- Home
- CVEs with nessus.description==Benoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Brian Smith, Gary Kwong, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle Huey discovered memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. (CVE-2012-1948, CVE-2012-1949)
Abhishek Arya discovered four memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. (CVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954)
Mariusz Mlynski discovered that the address bar may be incorrectly updated. Calls to history.forward and history.back could be used to navigate to a site while the address bar still displayed the previous site. A remote attacker could exploit this to conduct phishing attacks. (CVE-2012-1955)
Mario Heiderich discovered that HTML <embed> tags were not filtered out of the HTML <description> of RSS feeds. A remote attacker could exploit this to conduct cross-site scripting (XSS) attacks via JavaScript execution in the HTML feed view. (CVE-2012-1957)
Arthur Gerkis discovered a use-after-free vulnerability. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. (CVE-2012-1958)
Bobby Holley discovered that same-compartment security wrappers (SCSW) could be bypassed to allow XBL access. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to execute code with the privileges of the user invoking Thunderbird. (CVE-2012-1959)
Tony Payne discovered an out-of-bounds memory read in Mozilla's color management library (QCMS). If the user were tricked into opening a specially crafted color profile, an attacker could possibly exploit this to cause a denial of service via application crash.
(CVE-2012-1960)
Frederic Buclin discovered that the X-Frame-Options header was ignored when its value was specified multiple times. An attacker could exploit this to conduct clickjacking attacks. (CVE-2012-1961)
Bill Keese discovered a memory corruption vulnerability. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. (CVE-2012-1962)
Karthikeyan Bhargavan discovered an information leakage vulnerability in the Content Security Policy (CSP) 1.0 implementation. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to access a user's OAuth 2.0 access tokens and OpenID credentials. (CVE-2012-1963)
It was discovered that the execution of javascript: URLs was not properly handled in some cases. A remote attacker could exploit this to execute code with the privileges of the user invoking Thunderbird.
(CVE-2012-1967).
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top