GCVE - cpe:2.3:a:mozilla:thunderbird:24.6:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:mozilla:thunderbird:24.6:*:*:*:*:*:*:*

part: a version: 24.6 update: *

Vendor	Mozilla (`be1b0d4e-21a7-5a25-9982-bbda6ef43ec1`)
Product	Thunderbird (`e5553559-8c71-58cd-a1a6-c5f5cf77e32f`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/thunderbird`	purl2cpe	2026-06-01 10:17:53.916649
`pkg:mozilla/comm-central`	purl2cpe	2026-06-01 10:17:53.916651
`pkg:rpm/fedora/thunderbird`	purl2cpe	2026-06-01 10:17:53.916652
`pkg:rpm/opensuse/mozillathunderbird`	purl2cpe	2026-06-01 10:17:53.916653

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2014-1567`	vulnerable	2026-06-03 14:33:47.742219	Details available Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout. Published: 2014-09-03T10:00:00.000Z Updated: 2024-08-06T09:42:36.651Z Open on db.gcve.eu Reference links http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html http://www.mozilla.org/security/announce/2014/mfsa2014-72.html https://bugzilla.mozilla.org/show_bug.cgi?id=1037641 http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00007.html http://www.securityfocus.com/bid/69520	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-1562`	vulnerable	2026-06-03 14:33:47.737474	Details available Unspecified vulnerability in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Published: 2014-09-03T10:00:00.000Z Updated: 2024-08-06T09:42:36.635Z Open on db.gcve.eu Reference links http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html http://www.securityfocus.com/bid/69519 http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00007.html https://bugzilla.mozilla.org/show_bug.cgi?id=1054359 https://security.gentoo.org/glsa/201504-01	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-1560`	vulnerable	2026-06-03 14:33:47.730847	Details available Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use ASCII character encoding in a required context. Published: 2014-07-23T10:00:00.000Z Updated: 2024-08-06T09:42:36.198Z Open on db.gcve.eu Reference links https://security.gentoo.org/glsa/201504-01 http://www.securitytracker.com/id/1030620 http://www.mozilla.org/security/announce/2014/mfsa2014-65.html http://www.securitytracker.com/id/1030619 https://bugzilla.mozilla.org/show_bug.cgi?id=997795	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-1559`	vulnerable	2026-06-03 14:33:47.730309	Details available Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use UTF-8 character encoding in a required context, a different vulnerability than CVE-2014-1558. Published: 2014-07-23T10:00:00.000Z Updated: 2024-08-06T09:42:36.288Z Open on db.gcve.eu Reference links https://security.gentoo.org/glsa/201504-01 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securitytracker.com/id/1030620 http://www.mozilla.org/security/announce/2014/mfsa2014-65.html http://www.securitytracker.com/id/1030619	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-1558`	vulnerable	2026-06-03 14:33:47.729725	Details available Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use UTF-8 character encoding in a required context, a different vulnerability than CVE-2014-1559. Published: 2014-07-23T10:00:00.000Z Updated: 2024-08-06T09:42:36.395Z Open on db.gcve.eu Reference links https://bugzilla.mozilla.org/show_bug.cgi?id=1015973 https://security.gentoo.org/glsa/201504-01 http://www.securitytracker.com/id/1030620 http://www.mozilla.org/security/announce/2014/mfsa2014-65.html http://www.securitytracker.com/id/1030619	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-1552`	vulnerable	2026-06-03 14:33:47.710716	Details available Mozilla Firefox before 31.0 and Thunderbird before 31.0 do not properly implement the sandbox attribute of the IFRAME element, which allows remote attackers to bypass intended restrictions on same-origin content via a crafted web site in conjunction with a redirect. Published: 2014-07-23T10:00:00.000Z Updated: 2024-08-06T09:42:36.504Z Open on db.gcve.eu Reference links https://bugzilla.mozilla.org/show_bug.cgi?id=985135 https://security.gentoo.org/glsa/201504-01 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securitytracker.com/id/1030620 http://www.securitytracker.com/id/1030619	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-1550`	vulnerable	2026-06-03 14:33:47.709335	Details available Use-after-free vulnerability in the MediaInputPort class in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging incorrect Web Audio control-message ordering. Published: 2014-07-23T10:00:00.000Z Updated: 2024-08-06T09:42:36.468Z Open on db.gcve.eu Reference links https://bugzilla.mozilla.org/show_bug.cgi?id=1020411 https://security.gentoo.org/glsa/201504-01 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securitytracker.com/id/1030620 http://www.securitytracker.com/id/1030619	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-1549`	vulnerable	2026-06-03 14:33:47.708748	Details available The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer function in Mozilla Firefox before 31.0 and Thunderbird before 31.0 does not properly allocate Web Audio buffer memory, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via crafted audio content that is improperly handled during playback buffering. Published: 2014-07-23T10:00:00.000Z Updated: 2024-08-06T09:42:36.270Z Open on db.gcve.eu Reference links https://bugzilla.mozilla.org/show_bug.cgi?id=1020205 https://security.gentoo.org/glsa/201504-01 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.mozilla.org/security/announce/2014/mfsa2014-57.html http://www.securitytracker.com/id/1030620	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-1548`	vulnerable	2026-06-03 14:33:47.708020	Details available Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Published: 2014-07-23T10:00:00.000Z Updated: 2024-08-06T09:42:36.212Z Open on db.gcve.eu Reference links https://bugzilla.mozilla.org/show_bug.cgi?id=1013056 https://bugzilla.mozilla.org/show_bug.cgi?id=1021240 https://bugzilla.mozilla.org/show_bug.cgi?id=994444 https://bugzilla.mozilla.org/show_bug.cgi?id=1022773 http://secunia.com/advisories/59719	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.