Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
MozillaThunderbird

116 matches found

CVE
CVEadded 2022/12/22 8:15 p.m.138 views

CVE-2022-45414

If a Thunderbird user quoted from an HTML email, for example by replying to the email, and the email contained either a VIDEO tag with the POSTER attribute or an OBJECT tag with a DATA attribute, a network request to the referenced remote URL was performed, regardless of a configuration to block re...

8.1CVSS8.1AI score0.00461EPSS
CVE
CVEadded 2022/12/22 8:15 p.m.137 views

CVE-2022-22744

The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This could have lead to command injection if pasted into a Powershell prompt.This bug only affects Thunderbird for Windows. Other operating systems are unaffected. . This vulnerability ...

8.8CVSS8.5AI score0.00414EPSS
CVE
CVEadded 2022/12/22 8:15 p.m.136 views

CVE-2022-45405

Freeing arbitrary nsIInputStream's on a different thread than creation could have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox

6.5CVSS7.5AI score0.00089EPSS
CVE
CVEadded 2022/12/22 8:15 p.m.136 views

CVE-2022-45409

The garbage collector could have been aborted in several states and zones and GCRuntime::finishCollection may not have been called, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox

8.8CVSS8.9AI score0.00128EPSS
CVE
CVEadded 2022/12/22 8:15 p.m.136 views

CVE-2022-45411

Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript (such as cookies protected by HTTPOnly). To mitigate this attack, browsers placed limits on fetch() and XMLHttpRequ...

6.1CVSS6.9AI score0.00111EPSS
CVE
CVEadded 2022/12/22 8:15 p.m.131 views

CVE-2022-40957

Inconsistent data in instruction and data cache when creating wasm code could lead to a potentially exploitable crash.This bug only affects Firefox on ARM64 platforms. . This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox

6.5CVSS6.9AI score0.00131EPSS
CVE
CVEadded 2022/12/22 8:15 p.m.129 views

CVE-2022-38473

A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access). This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox

8.8CVSS8.3AI score0.00264EPSS
CVE
CVEadded 2022/12/22 8:15 p.m.128 views

CVE-2022-3033

If a Thunderbird user replied to a crafted HTML email containing a meta tag, with the meta tag having the http-equiv="refresh" attribute, and the content attribute specifying an URL, then Thunderbird started a network request to that URL, regardless of the configuration to block remote content. In ...

8.1CVSS7.6AI score0.00461EPSS
CVE
CVEadded 2022/12/22 8:15 p.m.126 views

CVE-2022-3032

When receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the inner HTML document, remote objects specified in the nested document, for example images or videos, were not blocked. Rather, the network was accessed, the objects were loaded and displayed. T...

6.5CVSS6.8AI score0.00232EPSS
CVE
CVEadded 2022/12/22 8:15 p.m.124 views

CVE-2022-40958

By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context, leading to session fixation and other attacks. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3...

6.5CVSS6.6AI score0.00219EPSS
CVE
CVEadded 2022/12/22 8:15 p.m.124 views

CVE-2022-40960

Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox

6.5CVSS6.9AI score0.00123EPSS
CVE
CVEadded 2022/12/22 8:15 p.m.118 views

CVE-2021-4129

Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Firefox 94. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these ...

9.8CVSS9.6AI score0.00298EPSS
CVE
CVEadded 2022/12/22 8:15 p.m.107 views

CVE-2021-4126

When receiving an OpenPGP/MIME signed email message that contains an additional outer MIME message layer, for example a message footer added by a mailing list gateway, Thunderbird only considered the inner signed message for the signature validity. This gave the false impression that the additional...

6.5CVSS7.3AI score0.00125EPSS
CVE
CVEadded 2022/12/22 8:15 p.m.105 views

CVE-2022-3155

When saving or opening an email attachment on macOS, Thunderbird did not set attribute com.apple.quarantine on the received file. If the received file was an application and the user attempted to open it, then the application was started immediately without asking the user to confirm. This vulnerab...

7.8CVSS7.5AI score0.0005EPSS
CVE
CVEadded 2022/12/22 8:15 p.m.94 views

CVE-2020-15685

During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. This vulnerability affects Thunderbird

8.8CVSS8.4AI score0.0042EPSS
CVE
CVEadded 2022/12/22 8:15 p.m.93 views

CVE-2021-4127

An out of date graphics library (Angle) likely contained vulnerabilities that could potentially be exploited. This vulnerability affects Thunderbird < 78.9 and Firefox ESR

9.8CVSS9.2AI score0.0024EPSS
Total number of security vulnerabilities116