thunderbird vulnerabilities and exploits

NA
CVE-2019-11701

Mozilla Firefox is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the default webcal: protocol handler. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser...

NA
CVE-2019-11699

Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by the highlighting of the wrong name during page navigations. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the...

NA
CVE-2019-11696

Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by the failure to treat files with the .JNLP extension used for "Java web start" applications as executabel content. By persuading a victim to visit a specially-crafted Web...

NA
CVE-2019-11695

Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by the use of a custom cursor. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the actual cursor....

NA
CVE-2019-9821

Mozilla Firefox is vulnerable to a denial of service, caused by a use-after-free in AssertWorkerThread. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause a denial of service....

NA
CVE-2019-11697

Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by an error when pressing key combinations. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to bypass installation prompt delays and...

NA
CVE-2019-9814

Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack...

NA
CVE-2019-18511

[ASA-201905-8] thunderbird: multiple issues...

4.3
CVSSv2
CVE-2018-12556

The signature verification routine in install.sh in yarnpkg/website through 2018-06-05 only verifies that the yarn release is signed by any (arbitrary) key in the local keyring of the user, and does not pin the signature to the yarn release key, which allows remote attackers to...

4.3
CVSSv2
CVE-2019-8338

The signature verification routine in the Airmail GPG-PGP Plugin, versions 1.0 (9) and earlier, does not verify the status of the signature at all, which allows remote attackers to spoof arbitrary email signatures by crafting a signed email with an invalid signature. Also, it...