[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248678

 
 

909

 
 

195426

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 26448 Download | Alert*

Mozilla Thunderbird 91.4.1 : OpenPGP signature status doesn't consider additional message content. When receiving an OpenPGP/MIME signed email message that contains an additional outer MIME message layer, for example a message footer added by a mailing list gateway, Thunderbird only considered the inner signed message for the signature validity. This gave the false impression that the additional c ...

Mozilla Thunderbird 91.4 : Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities.

Mozilla Thunderbird 91.2 : Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was configured, the MITM could obtain the authentication credentials, t ...

Mozilla Firefox ESR 78.14, Mozilla Firefox ESR 91.1, Mozilla Thunderbird 78.14, Mozilla Thunderbird 91.1: Mozilla developers Tyson Smith, Christian Holler, and Gabriele Svelto reported memory safety bugs present in Firefox 91 and Firefox ESR 91.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary ...

Mozilla Thunderbird 78.12 : If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for example the attacker could have tricked Thunderbird to show folders that didn't ...

Mozilla Thunderbird 78.7 : During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session.

The host is installed with Apple iTunes before 11.0.3.42 and is prone to a man in the middle attack vulnerability. A flaw is present in the application, which fails to properly handle multiple memory corruption issues. Successful exploitation could allow attackers to crash the service or execute arbitrary code.

Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, Apple Safari before 5.0.6 or Apple iTunes before 10.5, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs such as document.close during parsing, as demonstrated by a Cascading Style Sheets (CSS) file referencing ...

Apple iTunes before 9.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted MP4 podcast file.

The host is installed with Apple iTunes before 11.0.3 and is prone to a man in the middle attack vulnerability. A flaw is present in the application, which fails to properly verify X.509 certificates. Successful exploitation could allow attackers to spoof HTTPS servers via an arbitrary certificate.


Pages:      Start    1419    1420    1421    1422    1423    1424    1425    1426    1427    1428    1429    1430    1431    1432    ..   2644

© SecPod Technologies