- Home
- CVEs with nessus.description==Multiple memory safety issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Thunderbird.
(CVE-2013-1739, CVE-2013-5590, CVE-2013-5591)
Jordi Chancel discovered that HTML select elements could display arbitrary content. If a user had scripting enabled, an attacker could potentially exploit this to conduct URL spoofing or clickjacking attacks. (CVE-2013-5593)
Abhishek Arya discovered a crash when processing XSLT data in some circumstances. If a user had scripting enabled, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-5604)
Dan Gohman discovered a flaw in the JavaScript engine. If a user had enabled scripting, when combined with other vulnerabilities an attacker could possibly exploit this to execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-5595)
Ezra Pool discovered a crash on extremely large pages. If a user had scripting enabled, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-5596)
Byoungyoung Lee discovered a use-after-free when updating the offline cache. If a user had scripting enabled, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-5597)
Multiple use-after-free flaws were discovered in Thunderbird. If a user had scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird.
(CVE-2013-5599, CVE-2013-5600, CVE-2013-5601)
A memory corruption flaw was discovered in the JavaScript engine when using workers with direct proxies. If a user had scripting enabled, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-5602)
Abhishek Arya discovered a use-after-free when interacting with HTML document templates. If a user had scripting enabled, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-5603).
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top