| CVE-2017-7824 |
Critical |
Yes |
Arbitrary code execution |
A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content in Thunderbird < 52.4. This is due to... |
| CVE-2017-7823 |
Medium |
Yes |
Cross-site scripting |
The content security policy (CSP) sandbox directive in Thunderbird < 52.4 did not create a unique origin for the document, causing it to behave as if the... |
| CVE-2017-7819 |
Critical |
Yes |
Arbitrary code execution |
A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from... |
| CVE-2017-7818 |
Critical |
Yes |
Arbitrary code execution |
A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the... |
| CVE-2017-7814 |
Medium |
Yes |
Access restriction bypass |
A security issue has been found in Thunderbird < 52.4. File downloads encoded with blob: and data: URL elements bypassed normal file download checks though... |
| CVE-2017-7810 |
Critical |
Yes |
Arbitrary code execution |
Mozilla developers and community members Christoph Diehl, Jan de Mooij, Jason Kratzer, Randell Jesup, Tom Ritter, Tyson Smith, and Sebastian Hengst reported... |
| CVE-2017-7805 |
Critical |
Yes |
Arbitrary code execution |
A security issue has been found in Thunderbird < 52.4. During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved... |
| CVE-2017-7793 |
Critical |
Yes |
Arbitrary code execution |
A use-after-free vulnerability can occur in the Fetch API of Thunderbird < 52.4, when the worker or the associated window are freed when still in use,... |