Search

Find a vulnerability

Search criteria

    3 vulnerabilities found for Mozilla Thunderbird by mozilla.org contributors

    JVNDB-2017-000171

    Vulnerability from jvndb - Published: 2017-07-11 13:48 - Updated:2018-08-30 18:03
    Severity
    Summary
    Installers of Mozilla Firefox and Thunderbird for Windows may insecurely load Dynamic Link Libraries
    Details
    Installers of Mozilla Firefox and Thunderbird for Windows provided by Mozilla Foundation contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000171.html",
      "dc:date": "2018-08-30T18:03+09:00",
      "dcterms:issued": "2017-07-11T13:48+09:00",
      "dcterms:modified": "2018-08-30T18:03+09:00",
      "description": "Installers of Mozilla Firefox and Thunderbird for Windows provided by Mozilla Foundation contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nEili Masami of Tachibana Lab. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000171.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:mozilla:firefox",
          "@product": "Mozilla Firefox",
          "@vendor": "mozilla.org contributors",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:mozilla:firefox_esr",
          "@product": "Mozilla Firefox ESR",
          "@vendor": "mozilla.org contributors",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:mozilla:thunderbird",
          "@product": "Mozilla Thunderbird",
          "@vendor": "mozilla.org contributors",
          "@version": "2.2"
        }
      ],
      "sec:cvss": [
        {
          "@score": "6.8",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "@version": "2.0"
        },
        {
          "@score": "7.8",
          "@severity": "High",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2017-000171",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN81676004/index.html",
          "@id": "JVN#81676004",
          "@source": "JVN"
        },
        {
          "#text": "https://jvn.jp/en/ta/JVNTA91240916/",
          "@id": "JVNTA#91240916",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7755",
          "@id": "CVE-2017-7755",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-7755",
          "@id": "CVE-2017-7755",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Installers of Mozilla Firefox and Thunderbird for Windows may insecurely load Dynamic Link Libraries"
    }

    JVNDB-2006-000326

    Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000326.html",
      "dc:date": "2008-05-21T00:00+09:00",
      "dcterms:issued": "2008-05-21T00:00+09:00",
      "dcterms:modified": "2008-05-21T00:00+09:00",
      "description": "(1)Mozilla Firefox contains a vulnerability in the way it interprets HTTP 1.0 responses from a server.\r\n\r\n(2)Mozilla Firefox, a web browser from Mozilla Corporation and Mozilla Japan, fails to properly handles multiple HTTP headers in server responses.",
      "link": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000326.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:mozilla:firefox",
          "@product": "Mozilla Firefox",
          "@vendor": "mozilla.org contributors",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:mozilla:seamonkey",
          "@product": "Mozilla SeaMonkey",
          "@vendor": "mozilla.org contributors",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:mozilla:thunderbird",
          "@product": "Mozilla Thunderbird",
          "@vendor": "mozilla.org contributors",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:hp:hp-ux",
          "@product": "HP-UX",
          "@vendor": "Hewlett-Packard Development Company,L.P",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:misc:miraclelinux_asianux_server",
          "@product": "Asianux Server",
          "@vendor": "Cybertrust Japan Co., Ltd.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:redhat:enterprise_linux",
          "@product": "Red Hat Enterprise Linux",
          "@vendor": "Red Hat, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:redhat:linux_advanced_workstation",
          "@product": "Red Hat Linux Advanced Workstation",
          "@vendor": "Red Hat, Inc.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "2.6",
        "@severity": "Low",
        "@type": "Base",
        "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2006-000326",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN62734622/index.html",
          "@id": "JVN#62734622",
          "@source": "JVN"
        },
        {
          "#text": "http://jvn.jp/en/jp/JVN28513736/index.html",
          "@id": "JVN#28513736",
          "@source": "JVN"
        },
        {
          "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2786",
          "@id": "CVE-2006-2786",
          "@source": "CVE"
        },
        {
          "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-2786",
          "@id": "CVE-2006-2786",
          "@source": "NVD"
        },
        {
          "#text": "http://www.securityfocus.com/bid/18228",
          "@id": "18228",
          "@source": "BID"
        },
        {
          "#text": "http://www.frsirt.com/english/advisories/2006/2106",
          "@id": "FrSIRT/ADV-2006-2106",
          "@source": "FRSIRT"
        }
      ],
      "title": "Mozilla Firefox vulnerable to HTTP response splitting"
    }

    JVNDB-2007-000295

    Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2009-08-06 11:39
    Severity
    N/A (UNKNOWN) - -
    Summary
    APOP password recovery vulnerability
    Details
    POP3 is a protocol for receiving email from mail servers. APOP is an authentication mechanism used by the POP3 protocol. It is reported that APOP passwords could be recovered by third parties. In its successful attack, the attacker spoofs itself as the mail server, provides challenge strings to the client, and collects the responses from the client. The attacker should repeat this process for a certain period of time without alerting the user of the attack.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000295.html",
      "dc:date": "2009-08-06T11:39+09:00",
      "dcterms:issued": "2008-05-21T00:00+09:00",
      "dcterms:modified": "2009-08-06T11:39+09:00",
      "description": "POP3 is a protocol for receiving email from mail servers. APOP is an authentication mechanism used by the POP3 protocol.\r\n\r\nIt is reported that APOP passwords could be recovered by third parties.\r\n\r\nIn its successful attack, the attacker spoofs itself as the mail server, provides challenge strings to the client, and collects the responses from the client. The attacker should repeat this process for a certain period of time without alerting the user of the attack.",
      "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000295.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:claws_mail:claws_mail",
          "@product": "Claws Mail",
          "@vendor": "Claws Mail",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:fetchmail:fetchmail",
          "@product": "Fetchmail",
          "@vendor": "Fetchmail Project",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:mozilla:seamonkey",
          "@product": "Mozilla SeaMonkey",
          "@vendor": "mozilla.org contributors",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:mozilla:thunderbird",
          "@product": "Mozilla Thunderbird",
          "@vendor": "mozilla.org contributors",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:mutt:mutt",
          "@product": "Mutt",
          "@vendor": "Mutt",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:redhat:rhel_optional_productivity_applications",
          "@product": "RHEL Optional Productivity Applications",
          "@vendor": "Red Hat, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:sylpheed:sylpheed",
          "@product": "Sylpheed",
          "@vendor": "Sylpheed",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:hp:hp-ux",
          "@product": "HP-UX",
          "@vendor": "Hewlett-Packard Development Company,L.P",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:misc:miraclelinux_asianux_server",
          "@product": "Asianux Server",
          "@vendor": "Cybertrust Japan Co., Ltd.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:redhat:enterprise_linux",
          "@product": "Red Hat Enterprise Linux",
          "@vendor": "Red Hat, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:redhat:enterprise_linux_desktop",
          "@product": "Red Hat Enterprise Linux Desktop",
          "@vendor": "Red Hat, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:redhat:enterprise_linux_eus",
          "@product": "Red Hat Enterprise Linux EUS",
          "@vendor": "Red Hat, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:redhat:linux_advanced_workstation",
          "@product": "Red Hat Linux Advanced Workstation",
          "@vendor": "Red Hat, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:redhat:rhel_desktop_workstation",
          "@product": "RHEL Desktop Workstation",
          "@vendor": "Red Hat, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:turbolinux:turbolinux",
          "@product": "Turbolinux",
          "@vendor": "Turbolinux, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:turbolinux:turbolinux_desktop",
          "@product": "Turbolinux Desktop",
          "@vendor": "Turbolinux, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:turbolinux:turbolinux_fuji",
          "@product": "Turbolinux FUJI",
          "@vendor": "Turbolinux, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:turbolinux:turbolinux_home",
          "@product": "Turbolinux Home",
          "@vendor": "Turbolinux, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:turbolinux:turbolinux_multimedia",
          "@product": "Turbolinux Multimedia",
          "@vendor": "Turbolinux, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:turbolinux:turbolinux_personal",
          "@product": "Turbolinux Personal",
          "@vendor": "Turbolinux, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:turbolinux:turbolinux_server",
          "@product": "Turbolinux Server",
          "@vendor": "Turbolinux, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:turbolinux:turbolinux_wizpy",
          "@product": "wizpy",
          "@vendor": "Turbolinux, Inc.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "5.4",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "AV:N/AC:H/Au:N/C:C/I:N/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2007-000295",
      "sec:references": [
        {
          "#text": "http://jvn.jp/cert/JVNTA07-151A/index.html",
          "@id": "JVNTA07-151A",
          "@source": "JVN"
        },
        {
          "#text": "http://jvn.jp/en/jp/JVN19445002/index.html",
          "@id": "JVN#19445002",
          "@source": "JVN"
        },
        {
          "#text": "http://jvn.jp/tr/TRTA07-151A/index.html",
          "@id": "TRTA07-151A",
          "@source": "JVNTR"
        },
        {
          "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558",
          "@id": "CVE-2007-1558",
          "@source": "CVE"
        },
        {
          "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1558",
          "@id": "CVE-2007-1558",
          "@source": "NVD"
        },
        {
          "#text": "http://www.us-cert.gov/cas/alerts/SA07-151A.html",
          "@id": "SA07-151A",
          "@source": "CERT-SA"
        },
        {
          "#text": "http://www.us-cert.gov/cas/techalerts/TA07-151A.html",
          "@id": "TA07-151A",
          "@source": "CERT-TA"
        },
        {
          "#text": "http://www.securityfocus.com/bid/23257",
          "@id": "23257",
          "@source": "BID"
        },
        {
          "#text": "http://www.securitytracker.com/id?1018008",
          "@id": "1018008",
          "@source": "SECTRACK"
        },
        {
          "#text": "http://www.frsirt.com/english/advisories/2007/1466",
          "@id": "FrSIRT/ADV-2007-1466",
          "@source": "FRSIRT"
        },
        {
          "#text": "http://www.frsirt.com/english/advisories/2007/1480",
          "@id": "FrSIRT/ADV-2007-1480",
          "@source": "FRSIRT"
        },
        {
          "#text": "http://www.frsirt.com/english/advisories/2007/1468",
          "@id": "FrSIRT/ADV-2007-1468",
          "@source": "FRSIRT"
        },
        {
          "#text": "http://www.frsirt.com/english/advisories/2007/1467",
          "@id": "FrSIRT/ADV-2007-1467",
          "@source": "FRSIRT"
        },
        {
          "#text": "http://www.ietf.org/rfc/rfc1939.txt",
          "@id": "RFC1939:Post Office Protocol - Version 3",
          "@source": "IETF"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-264",
          "@title": "Permissions(CWE-264)"
        }
      ],
      "title": "APOP password recovery vulnerability"
    }