Lucene search
K

33 matches found

OSV
OSV
added 2026/07/01 2:17 a.m.4 views

UBUNTU-CVE-2026-57963

An attacker who can send HTML chat messages via Matrix or XMPP can inject arbitrary styled content, phishing links, and CSS that manipulates the chat UI. This vulnerability was fixed in Thunderbird 152.0.1 and Thunderbird 140.12.1...

6.5CVSS5.9AI score0.00181EPSS
Exploits0References5
NVD
NVD
added 2026/07/01 2:17 a.m.9 views

CVE-2026-57963

An attacker who can send HTML chat messages via Matrix or XMPP can inject arbitrary styled content, phishing links, and CSS that manipulates the chat UI. This vulnerability was fixed in Thunderbird 152.0.1 and Thunderbird 140.12.1...

6.5CVSS0.00181EPSS
Exploits0References3
CVE
CVE
added 2026/07/01 12:58 a.m.27 views

CVE-2026-57963

The CVE-2026-57963 issue affects chat UI in Thunderbird where an attacker able to send HTML chat messages (via Matrix or XMPP) can inject arbitrary styled content, phishing links, and CSS that manipulates the chat UI. Underlying risk is manipulation of the chat interface and potential phishing wi...

6.5CVSS5.9AI score0.00181EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/07/01 12:58 a.m.44 views

CVE-2026-57962 Denial-of-service via malicious LDAP address-book server

A malicious LDAP server, which a Thunderbird user is configured to query for address-book autocomplete, can stash arbitrarily large amounts of attacker-supplied data into the Thunderbird LDAP client until it crashes due to memory exhaustion. This vulnerability was fixed in Thunderbird 152.0.1 and...

0.00203EPSS
Exploits0References3
CVE
CVE
added 2026/07/01 12:58 a.m.21 views

CVE-2026-57962

CVE-2026-57962 affects Thunderbird’s LDAP address-book autocomplete. A malicious LDAP server can cause the Thunderbird LDAP client to stash attacker-supplied data, enabling memory exhaustion and a denial of service. Root cause is unbounded data processing by the LDAP client when queried by the Th...

5.3CVSS5.8AI score0.00203EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.8 views

PT-2026-54448

Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 140.12.1 Thunderbird versions prior to 152.0.1 Description An attacker can inject arbitrary styled content, phishing links, and CSS to manipulate the chat UI by sending HTML chat messages via Matrix or XMPP...

6.5CVSS6AI score0.00181EPSS
Exploits0References11
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability in Firefox, Thunderbird

Mitigation bypass in the DOM: HTML Parser component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

9.8CVSS6.1AI score0.00552EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability in Firefox, Thunderbird

Use-after-free in the IPC component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...

8.8CVSS7AI score0.00405EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/20 2:31 a.m.12 views

SUSE CVE-2026-8965

Information disclosure in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151...

4.3CVSS5.8AI score0.00324EPSS
Exploits0References3
OSV
OSV
added 2026/05/19 2:16 p.m.11 views

UBUNTU-CVE-2026-8971

Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 151 and Thunderbird 151...

6.5CVSS5.8AI score0.00206EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2026/05/19 2:16 p.m.10 views

CVE-2026-8974

Memory safety bugs present in Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11,...

8.8CVSS5.8AI score0.00332EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2026/05/19 2:16 p.m.9 views

CVE-2026-8961

Spoofing issue in the Form Autofill component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

6.5CVSS5.8AI score0.00322EPSS
Exploits0References9
AlpineLinux
AlpineLinux
added 2026/05/19 12:30 p.m.10 views

CVE-2026-8975

Memory safety bugs present in Firefox ESR 115.35, Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151, Firefox...

8.8CVSS6AI score0.00429EPSS
Exploits0References6
AlpineLinux
AlpineLinux
added 2026/05/19 12:30 p.m.12 views

CVE-2026-8974

Memory safety bugs present in Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11,...

8.8CVSS6AI score0.00332EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2026/05/19 12:30 p.m.27 views

CVE-2026-8971

Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 151 and Thunderbird 151...

6.5CVSS5.8AI score0.00206EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/05/19 12:29 p.m.12 views

CVE-2026-8953

Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

9.6CVSS5.8AI score0.00532EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/07 12:43 p.m.5 views

CVE-2026-5735 Memory safety bugs fixed in Firefox 149.0.2 and Thunderbird 149.0.2

Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149.0.2 and Thunderbird...

5.9AI score0.00257EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 9 : firefox-115.13.0-3.el9_4.ML.1 (AXSA:2024-8564:24)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8564:24 advisory. Mozilla: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 CVE-2024-6604 Mozilla: Race condition in permission...

7.5CVSS8.5AI score0.0054EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2025/12/09 1:38 p.m.2 views

CVE-2025-14328

Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6...

8.8CVSS7.2AI score0.0034EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2025/12/09 1:37 p.m.8 views

CVE-2025-14324

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6...

9.8CVSS7.2AI score0.0049EPSS
Exploits0References7
Rows per page
Query Builder