Mozilla Thunderbird Extended Support Release (ESR) 17.0.8
Approved changes feed: RSS · Atom
cpe:2.3:a:mozilla:thunderbird_esr:17.0.8:*:*:*:*:*:*:*
part: a version: 17.0.8 update: *
| Vendor | Mozilla (be1b0d4e-21a7-5a25-9982-bbda6ef43ec1) |
|---|---|
| Product | Thunderbird Esr (8cda75e7-5b98-5e3e-b343-10e3be29a684) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:deb/debian/thunderbird |
purl2cpe | 2026-06-01 10:17:53.581773 |
pkg:mozilla/comm-central |
purl2cpe | 2026-06-01 10:17:53.581774 |
pkg:rpm/fedora/thunderbird |
purl2cpe | 2026-06-01 10:17:53.581775 |
pkg:rpm/opensuse/mozillathunderbird |
purl2cpe | 2026-06-01 10:17:53.581777 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2014-2018 |
vulnerable | 2026-06-03 14:33:49.366294 |
Details available
Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in a (1) OBJECT or (2) EMBED element, a related issue to CVE-2013-6674.
Published: 2014-02-17T22:00:00.000Z
Updated: 2024-08-06T09:58:16.231Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2013-6674 |
vulnerable | 2026-06-03 14:33:27.278075 |
Details available
Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in an IFRAME element, a related issue to CVE-2014-2018.
Published: 2014-02-17T22:00:00.000Z
Updated: 2024-08-06T17:46:22.408Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2013-5604 |
vulnerable | 2026-06-03 14:33:22.102418 |
Details available
The txXPathNodeUtils::getBaseURI function in the XSLT processor in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly initialize data, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow and application crash) via crafted documents.
Published: 2013-10-30T10:00:00.000Z
Updated: 2024-08-06T17:15:21.510Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2013-5602 |
vulnerable | 2026-06-03 14:33:22.097985 |
Details available
The Worker::SetEventListener function in the Web workers implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to direct proxies.
Published: 2013-10-30T10:00:00.000Z
Updated: 2024-08-06T17:15:21.408Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2013-5601 |
vulnerable | 2026-06-03 14:33:22.094131 |
Details available
Use-after-free vulnerability in the nsEventListenerManager::SetEventHandler function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code via vectors related to a memory allocation through the garbage collection (GC) API.
Published: 2013-10-30T10:00:00.000Z
Updated: 2024-08-06T17:15:21.550Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2013-5600 |
vulnerable | 2026-06-03 14:33:22.089592 |
Details available
Use-after-free vulnerability in the nsIOService::NewChannelFromURIWithProxyFlags function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code via vectors involving a blob: URL.
Published: 2013-10-30T10:00:00.000Z
Updated: 2024-08-06T17:15:21.438Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2013-5599 |
vulnerable | 2026-06-03 14:33:22.085383 |
Details available
Use-after-free vulnerability in the nsIPresShell::GetPresContext function in the PresShell (aka presentation shell) implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors involving a CANVAS element, a mozTextStyle attribute, and an onresize event.
Published: 2013-10-30T10:00:00.000Z
Updated: 2024-08-06T17:15:21.453Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2013-5597 |
vulnerable | 2026-06-03 14:33:22.079167 |
Details available
Use-after-free vulnerability in the nsDocLoader::doStopDocumentLoad function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving a state-change event during an update of the offline cache.
Published: 2013-10-30T10:00:00.000Z
Updated: 2024-08-06T17:15:21.584Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2013-5595 |
vulnerable | 2026-06-03 14:33:22.071838 |
Details available
The JavaScript engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly allocate memory for unspecified functions, which allows remote attackers to conduct buffer overflow attacks via a crafted web page.
Published: 2013-10-30T10:00:00.000Z
Updated: 2024-08-06T17:15:21.440Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2013-5590 |
vulnerable | 2026-06-03 14:33:22.055363 |
Details available
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Published: 2013-10-30T10:00:00.000Z
Updated: 2024-08-06T17:15:21.675Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2013-1737 |
vulnerable | 2026-06-03 14:32:51.329738 |
Details available
Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the "this" object during use of user-defined getter methods on DOM proxies, which might allow remote attackers to bypass intended access restrictions via vectors involving an expando object.
Published: 2013-09-18T10:00:00.000Z
Updated: 2024-08-06T15:13:32.377Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2013-1736 |
vulnerable | 2026-06-03 14:32:51.328444 |
Details available
The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to improperly establishing parent-child relationships of range-request nodes.
Published: 2013-09-18T10:00:00.000Z
Updated: 2024-08-06T15:13:32.191Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2013-1735 |
vulnerable | 2026-06-03 14:32:51.323067 |
Details available
Use-after-free vulnerability in the mozilla::layout::ScrollbarActivity function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via vectors related to image-document scrolling.
Published: 2013-09-18T10:00:00.000Z
Updated: 2024-08-06T15:13:32.178Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2013-1732 |
vulnerable | 2026-06-03 14:32:51.147884 |
Details available
Buffer overflow in the nsFloatManager::GetFlowArea function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via crafted use of lists and floats within a multi-column layout.
Published: 2013-09-18T10:00:00.000Z
Updated: 2024-08-06T15:13:32.443Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2013-1730 |
vulnerable | 2026-06-03 14:32:51.144167 |
Details available
Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly handle movement of XBL-backed nodes between documents, which allows remote attackers to execute arbitrary code or cause a denial of service (JavaScript compartment mismatch, or assertion failure and application exit) via a crafted web site.
Published: 2013-09-18T10:00:00.000Z
Updated: 2024-08-06T15:13:32.358Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2013-1726 |
vulnerable | 2026-06-03 14:32:51.134811 |
Details available
Mozilla Updater in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 does not ensure exclusive access to a MAR file, which allows local users to gain privileges by creating a Trojan horse file after MAR signature verification but before MAR use.
Published: 2013-09-18T10:00:00.000Z
Updated: 2024-08-06T15:13:31.665Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2013-1725 |
vulnerable | 2026-06-03 14:32:51.131721 |
Details available
Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not ensure that initialization occurs for JavaScript objects with compartments, which allows remote attackers to execute arbitrary code by leveraging incorrect scope handling.
Published: 2013-09-18T10:00:00.000Z
Updated: 2024-08-06T15:13:32.609Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2013-1722 |
vulnerable | 2026-06-03 14:32:51.122427 |
Details available
Use-after-free vulnerability in the nsAnimationManager::BuildAnimations function in the Animation Manager in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving stylesheet cloning.
Published: 2013-09-18T10:00:00.000Z
Updated: 2024-08-06T15:13:32.395Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2013-1718 |
vulnerable | 2026-06-03 14:32:51.095787 |
Details available
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Published: 2013-09-18T10:00:00.000Z
Updated: 2024-08-06T15:13:32.284Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.