerabilit ... oval:org.secpod.oval:def:16291 Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be explo ... oval:org.secpod.oval:def:16298 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allow remote attackers to cause a denial of service (memory corrupt ... oval:org.secpod.oval:def:16296 Security researcher Byoungyoung Lee of Georgia Tech Information Security Center (GTISC) used the Address Sanitizer tool to discover a use-after-free during state change events while updating the offline cache. This leads to a potentially exploitable crash. oval:org.secpod.oval:def:1500760 An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are av ... oval:org.secpod.oval:def:52309 thunderbird: Mozilla Open Source mail and newsgroup client Details: USN-2360-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Thunderbird. Original advisory Fraudulent security certificates could allow sensitive information to be exposed when accessing the Inter ... oval:org.secpod.oval:def:701959 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:52329 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:16288 Security researcher Nils used the Address Sanitizer tool while fuzzing to discover missing strong references in browsing engine leading to use-after-frees. This can lead to a potentially exploitable crash. oval:org.secpod.oval:def:16289 Security researcher Nils used the Address Sanitizer tool while fuzzing to discover a memory corruption issue with the JavaScript engine when using workers with direct proxies. This results in a potentially exploitable crash. oval:org.secpod.oval:def:203366 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. R ... oval:org.secpod.oval:def:204216 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ... oval:org.secpod.oval:def:203340 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. R ... oval:org.secpod.oval:def:203337 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. R ... oval:org.secpod.oval:def:203370 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. R ... oval:org.secpod.oval:def:501551 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ... oval:org.secpod.oval:def:203312 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ... oval:org.secpod.oval:def:702364 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:203308 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ... oval:org.secpod.oval:def:501507 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ... oval:org.secpod.oval:def:501506 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ... oval:org.secpod.oval:def:501125 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. It was found that the Thund ... oval:org.secpod.oval:def:1500847 An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, ar ... oval:org.secpod.oval:def:701470 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:702316 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:52482 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:38138 The host is installed with Mozilla Firefox before 50.0.2, Firefox ESR before 45.5.1 or Thunderbird 45.x before 45.5.1 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to execute ... oval:org.secpod.oval:def:38139 The host is missing a critical security update according to Mozilla advisory, MFSA2016-92. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to execute remote code. oval:org.secpod.oval:def:204051 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.5.1. Security Fix: * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary ... oval:org.secpod.oval:def:204052 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.5.1. Security Fix: * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary ... oval:org.secpod.oval:def:204059 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.6.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:204048 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.5.0 Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute ar ... oval:org.secpod.oval:def:204047 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.5.0 Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute ar ... oval:org.secpod.oval:def:39171 Mozilla Firefox before 52.0, Firefox ESR before 45.8 or Thunderbird before 45.x before 45.8 :- Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. oval:org.secpod.oval:def:39172 Mozilla Firefox before 52.0, Firefox ESR before 45.8 or Thunderbird before 45.x before 45.8 :- Mozilla developers and community members reported memory safety bugs present in Firefox, Firefox ESR and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough ... oval:org.secpod.oval:def:39170 Mozilla Firefox before 52.0, Firefox ESR before 45.8 or Thunderbird before 45.x before 45.8 :- Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. oval:org.secpod.oval:def:39168 Mozilla Firefox before 52.0, Firefox ESR before 45.8 or Thunderbird before 45.x before 45.8 :- Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and ... oval:org.secpod.oval:def:39169 Mozilla Firefox before 52.0, Firefox ESR before 45.8 or Thunderbird before 45.x before 45.8 :- Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. oval:org.secpod.oval:def:39164 Mozilla Firefox before 52.0, Firefox ESR before 45.8 or Thunderbird before 45.x before 45.8 :- JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. oval:org.secpod.oval:def:39165 Mozilla Firefox before 52.0, Firefox ESR before 45.8 or Thunderbird before 45.x before 45.8 :- A crash triggerable by web content in which an ErrorResult references unassigned memory due to a logic error. The resulting crash may be exploitable. oval:org.secpod.oval:def:39166 Mozilla Firefox before 52.0, Firefox ESR before 45.8 or Thunderbird before 45.x before 45.8 :- A use-after-free can occur when events are fired for a FontFace object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash. oval:org.secpod.oval:def:39167 Mozilla Firefox before 52.0, Firefox ESR before 45.8 or Thunderbird before 45.x before 45.8 :- A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. oval:org.secpod.oval:def:204061 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.6.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:204065 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.6.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:1501019 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ... oval:org.secpod.oval:def:1501018 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ... oval:org.secpod.oval:def:204019 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.4.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:204018 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.4.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:204017 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.4.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:204465 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.8.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:204464 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.8.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:204463 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.8.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:1501067 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. It ... oval:org.secpod.oval:def:1501069 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. It ... oval:org.secpod.oval:def:702560 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:39191 The host is missing a critical security update according to Mozilla advisory, MFSA2017-07. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ... oval:org.secpod.oval:def:204164 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.5.0 Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute ar ... oval:org.secpod.oval:def:204147 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.5.1. Security Fix: * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary ... oval:org.secpod.oval:def:204102 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.7.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:204105 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.7.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:204104 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.7.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:203634 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ... oval:org.secpod.oval:def:203636 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ... oval:org.secpod.oval:def:203635 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ... oval:org.secpod.oval:def:25576 The host is installed with Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8, 38.x before 38.1, Thunderbird before 31.8 or 38.x before 38.1 and is prone to a security bypass vulnerability. A flaw is present in the applications, which do not properly determine state transitions for the TLS st ... oval:org.secpod.oval:def:25577 The host is missing a critical security update according to Mozilla advisory, MFSA-2015-71. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which do not properly determine state transitions for the TLS state machine. Successful exploitation could ... oval:org.secpod.oval:def:25578 The host is installed with Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8, 38.x before 38.1, Thunderbird before 31.8 or 38.x before 38.1 and is prone to multiple vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could ... oval:org.secpod.oval:def:25579 The host is missing a critical security update according to Mozilla advisory, MFSA-2015-59. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to cause deni ... oval:org.secpod.oval:def:38871 The host is missing a critical security update according to Mozilla advisory, MFSA2017-03. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code, ... oval:org.secpod.oval:def:203673 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. I ... oval:org.secpod.oval:def:203666 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. I ... oval:org.secpod.oval:def:203668 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. I ... oval:org.secpod.oval:def:38850 Mozilla Firefox before 51.0, Firefox ESR before 45.7 or Thunderbird 45.x before 45.7 :- Use-after-free while manipulating XSL in XSLT documents oval:org.secpod.oval:def:38851 Mozilla Firefox before 51.0, Firefox ESR before 45.7 or Thunderbird 45.x before 45.7 :- Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content ... oval:org.secpod.oval:def:38852 Mozilla Firefox before 51.0, Firefox ESR before 45.7 or Thunderbird 45.x before 45.7 :- A potential use-after-free found through fuzzing during DOM manipulation of SVG content. oval:org.secpod.oval:def:38853 Mozilla Firefox before 51.0, Firefox ESR before 45.7 or Thunderbird 45.x before 45.7 :- URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. oval:org.secpod.oval:def:38855 Mozilla Firefox before 51.0, Firefox ESR before 45.7 or Thunderbird 45.x before 45.7 :- The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. oval:org.secpod.oval:def:38856 Mozilla Firefox before 51.0, Firefox ESR before 45.7 or Thunderbird 45.x before 45.7 :- A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory. oval:org.secpod.oval:def:38848 Mozilla Firefox before 51.0, Firefox ESR before 45.7 or Thunderbird 45.x before 45.7 :- Mozilla developers and community members reported memory safety bugs present in Firefox and Firefox ESR. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of ... oval:org.secpod.oval:def:38849 Mozilla Firefox before 51.0, Firefox ESR before 45.7 or Thunderbird 45.x before 45.7 :- JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. oval:org.secpod.oval:def:25590 The host is installed with Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, Thunderbird before 31.8 or 38.x before 38.1 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could allow ... oval:org.secpod.oval:def:25583 The host is installed with Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8, 38.x before 38.1, Thunderbird before 31.8 or 38.x before 38.1 and is prone to an unspecified vulnerability. A flaw is present in the applications, which access unintended memory locations. Successful exploitation c ... oval:org.secpod.oval:def:25584 The host is installed with Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8, 38.x before 38.1, Thunderbird before 31.8 or 38.x before 38.1 and is prone to an unspecified vulnerability. A flaw is present in the applications, which read data from uninitialized memory locations. Successful exp ... oval:org.secpod.oval:def:25585 The host is installed with Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8, 38.x before 38.1, Thunderbird before 31.8 or 38.x before 38.1 and is prone to an unspecified vulnerability. A flaw is present in the applications, which read data from uninitialized memory locations. Successful exp ... oval:org.secpod.oval:def:25586 The host is installed with Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8, 38.x before 38.1, Thunderbird before 31.8 or 38.x before 38.1 and is prone to an unspecified vulnerability. A flaw is present in the applications, which access unintended memory locations. Successful exploitation c ... oval:org.secpod.oval:def:25587 The host is installed with Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8, 38.x before 38.1, Thunderbird before 31.8 or 38.x before 38.1 and is prone to a buffer overflow vulnerability. A flaw is present in the applications, which fail to handle unknown vectors. Successful exploitation co ... oval:org.secpod.oval:def:25580 The host is installed with Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8, 38.x before 38.1, Thunderbird before 31.8 or 38.x before 38.1 and is prone to an unspecified vulnerability. A flaw is present in the applications, which read data from uninitialized memory locations. Successful exp ... oval:org.secpod.oval:def:25581 The host is missing a critical security update according to Mozilla advisory, MFSA-2015-66. The update is required to fix unspecified vulnerabilities. The flaws are present in the applications, which read data from uninitialized memory locations. Successful exploitation could allow attackers to caus ... oval:org.secpod.oval:def:25582 The host is installed with Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8, 38.x before 38.1, Thunderbird before 31.8 or 38.x before 38.1 and is prone to an unspecified vulnerability. A flaw is present in the applications, which access unintended memory locations. Successful exploitation c ... oval:org.secpod.oval:def:24715 The host is installed with Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7 or Thunderbird before 31.7 and is prone to a buffer overflow vulnerability. A flaw is present in the applications, which fail to handle a large amount of compressed XML data. Successful exploitation could allow atta ... oval:org.secpod.oval:def:24716 The host is installed with Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7 or Thunderbird before 31.7 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle a crafted SVG graphics data in conjunction with a crafted Cascading ... oval:org.secpod.oval:def:24717 The host is installed with Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7 or Thunderbird before 31.7 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle a document containing crafted text in conjunction with a Cascading Style Sheets ... oval:org.secpod.oval:def:24718 The host is installed with Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7 or Thunderbird before 31.7 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could allow attackers to caus ... oval:org.secpod.oval:def:25603 The host is installed with Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, Thunderbird before 31.8 or 38.x before 38.1 and is prone to a security bypass vulnerability. A flaw is present in the applications, which do not enforce key pinning upon encountering an X.509 certificate problem th ... oval:org.secpod.oval:def:25604 The host is missing a critical security update according to Mozilla advisory, MFSA-2015-67. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which do not enforce key pinning upon encountering an X.509 certificate problem that generates a user dial ... oval:org.secpod.oval:def:501571 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ... oval:org.secpod.oval:def:25600 The host is installed with Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, Thunderbird before 31.8 or 38.x before 38.1 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle client-side JavaScript that triggers removal of a DOM object ... oval:org.secpod.oval:def:25601 The host is missing a critical security update according to Mozilla advisory, MFSA-2015-63. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to handle client-side JavaScript that triggers removal of a DOM object on the basis of a Conten ... oval:org.secpod.oval:def:24725 The host is missing a critical security update according to Mozilla advisory, MFSA-2015-46. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation could allow attackers to cause a de ... oval:org.secpod.oval:def:24726 The host is missing a critical security update according to Mozilla advisory, MFSA-2015-48. The update is required to fix a heap-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle a crafted SVG graphics data in conjunction with a crafted Cascading Style ... oval:org.secpod.oval:def:501591 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. I ... oval:org.secpod.oval:def:24729 The host is missing a critical security update according to Mozilla advisory, MFSA-2015-51. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to handle a document containing crafted text in conjunction with a Cascading Style Sheets (CSS) ... oval:org.secpod.oval:def:24731 The host is missing a critical security update according to Mozilla advisory, MFSA-2015-54. The update is required to fix a buffer overflow vulnerability. A flaw is present in the applications, which fail to handle a large amount of compressed XML data. Successful exploitation could allow attackers ... oval:org.secpod.oval:def:58730 Mozilla Thunderbird 68.1 : Encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a a HTML reply/forward. oval:org.secpod.oval:def:1501590 Multiple unspecified vulnerabilities in thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. oval:org.secpod.oval:def:1501591 Multiple unspecified vulnerabilities in thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. oval:org.secpod.oval:def:703375 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:703333 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:51657 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:51679 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:51708 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:703439 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:1501796 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.8.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:1501799 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501759 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501761 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:51754 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:501877 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.4.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:703535 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:1501686 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.5.0 Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute ar ... oval:org.secpod.oval:def:1501687 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.5.0 Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute ar ... oval:org.secpod.oval:def:501942 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.5.0 Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute ar ... oval:org.secpod.oval:def:501944 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.5.1. Security Fix: * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary ... oval:org.secpod.oval:def:501949 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.6.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:1501691 A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. oval:org.secpod.oval:def:1501692 A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. oval:org.secpod.oval:def:501972 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.7.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:501990 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.8.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:1501706 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.6.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:1501717 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.6.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:502052 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.2.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:1501968 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501970 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:502028 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.1.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:51984 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:1502074 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502075 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502035 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502036 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:703794 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:603148 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:502182 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.4.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:502181 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.3.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:703916 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:1501852 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501850 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:603209 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:603225 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service, information disclosure or spoofing of sender"s email addresses. oval:org.secpod.oval:def:502219 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.5.2. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:603255 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or URL spoofing. oval:org.secpod.oval:def:502233 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.6.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:1501904 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501905 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:703855 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:502203 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.5.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:51794 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:51839 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:43359 The host is installed with Mozilla Thunderbird before 52.5.2 and is prone to an address spoofing vulnerability. A flaw is present in the application, which fails to properly handle null character. Successful exploitation could allow attackers to modify the message body. oval:org.secpod.oval:def:43358 The host is installed with Mozilla Thunderbird before 52.5.2 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to inject new lines into the created email structure. oval:org.secpod.oval:def:43357 The host is installed with Mozilla Thunderbird before 52.5.2 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle crafted CSS. Successful exploitation could allow attackers to leak and reveal local path strings, which may contain user n ... oval:org.secpod.oval:def:43356 The host is installed with Mozilla Thunderbird before 52.5.2 and is prone to a javascript execution vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute JavaScript in the parsed RSS feed. oval:org.secpod.oval:def:43360 The host is missing a security update according to Mozilla advisory, MFSA 2017-30. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle to crafted data. Successful exploitation could allow attackers to disclose sensitive information, ... oval:org.secpod.oval:def:703970 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:53220 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service, information disclosure or spoofing of sender"s email addresses. oval:org.secpod.oval:def:1502100 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502101 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502130 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502131 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:51890 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:51952 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:703693 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:51918 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:703609 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:1504657 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504655 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:52024 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:53368 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or attacks on encrypted emails. oval:org.secpod.oval:def:69884 Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code or information disclosure. oval:org.secpod.oval:def:502257 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.7.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 * Mozilla: Memory safety bugs fixed in Firefox ESR 52.7 * Mozilla: Vorbis audio processing out o ... oval:org.secpod.oval:def:502259 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.7.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 * Mozilla: Memory safety bugs fixed in Firefox ESR 52.7 * Mozilla: Vorbis audio processing out o ... oval:org.secpod.oval:def:1700072 Use-after-free when appending DOM nodes Use-after-free using focus Compromised IPC child process can list local filenames Buffer overflow using computed size of canvas element Using form to exfiltrate encrypted mail part by pressing enter in form field S/MIME plaintext can be leaked through HTML rep ... oval:org.secpod.oval:def:704095 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:1502234 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502235 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1700046 The following CVEs are fixed in the updated thunderbird package:CVE-2018-5161 : Hang via malformed headersCVE-2018-5162 : Encrypted mail leaks plaintext through src attributeCVE-2018-5183 : Backport critical security fixes in SkiaCVE-2018-5155 : Use-after-free with SVG animations and text pathsCVE-2 ... oval:org.secpod.oval:def:704034 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:603408 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or attacks on encrypted emails. oval:org.secpod.oval:def:69592 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.8.0. Security Fix: * Mozilla: Content Security Policy violation report could have contained the destination of a redirect * Mozilla: Content Security Policy violation report could have cont ... oval:org.secpod.oval:def:603335 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or information disclosure. oval:org.secpod.oval:def:1502278 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502279 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:205841 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.8.0. Security Fix: * Mozilla: Content Security Policy violation report could have contained the destination of a redirect * Mozilla: Content Security Policy violation report could have cont ... oval:org.secpod.oval:def:502339 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.9.1. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 * Mozilla: Buffer overflow using computed size of canvas element * Mozilla: Use ... oval:org.secpod.oval:def:502340 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.9.1. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 * Mozilla: Buffer overflow using computed size of canvas element * Mozilla: Use ... oval:org.secpod.oval:def:502308 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.8.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 * Mozilla: Backport critical security fixes in Skia * Mozilla: Use-after-free with SVG animations ... oval:org.secpod.oval:def:502307 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.8.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 * Mozilla: Backport critical security fixes in Skia * Mozilla: Use-after-free with SVG animations ... oval:org.secpod.oval:def:51045 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:704158 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:603516 Multiple security issues have been found in Thunderbird: Multiple memory safety errors and use-after-frees may lead to the execution of arbitrary code or denial of service. Debian follows the Thunderbird upstream releases. Support for the 52.x series has ended, so starting with this update we"re now ... oval:org.secpod.oval:def:2500409 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:1502159 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:603451 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or attacks on encrypted emails. oval:org.secpod.oval:def:1502162 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:53289 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or information disclosure. oval:org.secpod.oval:def:51074 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:51146 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:603554 Multiple security issues have been found in Thunderbird: Multiple memory safety errors and use-after-frees may lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:502534 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.2.1. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 * Mozilla: Use-after-free in driver timers * Mozilla: Use-after-free in IndexedDB * Mozilla: Prox ... oval:org.secpod.oval:def:53448 Multiple security issues have been found in Thunderbird: Multiple memory safety errors and use-after-frees may lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:704350 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:1502475 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502476 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:603600 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:1502423 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502424 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502436 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502437 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:603638 Multiple security issues have been found in the Thunderbird mail client, which could lead to the execution of arbitrary code, denial of service or spoofing of S/MIME signatures. oval:org.secpod.oval:def:603566 Multiple security issues have been found in Thunderbird: Multiple memory safety errors may lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:704654 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:502595 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.4.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 * chromium-browser, firefox: Memory corruption in Angle * Mozilla: Use-after-free with select elem ... oval:org.secpod.oval:def:502594 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.4.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 * chromium-browser, firefox: Memory corruption in Angle * Mozilla: Use-after-free with select elem ... oval:org.secpod.oval:def:502537 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.3.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 * Mozilla: Crash with nested event loops * Mozilla: Integer overflow during Unicode conversion whi ... oval:org.secpod.oval:def:502538 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.3.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 * Mozilla: Crash with nested event loops * Mozilla: Integer overflow during Unicode conversion whi ... oval:org.secpod.oval:def:53459 Multiple security issues have been found in Thunderbird: Multiple memory safety errors may lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:51227 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:1700163 When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manual ... oval:org.secpod.oval:def:51201 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:1700142 Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 Crash with nested event loops Memory safety bugs fixed in Firefox ESR 60.3 Integer overflow during Unicode conversion while loading JavaScript oval:org.secpod.oval:def:1700133 A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability affects Thunderbird lt; 60.4, Firefox ESR lt; 60. ... oval:org.secpod.oval:def:502634 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.6.1. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 * Mozilla: Use-after-free when removing in-use DOM elements * Mozilla: Type inference is incorrect ... oval:org.secpod.oval:def:502636 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.6.1. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 * Mozilla: Use-after-free when removing in-use DOM elements * Mozilla: Type inference is incorrect ... oval:org.secpod.oval:def:1502390 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:502607 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.5.0. Security Fix: * Mozilla: Use-after-free parsing HTML5 stream * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 * Mozilla: Privilege escalation through IPC channel ... oval:org.secpod.oval:def:502608 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.5.0. Security Fix: * Mozilla: Use-after-free parsing HTML5 stream * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 * Mozilla: Privilege escalation through IPC channel ... oval:org.secpod.oval:def:53516 Multiple security issues have been found in the Thunderbird mail client, which could lead to the execution of arbitrary code, denial of service or spoofing of S/MIME signatures. oval:org.secpod.oval:def:603838 Multiple security issues have been found in the Thunderbird mail client, which could lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:704452 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:502707 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.6.1. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 * Mozilla: Use-after-free when removing in-use DOM elements * Mozilla: Type inference is incorrec ... oval:org.secpod.oval:def:704853 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:205148 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.4.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 * chromium-browser, firefox: Memory corruption in Angle * Mozilla: Use-after-free with select elem ... oval:org.secpod.oval:def:205125 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.3.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 * Mozilla: Crash with nested event loops * Mozilla: Integer overflow during Unicode conversion whi ... oval:org.secpod.oval:def:205181 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.6.1. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 * Mozilla: Use-after-free when removing in-use DOM elements * Mozilla: Type inference is incorrect ... oval:org.secpod.oval:def:205179 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.6.1. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 * Mozilla: Use-after-free when removing in-use DOM elements * Mozilla: Type inference is incorrect ... oval:org.secpod.oval:def:205152 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.4.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 * chromium-browser, firefox: Memory corruption in Angle * Mozilla: Use-after-free with select elem ... oval:org.secpod.oval:def:205155 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.5.0. Security Fix: * Mozilla: Use-after-free parsing HTML5 stream * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 * Mozilla: Privilege escalation through IPC channel ... oval:org.secpod.oval:def:205156 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.5.0. Security Fix: * Mozilla: Use-after-free parsing HTML5 stream * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 * Mozilla: Privilege escalation through IPC channel ... oval:org.secpod.oval:def:205226 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.7.2. Security Fix: * Mozilla: Type confusion in Array.pop * thunderbird: Stack buffer overflow in icalrecur_add_bydayrules in icalrecur.c * Mozilla: Sandbox escape using Prompt:Open * thu ... oval:org.secpod.oval:def:205224 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.7.2. Security Fix: * Mozilla: Type confusion in Array.pop * thunderbird: Stack buffer overflow in icalrecur_add_bydayrules in icalrecur.c * Mozilla: Sandbox escape using Prompt:Open * thu ... oval:org.secpod.oval:def:1700191 libical: Heap buffer over read in icalparser.c parser_get_next_char libical: Type confusion in icaltimezone_get_vtimezone_properties function in icalproperty.c Mozilla: Sandbox escape using Prompt:Open libical: Stack buffer overflow in icalrecur_add_bydayrules in icalrecur.c libical: Heap buffer ove ... oval:org.secpod.oval:def:503169 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.7.2. Security Fix: * Mozilla: Type confusion in Array.pop * thunderbird: Stack buffer overflow in icalrecur_add_bydayrules in icalrecur.c * Mozilla: Sandbox escape using Prompt:Open * thu ... oval:org.secpod.oval:def:503170 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.7.2. Security Fix: * Mozilla: Type confusion in Array.pop * thunderbird: Stack buffer overflow in icalrecur_add_bydayrules in icalrecur.c * Mozilla: Sandbox escape using Prompt:Open * thu ... oval:org.secpod.oval:def:503172 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.7.2. Security Fix: * Mozilla: Type confusion in Array.pop * thunderbird: Stack buffer overflow in icalrecur_add_bydayrules in icalrecur.c * Mozilla: Sandbox escape using Prompt:Open * thu ... oval:org.secpod.oval:def:603944 Multiple security issues have been found in Thunderbird which may lead to the execution of arbitrary code if malformed email messages are read. oval:org.secpod.oval:def:705050 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:603953 Multiple security issues have been found in Thunderbird which may lead to the execution of arbitrary code if malformed email messages are read. oval:org.secpod.oval:def:205368 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.9.0. Security Fix: * Mozilla: Covert Content Attack on S/MIME encryption using a crafted multipart/alternative message * Mozilla: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, a ... oval:org.secpod.oval:def:604529 Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code, cross-site scripting, information disclosure and a covert content attack on S/MIME encryption using a crafted multipart/alternative message. oval:org.secpod.oval:def:58728 The host is missing a high severity security update according to Mozilla advisory, MFSA2019-29. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to crash the service. oval:org.secpod.oval:def:58729 The host is missing a high severity security update according to Mozilla advisory, MFSA2019-30. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to crash the service. oval:org.secpod.oval:def:69886 Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code, cross-site scripting, spoofing, information disclosure, denial of service or cross-site request forgery. CVE-2019-11719 and CVE-2019-11729 are only addressed for stretch, in bus ... oval:org.secpod.oval:def:69906 Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code, cross-site scripting, information disclosure and a covert content attack on S/MIME encryption using a crafted multipart/alternative message. oval:org.secpod.oval:def:1502610 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502672 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:58847 Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code, cross-site scripting, information disclosure and a covert content attack on S/MIME encryption using a crafted multipart/alternative message. oval:org.secpod.oval:def:705076 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:1502578 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:503339 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.9.0. Security Fix: * Mozilla: Covert Content Attack on S/MIME encryption using a crafted multipart/alternative message * Mozilla: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, a ... oval:org.secpod.oval:def:1502846 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502849 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1700294 The plain text serializer used a fixed-size array for the number of elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird CVE-2019-17005 oval:org.secpod.oval:def:69810 Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code. oval:org.secpod.oval:def:69927 Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code. oval:org.secpod.oval:def:205470 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.6.0. Security Fix: * Mozilla: Use-after-free when removing data about origins * Mozilla: BodyStream::OnInputStreamReady was missing protections against state confusion * Mozilla: Use-after ... oval:org.secpod.oval:def:205464 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.6.0. Security Fix: * Mozilla: Use-after-free when removing data about origins * Mozilla: BodyStream::OnInputStreamReady was missing protections against state confusion * Mozilla: Use-after ... oval:org.secpod.oval:def:205450 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.5.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5 * Mozilla: Out-of-bounds read when processing certain email messages * Mozilla: Setting a master p ... oval:org.secpod.oval:def:205449 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.5.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5 * Mozilla: Out-of-bounds read when processing certain email messages * Mozilla: Setting a master p ... oval:org.secpod.oval:def:69952 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:69939 Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code or information disclosure. oval:org.secpod.oval:def:1700320 The Mozilla Foundation Security Advisory describes this flaw as: When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash. The Mozilla Foundation Security Advisory describes this flaw as: The inp ... oval:org.secpod.oval:def:1700315 When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents. This vulnerability affects Thunderbird CVE-2020-6792 oval:org.secpod.oval:def:1700304 When pasting a lt;stylegt; tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR CVE-2019-17016 oval:org.secpod.oval:def:504275 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.12.0. Security Fix: * Mozilla: Attacker-induced prompt for extension installation * Mozilla: Use-After-Free when aborting an operation For more details about the security issue, including ... oval:org.secpod.oval:def:504276 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.12.0. Security Fix: * Mozilla: Attacker-induced prompt for extension installation * Mozilla: Use-After-Free when aborting an operation For more details about the security issue, including ... oval:org.secpod.oval:def:705540 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:1700402 By holding a reference to the eval function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious extension ... oval:org.secpod.oval:def:1700377 Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR CVE-2020-12418 oval:org.secpod.oval:def:604843 Multiple security issues have been found in Thunderbird which could result in spoofing the displayed sender email address, denial of service or potentially the execution of arbitrary code. oval:org.secpod.oval:def:1503045 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503028 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503029 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1700548 A malicious peer could have modified a COOKIE-ECHO chunk in a SCTP packet in a way that potentially resulted in a use-after-free. We presume that with enough effort it could have been exploited to run arbitrary code oval:org.secpod.oval:def:205721 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.6.1. Security Fix: * Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk For more details about the security issue, including the impact, a CVSS score, acknowledg ... oval:org.secpod.oval:def:605418 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or an information leak. oval:org.secpod.oval:def:1504593 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:69860 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or an information leak. oval:org.secpod.oval:def:69583 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.6.1. Security Fix: * Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk For more details about the security issue, including the impact, a CVSS score, acknowledg ... oval:org.secpod.oval:def:1503050 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503065 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:605499 Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code or information disclosure. In adddition a number of security issues were addressed in the OpenPGP support. oval:org.secpod.oval:def:1504856 [78.10.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [78.10.0-1] - Update to 78.10.0 oval:org.secpod.oval:def:2500375 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:1504796 [78.9.0-3.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [78.9.0-3] - Update to 78.9.0 build2, updated langpacks [78.9.0-2] - Update to 78.9.0 build2 [78.9.0-1] - Update to 78.9.0 build1 oval:org.secpod.oval:def:1504798 [78.9.0-3.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [78.9.0-3] - Update to 78.9.0 build2, updated langpacks [78.9.0-2] - Update to 78.9.0 build2 [78.9.0-1] - Update to 78.9.0 build1 oval:org.secpod.oval:def:2500390 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:73710 thunderbird: Mozilla Open Source mail and newsgroup client Details: USN-4995-1 fixed vulnerabilities in Thunderbird. This update provides the corresponding updates for Linux Mint 19.x LTS. Original advisory Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:73709 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:95199 Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:612646 Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:1701641 Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document file, while in fact it was an executable file. Newer versions of Thunderbird will strip the character and show the correct file extension. This vulnerabi ... oval:org.secpod.oval:def:95172 Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:507839 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.13.0. Security Fix: * Mozilla: Use-after-free in WebRTC certificate generation * Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey * Mozilla: Memory safety bugs ... oval:org.secpod.oval:def:507836 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.13.0. Security Fix: * Mozilla: Use-after-free in WebRTC certificate generation * Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey * Mozilla: Memory safety bugs ... oval:org.secpod.oval:def:507845 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.13.0. Security Fix: * Mozilla: Use-after-free in WebRTC certificate generation * Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey * Mozilla: Memory safety bugs ... oval:org.secpod.oval:def:1506788 [102.13.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.13.0-2] - Update to 102.13.0 build2 [102.13.0-1] - Update to 102.13.0 build1 oval:org.secpod.oval:def:1506692 [102.13.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.13.0-2] - Update to 102.13.0 build2 [102.13.0-1] - Update to 102.13.0 build1 oval:org.secpod.oval:def:5800018 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.7.1. Security Fix: * Mozilla: Revocation status of S/Mime signature certificates was not checked For more details about the security issue, including the impact, a CVSS score, acknowledgme ... oval:org.secpod.oval:def:4501203 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.7.1. Security Fix: * Mozilla: Revocation status of S/Mime signature certificates was not checked For more details about the security issue, including the impact, a CVSS score, acknowledgme ... oval:org.secpod.oval:def:93326 Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:16068 The host is installed with Google Chrome before 31.0.1650.48, Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2 or SeaMonkey before 2.23 and is prone to an information disclosure vulnerability. The flaw is present in get_dht function in jdmarker.c, which fails to pro ... oval:org.secpod.oval:def:16067 The host is installed with Mono Framework before 4.8.1, Google Chrome before 31.0.1650.48, Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2 or SeaMonkey before 2.23 and is prone to an information disclosure vulnerability. The flaw is present in get_sos function in j ... oval:org.secpod.oval:def:701513 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:16249 Google security researcher Michal Zalewski reported issues with JPEG format image processing with Start Of Scan (SOS) and Define HuffmanTable (DHT) markers in the libjpeg library. This could allow for the possible reading of arbitrary memory content as well as cross-domain image theft. oval:org.secpod.oval:def:95183 Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:708403 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:93982 Mozilla Firefox 119, Mozilla Firefox ESR 115.4, and Thunderbird 115.4.1 : A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. oval:org.secpod.oval:def:96371 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:96474 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:95299 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.5.0. Security Fix(es): * Mozilla: Out-of-bound memory access in WebGL2 blitFramebuffer (CVE-2023-6204) * Mozilla: Use-after-free in MessagePort::Entangled (CVE-2023-6205) * Mozilla: Clickja ... oval:org.secpod.oval:def:95288 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.5.0. Security Fix(es): * Mozilla: Out-of-bound memory access in WebGL2 blitFramebuffer (CVE-2023-6204) * Mozilla: Use-after-free in MessagePort::Entangled (CVE-2023-6205) * Mozilla: Clickja ... oval:org.secpod.oval:def:95296 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.5.0. Security Fix(es): * Mozilla: Out-of-bound memory access in WebGL2 blitFramebuffer (CVE-2023-6204) * Mozilla: Use-after-free in MessagePort::Entangled (CVE-2023-6205) * Mozilla: Clickja ... oval:org.secpod.oval:def:96514 Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:126914 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:126919 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:612661 A buffer overflow in parsing WebP images may result in the execution of arbitrary code. oval:org.secpod.oval:def:93050 The host is installed with Google Chrome before 117.0.5938.62, Microsoft Edge before 117.0.2045.31, Mozilla Firefox before 117.0.1, Mozilla Firefox ESR 102.15.1 or 115.0 before 115.2.1, Mozilla Thunderbird 102.15.1 or 115.0 before 115.2.1, Opera Browser before 102.0.4880.51, Skype before 8.105.0.208 ... oval:org.secpod.oval:def:95207 A buffer overflow in parsing WebP images may result in the execution of arbitrary code. oval:org.secpod.oval:def:708438 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:96386 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:1507018 [102.15.1-1.0.1] - Update to 102.15.1 oval:org.secpod.oval:def:1507014 [102.15.1-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build [102.15.1-1] - Update to 102.15.1 oval:org.secpod.oval:def:1507021 [102.15.1-1.0.1] - Update to 102.15.1 oval:org.secpod.oval:def:95160 Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:708292 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:93338 Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:4500914 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.7.0. Security Fix: * Mozilla: Use-after-free in XSLT parameter processing * Mozilla: Use-after-free in WebGPU IPC Framework * expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arb ... oval:org.secpod.oval:def:1701088 A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of when receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the internal HTML document, remote objects specified in the nested document , were not blocked. Rather, ... oval:org.secpod.oval:def:2500599 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:1506194 [102.5.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.5.0-2] - Update to 102.5.0 build2 [102.5.0-1] - Update to 102.5.0 build1 [102.4.0-1] - Update to 102.4.0 build1 [102.3.0-4] - Fix for expat CVE-2022-40674 oval:org.secpod.oval:def:2600097 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:1700895 A flaw was found in Thunderbird. The vulnerability occurs due to an out-of-bounds write of one byte when processing the message. This flaw allows an attacker to craft an email message that causes Thunderbird to perform an out-of-bounds write. A flaw was found in expat. Passing malformed 2- and 3-byt ... oval:org.secpod.oval:def:121768 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:121753 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:124948 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:124946 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:2500814 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:1501565 Multiple unspecified vulnerabilities in Mozilla thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to Http2Session::Shutdown and SpdySession31::Shutdown, and other vectors. oval:org.secpod.oval:def:1501566 Multiple unspecified vulnerabilities in Mozilla thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to Http2Session::Shutdown and SpdySession31::Shutdown, and other vectors. oval:org.secpod.oval:def:702920 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:1501512 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.2.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:1501513 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.2.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:51550 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:51565 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:1501122 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. N ... oval:org.secpod.oval:def:1501125 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. N ... oval:org.secpod.oval:def:203871 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. M ... oval:org.secpod.oval:def:203873 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. M ... oval:org.secpod.oval:def:501661 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. T ... oval:org.secpod.oval:def:203867 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. M ... oval:org.secpod.oval:def:51605 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:1501183 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. T ... oval:org.secpod.oval:def:1501182 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. T ... oval:org.secpod.oval:def:501635 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. N ... oval:org.secpod.oval:def:32464 The host is missing an important security update according to Mozilla advisory, MFSA2015-145. The update is required to fix an information disclosure vulnerability. A flaw is present in the applications, which fail to handle a crafted WebRTC RTP packet. Successful exploitation allows remote attacker ... oval:org.secpod.oval:def:32459 The host is missing a security update according to Mozilla advisory, MFSA2015-139. The update is required to fix an integer overflow vulnerability. A flaw is present in the applications, which fail to handle large texture allocation. Successful exploitation allows remote attackers to execute arbitra ... oval:org.secpod.oval:def:203800 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ... oval:org.secpod.oval:def:32452 The host is installed with Mozilla Firefox before 43.0, Firefox ESR 38.x before 38.5 or Thunderbird 38.x before 38.5 and is prone to an integer overflow vulnerability. A flaw is present in the applications, which fails to handle a crafted MP4 video file that triggers a buffer overflow. Successful ex ... oval:org.secpod.oval:def:32454 The host is missing a security update according to Mozilla advisory, MFSA2015-134. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation could allow remote attackers to cause a deni ... oval:org.secpod.oval:def:32453 The host is missing an important security update according to Mozilla advisory, MFSA2015-146. The update is required to fix an integer overflow vulnerability. A flaw is present in the applications, which fails to handle a crafted MP4 video file that triggers a buffer overflow. Successful exploitatio ... oval:org.secpod.oval:def:203847 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. R ... oval:org.secpod.oval:def:203846 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. R ... oval:org.secpod.oval:def:203848 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. R ... oval:org.secpod.oval:def:32485 The host is installed with Mozilla Firefox before 43.0, Firefox ESR 38.x before 38.5 or Thunderbird 38.x before 38.5 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle unknown vectors. Successful exploitation allows remote attackers ... oval:org.secpod.oval:def:32484 The host is installed with Mozilla Firefox before 43.0, Firefox ESR 38.x before 38.5 or Thunderbird 38.x before 38.5 and is prone to multiple unspecified vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation allows remote attackers ... oval:org.secpod.oval:def:32481 The host is installed with Mozilla Firefox before 43.0, Firefox ESR 38.x before 38.5 or Thunderbird 38.x before 38.5 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to handle a crafted WebRTC RTP packet. Successful exploitation allows remote ... oval:org.secpod.oval:def:32476 The host is installed with Mozilla Firefox before 43.0, Firefox ESR 38.x before 38.5 or Thunderbird 38.x before 38.5 and is prone to an integer overflow vulnerability. A flaw is present in the applications, which fail to handle large texture allocation. Successful exploitation allows remote attacker ... oval:org.secpod.oval:def:32475 The host is installed with Mozilla Firefox before 43.0, Firefox ESR 38.x before 38.5 or Thunderbird 38.x before 38.5 and is prone to a same origin policy bypass vulnerability. A flaw is present in the applications, which fail to handle data: and view-source: URIs. Successful exploitation allows remo ... oval:org.secpod.oval:def:32467 The host is missing a critical security update according to Mozilla advisory, MFSA2015-149. The update is required to fix a same origin policy bypass vulnerability. A flaw is present in the applications, which fail to handle data: and view-source: URIs. Successful exploitation allows remote attacker ... oval:org.secpod.oval:def:203814 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ... oval:org.secpod.oval:def:52594 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:204099 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 38.8.0. Security Fix: * Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitr ... oval:org.secpod.oval:def:52560 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:1501404 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Mu ... oval:org.secpod.oval:def:1501405 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Mu ... oval:org.secpod.oval:def:501715 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ... oval:org.secpod.oval:def:703067 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:1501462 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 38.8.0. Security Fix: * Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitr ... oval:org.secpod.oval:def:1501466 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 38.8.0. Security Fix: * Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitr ... oval:org.secpod.oval:def:51637 thunderbird: Mozilla Open Source mail and newsgroup client Thunderbird could be made to crash or run programs as your login if it opened a malicious message. oval:org.secpod.oval:def:501770 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. R ... oval:org.secpod.oval:def:203997 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.3.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:203996 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.3.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:203999 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.3.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:703011 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:501785 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. M ... oval:org.secpod.oval:def:501739 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ... oval:org.secpod.oval:def:203964 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.2.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:203962 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.2.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:203961 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.2.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:203935 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 38.8.0. Security Fix: * Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitr ... oval:org.secpod.oval:def:203936 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 38.8.0. Security Fix: * Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitr ... oval:org.secpod.oval:def:702723 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:33510 The host is missing an important security update according to Mozilla advisory, MFSA2016-17. The update is required to fix denial of service vulnerability. A flaw is present in the applications, which fails to prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report. ... oval:org.secpod.oval:def:52670 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:33509 The host is missing an important security update according to Mozilla advisory, MFSA2016-16. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fails to handle via unknown vectors. Successful exploitation allows remote attackers to cause a denial ... oval:org.secpod.oval:def:52639 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:501827 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 38.8.0. Security Fix: * Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitr ... oval:org.secpod.oval:def:1501341 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Re ... oval:org.secpod.oval:def:1501347 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Re ... oval:org.secpod.oval:def:703114 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:501846 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.2.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:501869 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.3.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:33526 The host is missing an important security update according to Mozilla advisory, MFSA2016-35. The update is required to fix a heap-based buffer overflow vulnerability. A flaw is present in the Mozilla Network Security Services (NSS), which fails to handle crafted ASN.1 data in an X.509 certificate. S ... oval:org.secpod.oval:def:33528 The host is missing an important security update according to Mozilla advisory, MFSA2016-37. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fails to handle a crafted graphite smart font. Successful exploitation allows remote attackers to caus ... oval:org.secpod.oval:def:33523 The host is missing an important security update according to Mozilla advisory, MFSA2016-31. The update is required to fix a denial of service vulnerability. A flaw is present in the applications, which fails to handle a crafted NPAPI plugin. Successful exploitation allows remote attackers to execut ... oval:org.secpod.oval:def:33525 The host is missing an important security update according to Mozilla advisory, MFSA2016-34. The update is required to fix a denial of service vulnerability. A flaw is present in the applications, which fails to handle a crafted Unicode data in an HTML, XML, or SVG document. Successful exploitation ... oval:org.secpod.oval:def:33516 The host is missing an important security update according to Mozilla advisory, MFSA2016-24. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fails to handle a root element, aka ZDI-CAN-3574. Successful exploitation allows remote attackers t ... oval:org.secpod.oval:def:33515 The host is missing an important security update according to Mozilla advisory, MFSA2016-23. The update is required to fix a denial of service vulnerability. A flaw is present in the applications, which fails to handle end tags, as demonstrated by incorrect SVG processing, aka ZDI-CAN-3545. Successf ... oval:org.secpod.oval:def:33512 The host is missing an important security update according to Mozilla advisory, MFSA2016-20. The update is required to fix denial of service vulnerability. A flaw is present in the applications, which fails to handle an MPEG-4 file that triggers a delete operation on an array. Successful exploitatio ... oval:org.secpod.oval:def:33519 The host is missing an important security update according to Mozilla advisory, MFSA2016-27. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fails to handle XML transformations. Successful exploitation allows remote attackers to execute arb ... oval:org.secpod.oval:def:702866 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:1501255 Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. oval:org.secpod.oval:def:1501259 Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. oval:org.secpod.oval:def:26457 The host is missing an important security update according to Mozilla advisory, MFSA2015-85. The update is required to fix an out-of-bounds write vulnerability. A flaw is present in the applications, which fail to properly handle a crafted name of a Mozilla Archive (aka MAR) file. Successful exploit ... oval:org.secpod.oval:def:26456 The host is installed with Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2 or Thunderbird 38.x before 38.2 and is prone to an out-of-bounds write vulnerability. A flaw is present in the applications, which fail to properly handle a crafted name of a Mozilla Archive (aka MAR) file. Successf ... oval:org.secpod.oval:def:204205 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ... oval:org.secpod.oval:def:26459 The host is missing an important security update according to Mozilla advisory, MFSA2015-84. The update is required to fix a race condition vulnerability. A flaw is present in the applications, which fail to properly handle vectors involving a hard link to a log file during an update. Successful exp ... oval:org.secpod.oval:def:26458 The host is installed with Mozilla Firefox before 40, Firefox ESR 38.x before 38.2 or Thunderbird 38.x before 38.2 and is prone to a race condition vulnerability. A flaw is present in the applications, which fail to properly handle vectors involving a hard link to a log file during an update. Succes ... oval:org.secpod.oval:def:1501289 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:52727 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:26470 The host is missing a critical security update according to Mozilla advisory, MFSA2015-79. The update is required to fix multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to properly handle unknown vectors. Successful exploitation allows remote attackers to ... oval:org.secpod.oval:def:703279 thunderbird: Mozilla Open Source mail and newsgroup client Thunderbird could be made to crash or run programs as your login if it opened a malicious message. oval:org.secpod.oval:def:203740 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. T ... oval:org.secpod.oval:def:203739 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. T ... oval:org.secpod.oval:def:203738 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. T ... oval:org.secpod.oval:def:1501290 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:203799 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ... oval:org.secpod.oval:def:703212 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:203776 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ... oval:org.secpod.oval:def:203775 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ... oval:org.secpod.oval:def:702780 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:203709 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. N ... oval:org.secpod.oval:def:203708 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. N ... oval:org.secpod.oval:def:203706 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. N ... oval:org.secpod.oval:def:1702018 On some systems--depending on the graphics settings and drivers--it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. This vulnerability affects Firefox less than 120, Firefox less than 115.5, and Thunderbird less than 115.5.0. It was pos ... oval:org.secpod.oval:def:96937 Multiple security issues were discovered in Thunderbird, which could result in denial of service, the execution of arbitrary code or spoofing of signed PGP/MIME and SMIME emails. oval:org.secpod.oval:def:612877 Multiple security issues were discovered in Thunderbird, which could result in denial of service, the execution of arbitrary code or spoofing of signed PGP/MIME and SMIME emails. oval:org.secpod.oval:def:1702038 The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despite a date or time mismatch. This could be use ... oval:org.secpod.oval:def:708680 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:508207 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.6.0. Security Fix: Mozilla: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver Mozilla: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and T ... oval:org.secpod.oval:def:508213 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.6.0. Security Fix: Mozilla: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver Mozilla: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and T ... oval:org.secpod.oval:def:508218 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.6.0. Security Fix: Mozilla: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver Mozilla: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and T ... oval:org.secpod.oval:def:1507230 [115.6.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build [115.6.0-1] - Update to 115.6.0 build2 oval:org.secpod.oval:def:1507235 [115.6.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [115.6.0-1] - Update to 115.6.0 build2 oval:org.secpod.oval:def:1507238 [115.6.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Update to 115.6.0 build2 oval:org.secpod.oval:def:96799 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:605729 Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code, spoofing, information disclosure, downgrade attacks on SMTP STARTTLS connections or misleading display of OpenPGP/MIME signatures. oval:org.secpod.oval:def:4501289 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.4.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4 * Mozilla: URL leakage when navigating while executing asynchronous function * Mozilla: Heap buffe ... oval:org.secpod.oval:def:1505345 [91.4.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [91.4.0-2] - Update to 91.4.0 build2 [91.4.0-1] - Update to 91.4.0 build1 oval:org.secpod.oval:def:1505344 [91.4.0-3.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [91.4.0-3] - Bump NVR for ppc64 build [91.4.0-2] - Update to 91.4.0 build2 [91.4.0-1] - Update to 91.4.0 build1 oval:org.secpod.oval:def:2500342 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:78188 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:78139 Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code, spoofing, information disclosure, downgrade attacks on SMTP STARTTLS connections or misleading display of OpenPGP/MIME signatures. oval:org.secpod.oval:def:62954 Multiple security issues have been found in Thunderbird which could result in denial of service or potentially the execution of arbitrary code. oval:org.secpod.oval:def:62963 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:66543 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.7.0. Security Fix: * Mozilla: Use-after-free while running the nsDocShell destructor * Mozilla: Use-after-free when handling a ReadableStream * Mozilla: Uninitialized memory could be read ... oval:org.secpod.oval:def:604806 Multiple security issues have been found in Thunderbird which could result in denial of service or potentially the execution of arbitrary code. oval:org.secpod.oval:def:705434 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:127081 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:52525 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:702649 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:25609 The host is installed with Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8, 38.x before 38.1, Thunderbird before 31.8 or 38.x before 38.1 or Apple Mac OS X or Server 10.10.x through 10.10.3 and is prone to a logjam attack vulnerability. A flaw is present in the applications, which fail to ... oval:org.secpod.oval:def:25610 The host is missing a critical security update according to Mozilla advisory, MFSA-2015-70. The update is required to fix a logjam attack vulnerability. A flaw is present in the applications, which fail to handle a weak key. Successful exploitation could allow man-in-the-middle (MITM) attackers to f ... oval:org.secpod.oval:def:4501489 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.15.0. Security Fix: * Mozilla: Memory corruption in IPC CanvasTranslator * Mozilla: Memory corruption in IPC ColorPickerShownCallback * Mozilla: Memory corruption in IPC FilePickerShownCa ... oval:org.secpod.oval:def:4501491 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.15.1. Security Fix: * libwebp: Heap buffer overflow in WebP Codec For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related informat ... oval:org.secpod.oval:def:96400 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:507889 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.14.0. Security Fix: * Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions * Mozilla: Incorrect value used during WASM compilation * Mozilla: Potential permissions requ ... oval:org.secpod.oval:def:507888 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.14.0. Security Fix: * Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions * Mozilla: Incorrect value used during WASM compilation * Mozilla: Potential permissions requ ... oval:org.secpod.oval:def:507891 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.14.0. Security Fix: * Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions * Mozilla: Incorrect value used during WASM compilation * Mozilla: Potential permissions requ ... oval:org.secpod.oval:def:95221 Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. Debian follows the Thunderbird upstream releases. Support for the 102.x series has ended, so starting with this update we"re now following the 115.x series. oval:org.secpod.oval:def:612689 Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. Debian follows the Thunderbird upstream releases. Support for the 102.x series has ended, so starting with this update we"re now following the 115.x series. oval:org.secpod.oval:def:1701876 Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. With a specially crafted WebP lossless file, libwebp may write data out of bounds to the heap.The ReadHuffmanCodes function allocates the ... oval:org.secpod.oval:def:1701858 VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding oval:org.secpod.oval:def:2600362 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:1507049 [115.3.1-1.0.1] - Update to 115.3.1 build1 oval:org.secpod.oval:def:1507045 [115.3.1-1.0.1] - Update to 115.3.1 build1 oval:org.secpod.oval:def:1507120 [115.4.1-1.0.1] - Update to 115.4.1 build1 - Add fix for CVE-2023-44488 oval:org.secpod.oval:def:1507125 [115.4.1-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build [115.4.1-1] - Update to 115.4.1 build1 [115.4.0-3] - Update to 115.4.0 build3 [115.4.0-2] - Update to 115.4.0 build2 [115.4.0-1] - Update to 115.4.0 build1 oval:org.secpod.oval:def:1507122 [115.4.1-1.0.1] - Update to 115.4.1 build1 - Add fix for CVE-2023-44488 oval:org.secpod.oval:def:2501217 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:1506978 [102.15.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build [102.15.0-1] - Update to 102.15.0 build1 [102.14.0-3] - Bump NVR to rebuild [102.14.0-2] - Rebuild due to rhbz#2228948 oval:org.secpod.oval:def:1506980 [102.15.0-1.0.1] - Update to 102.15.0 build1 oval:org.secpod.oval:def:1506981 [102.15.0-1.0.1] - Update to 102.15.0 build1 oval:org.secpod.oval:def:96428 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:1701932 The Mozilla Foundation Security Advisory describes this flaw as:It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. The Mozilla Foundation Security Advisory describes this flaw as:Drivers are not al ... oval:org.secpod.oval:def:95245 Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:93977 Mozilla Firefox 119, Mozilla Firefox ESR 115.4, and Thunderbird 115.4.1 : It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. oval:org.secpod.oval:def:93974 The host is missing a high severity security update according to the Mozilla advisory MFSA2023-47 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to properly handle unspecified vectors. Successful exploitation could lead to a potentially exploitable cr ... oval:org.secpod.oval:def:93987 Mozilla Firefox ESR 115.4, and Thunderbird 115.4.1 : An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. oval:org.secpod.oval:def:93980 Mozilla Firefox 119, Mozilla Firefox ESR 115.4, and Thunderbird 115.4.1 : Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. oval:org.secpod.oval:def:93981 Mozilla Firefox 119, Mozilla Firefox ESR 115.4, and Thunderbird 115.4.1 : A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data. oval:org.secpod.oval:def:93985 Mozilla Firefox 119, Mozilla Firefox ESR 115.4, and Thunderbird 115.4.1 : Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run ... oval:org.secpod.oval:def:93983 Mozilla Firefox 119, Mozilla Firefox ESR 115.4, and Thunderbird 115.4.1 : During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash. oval:org.secpod.oval:def:708570 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:75933 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:2500295 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:205688 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.4.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 * chromium-browser: Use after free in WebRTC For more details about the security issue, including ... oval:org.secpod.oval:def:68013 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.4.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 * chromium-browser: Use after free in WebRTC For more details about the security issue, including ... oval:org.secpod.oval:def:503841 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.11.0. Security Fix: * chromium-browser: Use after free in ANGLE * chromium-browser: Inappropriate implementation in WebRTC * Mozilla: Potential leak of redirect targets when loading script ... oval:org.secpod.oval:def:503842 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.11.0. Security Fix: * chromium-browser: Use after free in ANGLE * chromium-browser: Inappropriate implementation in WebRTC * Mozilla: Potential leak of redirect targets when loading script ... oval:org.secpod.oval:def:503843 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.11.0. Security Fix: * chromium-browser: Use after free in ANGLE * chromium-browser: Inappropriate implementation in WebRTC * Mozilla: Potential leak of redirect targets when loading script ... oval:org.secpod.oval:def:205600 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.11.0. Security Fix: * chromium-browser: Use after free in ANGLE * chromium-browser: Inappropriate implementation in WebRTC * Mozilla: Potential leak of redirect targets when loading script ... oval:org.secpod.oval:def:504756 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.4.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 * chromium-browser: Use after free in WebRTC For more details about the security issue, including ... oval:org.secpod.oval:def:69835 Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or information leak. oval:org.secpod.oval:def:1503120 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:205596 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.11.0. Security Fix: * chromium-browser: Use after free in ANGLE * chromium-browser: Inappropriate implementation in WebRTC * Mozilla: Potential leak of redirect targets when loading script ... oval:org.secpod.oval:def:1503013 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503018 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503015 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503080 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:66566 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.11.0. Security Fix: * chromium-browser: Use after free in ANGLE * chromium-browser: Inappropriate implementation in WebRTC * Mozilla: Potential leak of redirect targets when loading script ... oval:org.secpod.oval:def:205213 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.7.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 * Mozilla: Cross-origin theft of images with createImageBitmap * Mozilla: Stealing of cross-domain ... oval:org.secpod.oval:def:205214 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.7.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 * Mozilla: Cross-origin theft of images with createImageBitmap * Mozilla: Stealing of cross-domain ... oval:org.secpod.oval:def:1700179 Mozilla: Buffer overflow in WebGL bufferdata on Linux Mozilla: Use-after-free in XMLHttpRequest Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas e ... oval:org.secpod.oval:def:503130 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.7.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 * Mozilla: Cross-origin theft of images with createImageBitmap * Mozilla: Stealing of cross-domain ... oval:org.secpod.oval:def:503132 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.7.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 * Mozilla: Cross-origin theft of images with createImageBitmap * Mozilla: Stealing of cross-domain ... oval:org.secpod.oval:def:503131 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.7.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 * Mozilla: Cross-origin theft of images with createImageBitmap * Mozilla: Stealing of cross-domain ... oval:org.secpod.oval:def:66438 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.7.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 * Mozilla: Cross-origin theft of images with createImageBitmap * Mozilla: Stealing of cross-domain ... oval:org.secpod.oval:def:55307 Multiple security issues have been found in Thunderbird: Multiple vulnerabilities may lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:55318 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:1502530 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502531 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:603930 Multiple security issues have been found in Thunderbird: Multiple vulnerabilities may lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:704972 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:701498 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:501183 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way ... oval:org.secpod.oval:def:16749 Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote ... oval:org.secpod.oval:def:16748 Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possib ... oval:org.secpod.oval:def:203031 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way ... oval:org.secpod.oval:def:203033 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way ... oval:org.secpod.oval:def:16832 Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in an IFRAME element, a relat ... oval:org.secpod.oval:def:16831 Security researcher Fabiaacute;n Cuchietti discovered that it was possible to bypass the restriction on JavaScript execution in mail by embedding an lt;iframegt; with a data: URL within a message. If the victim replied or forwarded the mail after receiving it, quoting it quot;in-linequot; using Thu ... oval:org.secpod.oval:def:701583 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:202995 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way ... oval:org.secpod.oval:def:202989 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way ... oval:org.secpod.oval:def:702135 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:20624 Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger cer ... oval:org.secpod.oval:def:20620 Security researchers Tyson Smith and Jesse Schwartzentruber used the Address Sanitizer tool while fuzzing to discover a use-after-free error resulting in a crash. This is a result of a pair of NSSCertificate structures being added to a trust domain and then one of them is removed while they are s ... oval:org.secpod.oval:def:52263 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:1500385 An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity rating ... oval:org.secpod.oval:def:16730 Security researcher Arthur Gerkis , via TippingPoint"s Zero Day Initiative, reported a use-after-free during image processing from sites with specific content types in concert with the imgRequestProxy function. This causes a potentially exploitable crash. oval:org.secpod.oval:def:16731 Security researcher Masato Kinugawa reported a cross-origin information leak through web workers" error messages. This violates same-origin policy and the leaked information could potentially be used to gather authentication tokens and other data from third-party websites. oval:org.secpod.oval:def:16734 Mozilla developer Brian Smith and security researchers Antoine Delignat-Lavaud and Karthikeyan Bhargavan of the Prosecco research team at INRIA Paris reported issues with ticket handling in the Network Security Services (NSS) libraries. These have been addressed in the NSS 3.15.4 release, shipping o ... oval:org.secpod.oval:def:16735 Mozilla developer Boris Zbarsky reported an inconsistency with the different JavaScript engines in how JavaScript native getters on window objects are handled by these engines. This inconsistency can lead to different behaviors in JavaScript code, allowing for a potential security issue with window ... oval:org.secpod.oval:def:16727 Fredrik "Flonka" Lnnqvist discovered an issue with image decoding in RasterImage caused by continued use of discarded images. This could allow for the writing to unowned memory and a potentially exploitable crash. oval:org.secpod.oval:def:16725 Security researcher Cody Crews reported a method to bypass System Only Wrappers (SOW) by using XML Binding Language (XBL) content scopes to clone protected XUL elements. This could be used to clone anonymous nodes, making trusted XUL content web accessible. oval:org.secpod.oval:def:16741 RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect write operations) via crafted im ... oval:org.secpod.oval:def:16740 Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines. oval:org.secpod.oval:def:16745 The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages. oval:org.secpod.oval:def:16744 Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values for image data. oval:org.secpod.oval:def:16738 The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content via vectors involvin ... oval:org.secpod.oval:def:16736 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code ... oval:org.secpod.oval:def:16724 Mozilla developers and community identified identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least som ... oval:org.secpod.oval:def:501159 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way ... oval:org.secpod.oval:def:500367 Mozilla Thunderbird is a standalone mail and newsgroup client. A memory corruption flaw was found in the way Thunderbird decoded certain PNG images. An attacker could create a mail message containing a specially-crafted PNG image that, when opened, could cause Thunderbird to crash or, potentially, e ... oval:org.secpod.oval:def:201711 Mozilla Thunderbird is a standalone mail and newsgroup client. A memory corruption flaw was found in the way Thunderbird decoded certain PNG images. An attacker could create a mail message containing a specially-crafted PNG image that, when opened, could cause Thunderbird to crash or, potentially, e ... oval:org.secpod.oval:def:201714 Mozilla Thunderbird is a standalone mail and newsgroup client. A memory corruption flaw was found in the way Thunderbird decoded certain PNG images. An attacker could create a mail message containing a specially-crafted PNG image that, when opened, could cause Thunderbird to crash or, potentially, e ... oval:org.secpod.oval:def:500315 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running ... oval:org.secpod.oval:def:201889 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running ... oval:org.secpod.oval:def:201958 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running ... oval:org.secpod.oval:def:98202 Mozilla Firefox 123, Mozilla Firefox ESR 115.8, Mozilla Thunderbird 115.8 : A malicious website could have used a combination of exiting fullscreen mode and requestPointerLock to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently grantin ... oval:org.secpod.oval:def:98203 Mozilla Firefox 123, Mozilla Firefox ESR 115.8, Mozilla Thunderbird 115.8 : Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cooki ... oval:org.secpod.oval:def:98204 Mozilla Firefox 123, Mozilla Firefox ESR 115.8, Mozilla Thunderbird 115.8 : Memory safety bugs present in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to r ... oval:org.secpod.oval:def:98200 Mozilla Firefox 123, Mozilla Firefox ESR 115.8, Mozilla Thunderbird 115.8 : A website could have obscured the fullscreen notification by using a dropdown select input element. This could have led to user confusion and possible spoofing attacks. oval:org.secpod.oval:def:98201 Mozilla Firefox 123, Mozilla Firefox ESR 115.8, Mozilla Thunderbird 115.8 : If a website set a large custom cursor, portions of the cursor could have overlapped with the permission dialog, potentially resulting in user confusion and unexpected granted permissions. oval:org.secpod.oval:def:98198 Mozilla Firefox 123, Mozilla Firefox ESR 115.8, Mozilla Thunderbird 115.8 : When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. oval:org.secpod.oval:def:98199 Mozilla Firefox 123, Mozilla Firefox ESR 115.8, Mozilla Thunderbird 115.8 : Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown). oval:org.secpod.oval:def:98197 The host is missing a high severity security update according to the Mozilla advisory MFSA2024-07 and is prone to multiple vulnerabilities. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could lead to a potentially exploitable crash. oval:org.secpod.oval:def:97890 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.7.0. Security Fix: Mozilla: Out of bounds write in ANGLE Mozilla: Failure to update user input timestamp Mozilla: Crash when listing printers on Linux Mozilla: Bypass of Content Security ... oval:org.secpod.oval:def:97095 Mozilla Firefox 122, Mozilla Firefox ESR 115.7 or Mozilla Thunderbird 115.7 : It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load. oval:org.secpod.oval:def:97096 Mozilla Firefox 122, Mozilla Firefox ESR 115.7 or Mozilla Thunderbird 115.7 : An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. oval:org.secpod.oval:def:97092 The host is missing a high severity security update according to the Mozilla advisory MFSA2024-04 and is prone to multiple vulnerabilities. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could lead to a potentially exploitable crash. oval:org.secpod.oval:def:97100 Mozilla Firefox 122, Mozilla Firefox ESR 115.7 or Mozilla Thunderbird 115.7 : A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. oval:org.secpod.oval:def:97101 Mozilla Firefox 122, Mozilla Firefox ESR 115.7 or Mozilla Thunderbird 115.7 : A phishing site could have repurposed an code about code dialog to show phishing content with an incorrect origin in the address bar. oval:org.secpod.oval:def:97106 Mozilla Firefox 122, Mozilla Firefox ESR 115.7 or Mozilla Thunderbird 115.7 : Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to ... oval:org.secpod.oval:def:97107 Mozilla Firefox 122, Mozilla Firefox ESR 115.7 or Mozilla Thunderbird 115.7 : In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. oval:org.secpod.oval:def:97108 Mozilla Firefox 122, Mozilla Firefox ESR 115.7 or Mozilla Thunderbird 115.7 : A malicious devtools extension could have been used to escalate privileges. oval:org.secpod.oval:def:97105 Mozilla Firefox 122, Mozilla Firefox ESR 115.7, Mozilla Thunderbird 115.7 : When a parent page loaded a child in an iframe with code unsafe-inline code, the parent Content Security Policy could have overridden the child Content Security Policy. oval:org.secpod.oval:def:1702117 An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox less than 122, Firefox ESR less than 115.7, and Thunderbird less than 115.7. It was possible for certain browser prompts and dialogs to be a ... oval:org.secpod.oval:def:509070 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.7.0. Security Fix: Mozilla: Out of bounds write in ANGLE Mozilla: Failure to update user input timestamp Mozilla: Crash when listing printers on Linux Mozilla: Bypass of Content Security ... oval:org.secpod.oval:def:206073 Security Fix: Mozilla: Out-of-bounds memory read in networking channels Mozilla: Alert dialog could have been spoofed on another site Mozilla: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8 Mozilla: Fullscreen Notification could have been hidden by select elemen ... oval:org.secpod.oval:def:509117 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.8.0. Security Fix: Mozilla: Out-of-bounds memory read in networking channels Mozilla: Alert dialog could have been spoofed on another site Mozilla: Memory safety bugs fixed in Firefox 123 ... oval:org.secpod.oval:def:509096 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.8.0. Security Fix: Mozilla: Out-of-bounds memory read in networking channels Mozilla: Alert dialog could have been spoofed on another site Mozilla: Memory safety bugs fixed in Firefox 123 ... oval:org.secpod.oval:def:1701203 firefox-esr , thunderbird and nss only are affected by this package. hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O growth via consecutive marks during the process of looking back for base glyphs when attaching marks. The Mozilla Foundation Security Advisory describ ... oval:org.secpod.oval:def:1702158 When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability affects Firefox less than 123, Firefox ESR less than 115.8, and Thunderbird less than 115.8. Through a series of API calls and redir ... oval:org.secpod.oval:def:1507351 [115.8.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build [115.8.0-1] - Update to 115.8.0 build1 oval:org.secpod.oval:def:1507360 [115.8.0-1.0.1] - Add Oracle modifications [115.8.0-1] - Update to 115.8.0 build1 oval:org.secpod.oval:def:1507363 [115.8.0-1.0.1] - Add Oracle modifications [115.8.0-1] - Update to 115.8.0 build1 oval:org.secpod.oval:def:98508 Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:98526 Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:509055 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.8.0. Security Fix: Mozilla: Out-of-bounds memory read in networking channels Mozilla: Alert dialog could have been spoofed on another site Mozilla: Memory safety bugs fixed in Firefox 123 ... oval:org.secpod.oval:def:90679 Updates available for Mozilla Firefox, Firefox ESR and Thunderbird. oval:org.mitre.oval:def:7008 The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modif ... oval:org.mitre.oval:def:6710 The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Di ... oval:org.mitre.oval:def:7285 Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing. oval:org.mitre.oval:def:6831 Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attackers to conduct cross ... oval:org.secpod.oval:def:6101 The host is missing a critical security update according to Mozilla advisory, MFSA2012-34. The update is required to fix memory corruption vulnerability. A flaw is present in the applications, which fail to handle the browser engine. Successful exploitation could allow attackers to run arbitrary cod ... oval:org.secpod.oval:def:6104 The host is installed with Mozilla Firefox before 13.0, Thunderbird before 13.0, SeaMonkey before 2.10 and is prone to multiple unspecified vulnerabilities. The flaws are present in the applications, which fail to handle methodjit/ImmutableSync.cpp and js/src/jsarray.cpp files. Successful exploitati ... oval:org.secpod.oval:def:1506429 [102.8.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build [102.8.0-2] - Update to 102.8.0 build2 [102.8.0-1] - Update to 102.8.0 build1 oval:org.secpod.oval:def:1506428 [102.8.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.8.0-2] - Update to 102.8.0 build2 [102.8.0-1] - Update to 102.8.0 build1 oval:org.secpod.oval:def:1506431 [102.8.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.8.0-2] - Update to 102.8.0 build2 [102.8.0-1] - Update to 102.8.0 build1 oval:org.secpod.oval:def:89356 Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:2500931 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:2500938 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:4501187 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.8.0. Security Fix: * Mozilla: Arbitrary memory write via PKCS 12 in NSS * Mozilla: Content security policy leak in violation reports using iframes * Mozilla: Screen hijack via browser ful ... oval:org.secpod.oval:def:4501172 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.7.1. Security Fix: * Mozilla: libusrsctp library out of date * Mozilla: Arbitrary file read from GTK drag and drop on Linux * Mozilla: Memory safety bugs fixed in Firefox 109 and Firefox ... oval:org.secpod.oval:def:1506399 [102.7.1-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.7.1-1] - Update to 102.7.1 build1 [102.7.0-1] - Update to 102.7.0 build1 oval:org.secpod.oval:def:1506395 [102.7.1-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build [102.7.1-1] - Update to 102.7.1 build1 [102.7.0-1] - Update to 102.7.0 build1 oval:org.secpod.oval:def:1506396 [102.7.1-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.7.1-1] - Update to 102.7.1 build1 [102.7.0-1] - Update to 102.7.0 build1 oval:org.secpod.oval:def:89493 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:89433 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:507508 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.7.1. Security Fix: * Mozilla: libusrsctp library out of date * Mozilla: Arbitrary file read from GTK drag and drop on Linux * Mozilla: Memory safety bugs fixed in Firefox 109 and Firefox ... oval:org.secpod.oval:def:507511 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.7.1. Security Fix: * Mozilla: libusrsctp library out of date * Mozilla: Arbitrary file read from GTK drag and drop on Linux * Mozilla: Memory safety bugs fixed in Firefox 109 and Firefox ... oval:org.secpod.oval:def:507510 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.7.1. Security Fix: * Mozilla: libusrsctp library out of date * Mozilla: Arbitrary file read from GTK drag and drop on Linux * Mozilla: Memory safety bugs fixed in Firefox 109 and Firefox ... oval:org.secpod.oval:def:5800020 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.7.1. Security Fix: * Mozilla: libusrsctp library out of date * Mozilla: Arbitrary file read from GTK drag and drop on Linux * Mozilla: Memory safety bugs fixed in Firefox 109 and Firefox ... oval:org.secpod.oval:def:5800004 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.8.0. Security Fix: * Mozilla: Arbitrary memory write via PKCS 12 in NSS * Mozilla: Content security policy leak in violation reports using iframes * Mozilla: Screen hijack via browser ful ... oval:org.secpod.oval:def:89775 The host is missing a high severity security update according to the Mozilla advisory MFSA2023-18 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to properly handle unspecified vectors. Successful exploitation allows an attacker to have unspecified imp ... oval:org.secpod.oval:def:89773 Mozilla Firefox 113, Mozilla Firefox ESR 102.11, Mozilla Thunderbird 102.11 : Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112 and Firefox ESR 1 ... oval:org.secpod.oval:def:89772 Mozilla Firefox 113, Mozilla Firefox ESR 102.11, Mozilla Thunderbird 102.11 : When reading a file, an uninitialized value could have been used as read limit. oval:org.secpod.oval:def:89771 Mozilla Firefox 113, Mozilla Firefox ESR 102.11, Mozilla Thunderbird 102.11 : An attacker could have positioned a <code>datalist</code> element to obscure the address bar. oval:org.secpod.oval:def:89770 Mozilla Firefox 113, Mozilla Firefox ESR 102.11, Mozilla Thunderbird 102.11 : A type checking bug would have led to invalid code being compiled. oval:org.secpod.oval:def:507764 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.11.0. Security Fix: * Mozilla: Browser prompts could have been obscured by popups * Mozilla: Crash in RLBox Expat driver * Mozilla: Potential permissions request bypass via clickjacking ... oval:org.secpod.oval:def:507762 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.11.0. Security Fix: * Mozilla: Browser prompts could have been obscured by popups * Mozilla: Crash in RLBox Expat driver * Mozilla: Potential permissions request bypass via clickjacking ... oval:org.secpod.oval:def:89766 Mozilla Firefox 113, Mozilla Firefox ESR 102.11, Mozilla Thunderbird 102.11 : A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. oval:org.secpod.oval:def:89765 Mozilla Firefox 113, Mozilla Firefox ESR 102.11, Mozilla Thunderbird 102.11 : An out-of-bound read could have led to a crash in the RLBox Expat driver. oval:org.secpod.oval:def:89764 Mozilla Firefox 113, Mozilla Firefox ESR 102.11, Mozilla Thunderbird 102.11 : In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. oval:org.secpod.oval:def:507771 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.11.0. Security Fix: * Mozilla: Browser prompts could have been obscured by popups * Mozilla: Crash in RLBox Expat driver * Mozilla: Potential permissions request bypass via clickjacking ... oval:org.secpod.oval:def:4501421 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.11.0. Security Fix: * Mozilla: Browser prompts could have been obscured by popups * Mozilla: Crash in RLBox Expat driver * Mozilla: Potential permissions request bypass via clickjacking ... oval:org.secpod.oval:def:4501410 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.10.0. Security Fix: * Thunderbird: Revocation status of S/Mime recipient certificates was not checked * Mozilla: Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack ... oval:org.secpod.oval:def:4501433 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.12.0. Security Fix: * Mozilla: Click-jacking certificate exceptions through rendering lag * Mozilla: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12 For more details about ... oval:org.secpod.oval:def:507797 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.12.0. Security Fix: * Mozilla: Click-jacking certificate exceptions through rendering lag * Mozilla: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12 For more details about ... oval:org.secpod.oval:def:507799 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.12.0. Security Fix: * Mozilla: Click-jacking certificate exceptions through rendering lag * Mozilla: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12 For more details about ... oval:org.secpod.oval:def:2600267 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:89377 Multiple security issues were discovered in Thunderbird, which could result in denial of service, the execution of arbitrary code or spoofing. oval:org.secpod.oval:def:507802 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.12.0. Security Fix: * Mozilla: Click-jacking certificate exceptions through rendering lag * Mozilla: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12 For more details about ... oval:org.secpod.oval:def:5800162 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.10.0. Security Fix: * Thunderbird: Revocation status of S/Mime recipient certificates was not checked * Mozilla: Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack ... oval:org.secpod.oval:def:5800174 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.12.0. Security Fix: * Mozilla: Click-jacking certificate exceptions through rendering lag * Mozilla: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12 For more details about ... oval:org.secpod.oval:def:610514 Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:507581 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.9.0. Security Fix: * Mozilla: Incorrect code generation during JIT compilation * Mozilla: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9 * Mozilla: Potential out-of-bounds ... oval:org.secpod.oval:def:507582 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.9.0. Security Fix: * Mozilla: Incorrect code generation during JIT compilation * Mozilla: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9 * Mozilla: Potential out-of-bounds ... oval:org.secpod.oval:def:1506603 [102.12.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.12.0-1] - Update to 102.12.0 build1 oval:org.secpod.oval:def:1506613 [102.12.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build [102.12.0-1] - Update to 102.12.0 build1 oval:org.secpod.oval:def:2501114 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:507579 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.9.0. Security Fix: * Mozilla: Incorrect code generation during JIT compilation * Mozilla: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9 * Mozilla: Potential out-of-bounds ... oval:org.secpod.oval:def:1506624 [102.12.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.12.0-1] - Update to 102.12.0 build1 oval:org.secpod.oval:def:91482 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:1506639 [102.11.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.11.0-1] - Update to 102.11.0 build1 oval:org.secpod.oval:def:91458 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:708147 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:1701290 The Mozilla Foundation describes this issue as follows:OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug. The Mozilla Foundation describes ... oval:org.secpod.oval:def:206025 Security Fix: Thunderbird: Revocation status of S/Mime recipient certificates was not checked Mozilla: Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack Mozilla: Fullscreen notification obscured Mozilla: Potential Memory Corruption following Garbage Collector compaction ... oval:org.secpod.oval:def:507611 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.10.0. Security Fix: * Thunderbird: Revocation status of S/Mime recipient certificates was not checked * Mozilla: Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack ... oval:org.secpod.oval:def:507610 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.10.0. Security Fix: * Thunderbird: Revocation status of S/Mime recipient certificates was not checked * Mozilla: Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack ... oval:org.secpod.oval:def:507612 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.10.0. Security Fix: * Thunderbird: Revocation status of S/Mime recipient certificates was not checked * Mozilla: Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack ... oval:org.secpod.oval:def:1701236 The Mozilla Foundation describes this issue as follows:Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. The Mozilla Foundation describes this issue as follows:When accessi ... oval:org.secpod.oval:def:1506517 [102.10.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.10.0-2] - Update to 102.10.0 build2 [102.10.0-1] - Update to 102.10.0 build1 oval:org.secpod.oval:def:1506514 [102.10.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build [102.10.0-2] - Update to 102.10.0 build2 [102.10.0-1] - Update to 102.10.0 build1 oval:org.secpod.oval:def:1506516 [102.10.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.10.0-2] - Update to 102.10.0 build2 [102.10.0-1] - Update to 102.10.0 build1 oval:org.secpod.oval:def:1506587 [102.11.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.11.0-1] - Update to 102.11.0 build1 oval:org.secpod.oval:def:613024 Multiple security issues were discovered in Thunderbird, which could result in denial of service, the execution of arbitrary code or leaks of encrypted email subjects. oval:org.secpod.oval:def:98742 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:509160 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.9.0. Security Fix: nss: timing attack against RSA decryption Mozilla: Crash in NSS TLS method Mozilla: Leaking of encrypted email subjects to other conversations Mozilla: JIT code failed ... oval:org.secpod.oval:def:509159 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.9.0. Security Fix: nss: timing attack against RSA decryption Mozilla: Crash in NSS TLS method Mozilla: Leaking of encrypted email subjects to other conversations Mozilla: JIT code failed ... oval:org.secpod.oval:def:509155 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.9.0. Security Fix: nss: timing attack against RSA decryption Mozilla: Crash in NSS TLS method Mozilla: Leaking of encrypted email subjects to other conversations Mozilla: JIT code failed ... oval:org.secpod.oval:def:1507406 [115.9.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build [115.9.0-1] - Update to 115.9.0 build1 - Fix expat CVE-2023-52425 oval:org.secpod.oval:def:1507412 [115.9.0-1.0.1] - Add Oracle prefs [115.9.0-1] - Update to 115.9.0 build1 - Fix expat CVE-2023-52425 oval:org.secpod.oval:def:1507410 [115.9.0-1.0.1] - Add Oracle prefs [115.9.0-1] - Update to 115.9.0 build1 - Fix expat CVE-2023-52425 oval:org.secpod.oval:def:1702053 A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a pa ... oval:org.secpod.oval:def:1700287 Several memory safety bugs were discovered in Mozilla Firefox and Thunderbird. Memory corruption and arbitrary code execution are possible with these vulnerabilities. These bugs can be exploited over the network.A flaw was discovered in both Firefox and Thunderbird where 4 bytes of a HMAC output cou ... oval:org.secpod.oval:def:69787 Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code or denial of service. Debian follows the Thunderbird upstream releases. Support for the 60.x series has ended, so starting with this update we"re now following the 68.x releases. oval:org.secpod.oval:def:1502706 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502707 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:70197 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:70145 thunderbird - Mozilla Open Source mail and newsgroup client. Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:705443 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:708856 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:127386 Mozilla Thunderbird is a standalone mail and newsgroup client. |