| 7! | Mozilla Firefox / Thunderbird URL processing code execution
updated since 25.07.2007
|
 | | It's possible to inject shell characters into mailto:, news:, nntp: IRLs if Thunderbird is used as URL handler. |
| 8! | Mozilla Firefox / Thunderbird / SeaMonkey multiple security vulnerabilities
updated since 01.06.2007
|
| | Multiple DoS conditions, addEventListener method crossite scripting. Multiple heap oberflows, integer overflows, etc. |
| 7! | Multiple Mozilla Firefox / Thunderbird / Seamonkey vulnerabilities
updated since 27.02.2007
|
| | HTML filtering bypass, crossite scripting, weak hashing function, memory corruption, buffer overflow, etc. |
| 7! | Multiple Mozilla Firefox / Thunderbird / Seamonkey security vulnerabilities
|
| | Crossite scripting with functions prototypes. Information leak. Buffer overflows on oversized Content-Type fields in messages. Memory corruption on SVG header. Crossite scripting with img.src. DoS. JavaScript watchpoint privilege escalation. CSS image cursor property buffer overflow. Multiple memory corruptions. |
| | Mozilla Network Security Services library memory leak
updated since 23.06.2006
|
| | 256 bytes are leaked on every RSA cryptographic operation. |
| 9! | Multiple Mozilla / Firefox / Thunderbird / Netscape / Seamonkey security vulnerabilities
updated since 02.06.2006
|
| | Localzone scripting with code execution, memory corruption, HTTP response splitting, array overflow, javascript filtering bypass. |
| 8! | Mozilla browsers and mail agents memory corruption
|
| | Memory corruption on displaying corrupted HTML tables. Can be used for silent malware installation. |
| 6! | Mozilla Thunderbird buffer overflow
|
| | Buffer overflow on oversized LDIF file entry. |
| | Mozilla Thunderbird / Mozilla weak authentication downgrade
|
| | If SMTP authentication with CRAM-MD5 or TLS hadshake fails mail agent downgrades to plain text authentication, allowing active man-in-the-middle attacks. |
| | |
