17 matches found
thunderbird: firefox: Cross-process information leaked due to malicious IPC messages
A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process...
thunderbird: firefox: Use-after-free in MediaTrackGraphImpl::GetInstance()
A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in MediaTrackGraphImpl::GetInstance...
thunderbird: firefox: Use-after-free in MediaTrackGraphImpl::GetInstance()
A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in MediaTrackGraphImpl::GetInstance...
thunderbird: firefox: Use-after-free in MediaTrackGraphImpl::GetInstance()
A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in MediaTrackGraphImpl::GetInstance...
thunderbird: firefox: Use-after-free in MediaTrackGraphImpl::GetInstance()
A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in MediaTrackGraphImpl::GetInstance...
Linux Distros Unpatched Vulnerability : CVE-2025-11719
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Starting in Thunderbird 143, the use of the native messaging API by web extensions on Windows could lead to crashes caused by use-after-free memory corruption...
CVE-2025-11719
Starting in Thunderbird 143, the use of the native messaging API by web extensions on Windows could lead to crashes caused by use-after-free memory corruption. This vulnerability was fixed in Firefox 144 and Thunderbird 144...
CVE-2025-11716
Links in a sandboxed iframe could open an external app on Android without the required "allow-" permission. This vulnerability was fixed in Firefox 144 and Thunderbird 144...
CVE-2025-11708
Use-after-free in MediaTrackGraphImpl::GetInstance This vulnerability affects Firefox 144, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4...
CVE-2025-11716 Sandboxed iframes allowed links to open in external apps (Android only)
Links in a sandboxed iframe could open an external app on Android without the required "allow-" permission. This vulnerability was fixed in Firefox 144 and Thunderbird 144...
CVE-2025-11716
CVE-2025-11716 affects Firefox and Thunderbird prior to version 144. The issue arises when links in a sandboxed iframe can trigger an external Android app without the required allow- permission, enabling potential unintended app launches. Reported as part of a broader Mozilla 2025- era set of fix...
CVE-2025-11716 Sandboxed iframes allowed links to open in external apps (Android only)
Links in a sandboxed iframe could open an external app on Android without the required "allow-" permission. This vulnerability was fixed in Firefox 144 and Thunderbird 144...
EUVD-2025-34201
Insufficient escaping in the “Copy as cURL” feature could have been used to trick a user into executing unexpected code on Windows. This did not affect Firefox running on other operating systems. This vulnerability affects Firefox 144, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4...
CVE-2025-11711
The provided connected advisories confirm CVE-2025-11711 affects Firefox and Thunderbird across multiple versions (Firefox < 144, ESR < 140.4, Thunderbird < 144, ESR
CVE-2025-11711 Some non-writable Object properties could be modified
There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4...
PT-2025-41897
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 144 Firefox ESR versions prior to 115.29 Firefox ESR versions prior to 140.4 Thunderbird versions prior to 144 Thunderbird versions prior to 140.4 Description A compromised web process could trigger out-of-bounds read...
PT-2025-41896
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 144 Firefox ESR versions prior to 140.4 Thunderbird versions prior to 144 Thunderbird versions prior to 140.4 Description A use-after-free issue exists in the MediaTrackGraphImpl::GetInstance function. This can occur...