GCVE - cpe:2.3:a:mozilla:thunderbird_esr:10.0.6:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:mozilla:thunderbird_esr:10.0.6:*:*:*:*:*:*:*

part: a version: 10.0.6 update: *

Vendor	Mozilla (`be1b0d4e-21a7-5a25-9982-bbda6ef43ec1`)
Product	Thunderbird Esr (`8cda75e7-5b98-5e3e-b343-10e3be29a684`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/thunderbird`	purl2cpe	2026-06-01 10:17:53.581697
`pkg:mozilla/comm-central`	purl2cpe	2026-06-01 10:17:53.581698
`pkg:rpm/fedora/thunderbird`	purl2cpe	2026-06-01 10:17:53.581699
`pkg:rpm/opensuse/mozillathunderbird`	purl2cpe	2026-06-01 10:17:53.581701

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2012-3993`	vulnerable	2026-06-03 14:32:16.736431	Details available The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures of InstallTrigger methods, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site, related to an "XrayWrapper pollution" issue. Published: 2012-10-10T17:00:00.000Z Updated: 2024-08-06T20:21:04.342Z Open on db.gcve.eu Reference links http://secunia.com/advisories/50904 http://secunia.com/advisories/50984 http://secunia.com/advisories/50935 http://www.mozilla.org/security/announce/2012/mfsa2012-83.html http://secunia.com/advisories/50856	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-3980`	vulnerable	2026-06-03 14:32:16.567045	Details available The web console in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that injects this code and triggers an eval operation. Published: 2012-08-29T10:00:00.000Z Updated: 2024-08-06T20:21:04.189Z Open on db.gcve.eu Reference links https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17000 http://rhn.redhat.com/errata/RHSA-2012-1211.html http://www.securityfocus.com/bid/55257 https://bugzilla.mozilla.org/show_bug.cgi?id=771859 http://www.mozilla.org/security/announce/2012/mfsa2012-72.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-3978`	vulnerable	2026-06-03 14:32:02.787942	Details available The nsLocation::CheckURL function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 does not properly follow the security model of the location object, which allows remote attackers to bypass intended content-loading restrictions or possibly have unspecified other impact via vectors involving chrome code. Published: 2012-08-29T10:00:00.000Z Updated: 2024-08-06T20:21:04.063Z Open on db.gcve.eu Reference links https://bugzilla.mozilla.org/show_bug.cgi?id=770429 http://www.debian.org/security/2012/dsa-2556 http://www.mozilla.org/security/announce/2012/mfsa2012-70.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16923 http://rhn.redhat.com/errata/RHSA-2012-1211.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-3974`	vulnerable	2026-06-03 14:32:02.774001	Details available Untrusted search path vulnerability in the installer in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 on Windows allows local users to gain privileges via a Trojan horse executable file in a root directory. Published: 2012-08-29T10:00:00.000Z Updated: 2024-08-06T20:21:04.121Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/55312 http://www.mozilla.org/security/announce/2012/mfsa2012-67.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16692 https://bugzilla.mozilla.org/show_bug.cgi?id=770478 http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-3970`	vulnerable	2026-06-03 14:32:02.465231	Details available Use-after-free vulnerability in the nsTArray_base::Length function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving movement of a requiredFeatures attribute from one SVG document to another. Published: 2012-08-29T10:00:00.000Z Updated: 2024-08-06T20:21:04.253Z Open on db.gcve.eu Reference links http://rhn.redhat.com/errata/RHSA-2012-1211.html http://www.securityfocus.com/bid/55278 http://www.mozilla.org/security/announce/2012/mfsa2012-63.html http://www.ubuntu.com/usn/USN-1548-1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16876	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-3969`	vulnerable	2026-06-03 14:32:02.450804	Details available Integer overflow in the nsSVGFEMorphologyElement::Filter function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via a crafted SVG filter that triggers an incorrect sum calculation, leading to a heap-based buffer overflow. Published: 2012-08-29T10:00:00.000Z Updated: 2024-08-06T20:21:04.257Z Open on db.gcve.eu Reference links http://www.debian.org/security/2012/dsa-2556 http://www.securityfocus.com/bid/55292 http://rhn.redhat.com/errata/RHSA-2012-1211.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16635 https://bugzilla.mozilla.org/show_bug.cgi?id=782141	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-3966`	vulnerable	2026-06-03 14:32:02.446550	Details available Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a negative height value in a BMP image within a .ICO file, related to (1) improper handling of the transparency bitmask by the nsICODecoder component and (2) improper processing of the alpha channel by the nsBMPDecoder component. Published: 2012-08-29T10:00:00.000Z Updated: 2024-08-06T20:21:04.215Z Open on db.gcve.eu Reference links http://rhn.redhat.com/errata/RHSA-2012-1211.html http://www.mozilla.org/security/announce/2012/mfsa2012-61.html https://bugzilla.mozilla.org/show_bug.cgi?id=775794 https://bugzilla.mozilla.org/show_bug.cgi?id=775793 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16246	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-3964`	vulnerable	2026-06-03 14:32:02.429373	Details available Use-after-free vulnerability in the gfxTextRun::GetUserData function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Published: 2012-08-29T10:00:00.000Z Updated: 2024-08-06T20:21:04.323Z Open on db.gcve.eu Reference links https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16857 http://rhn.redhat.com/errata/RHSA-2012-1211.html http://www.mozilla.org/security/announce/2012/mfsa2012-58.html https://bugzilla.mozilla.org/show_bug.cgi?id=756241 http://www.ubuntu.com/usn/USN-1548-1	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-3962`	vulnerable	2026-06-03 14:32:02.420547	Details available Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly iterate through the characters in a text run, which allows remote attackers to execute arbitrary code via a crafted document. Published: 2012-08-29T10:00:00.000Z Updated: 2024-08-06T20:21:04.157Z Open on db.gcve.eu Reference links http://www.debian.org/security/2012/dsa-2556 http://rhn.redhat.com/errata/RHSA-2012-1211.html http://www.mozilla.org/security/announce/2012/mfsa2012-58.html http://www.debian.org/security/2012/dsa-2553 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16494	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-3958`	vulnerable	2026-06-03 14:32:02.414843	Details available Use-after-free vulnerability in the nsHTMLEditRules::DeleteNonTableElements function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Published: 2012-08-29T10:00:00.000Z Updated: 2024-08-06T20:21:04.452Z Open on db.gcve.eu Reference links https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16782 http://rhn.redhat.com/errata/RHSA-2012-1211.html https://bugzilla.mozilla.org/show_bug.cgi?id=772346 http://www.mozilla.org/security/announce/2012/mfsa2012-58.html http://www.ubuntu.com/usn/USN-1548-1	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.