Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
MozillaThunderbird

116 matches found

CVE
CVEadded 2022/12/22 8:15 p.m.114 views

CVE-2022-40959

During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox

6.5CVSS6.7AI score0.00106EPSS
CVE
CVEadded 2022/12/22 8:15 p.m.113 views

CVE-2022-45416

Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox

6.5CVSS7.3AI score0.00123EPSS
CVE
CVEadded 2022/12/22 8:15 p.m.111 views

CVE-2022-40956

When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox

6.1CVSS6.6AI score0.00154EPSS
CVE
CVEadded 2022/12/22 8:15 p.m.109 views

CVE-2022-22744

The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This could have lead to command injection if pasted into a Powershell prompt.This bug only affects Thunderbird for Windows. Other operating systems are unaffected. . This vulnerability ...

8.8CVSS8.5AI score0.00414EPSS
CVE
CVEadded 2022/12/22 8:15 p.m.108 views

CVE-2022-45406

If an out-of-memory condition occurred when creating a JavaScript global, a JavaScript realm may be deleted while references to it lived on in a BaseShape. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.5, Thunderbird &lt...

9.8CVSS9.1AI score0.0037EPSS
CVE
CVEadded 2022/12/22 8:15 p.m.106 views

CVE-2022-45409

The garbage collector could have been aborted in several states and zones and GCRuntime::finishCollection may not have been called, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox

8.8CVSS8.9AI score0.00128EPSS
CVE
CVEadded 2022/12/22 8:15 p.m.105 views

CVE-2021-4126

When receiving an OpenPGP/MIME signed email message that contains an additional outer MIME message layer, for example a message footer added by a mailing list gateway, Thunderbird only considered the inner signed message for the signature validity. This gave the false impression that the additional...

6.5CVSS7.3AI score0.00125EPSS
CVE
CVEadded 2022/12/22 8:15 p.m.104 views

CVE-2022-3155

When saving or opening an email attachment on macOS, Thunderbird did not set attribute com.apple.quarantine on the received file. If the received file was an application and the user attempted to open it, then the application was started immediately without asking the user to confirm. This vulnerab...

7.8CVSS7.5AI score0.0005EPSS
CVE
CVEadded 2022/12/22 8:15 p.m.104 views

CVE-2022-45405

Freeing arbitrary nsIInputStream's on a different thread than creation could have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox

6.5CVSS7.5AI score0.00116EPSS
CVE
CVEadded 2022/12/22 8:15 p.m.104 views

CVE-2022-45411

Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript (such as cookies protected by HTTPOnly). To mitigate this attack, browsers placed limits on fetch() and XMLHttpRequ...

6.1CVSS6.9AI score0.00111EPSS
CVE
CVEadded 2022/12/22 8:15 p.m.102 views

CVE-2022-40957

Inconsistent data in instruction and data cache when creating wasm code could lead to a potentially exploitable crash.This bug only affects Firefox on ARM64 platforms. . This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox

6.5CVSS6.9AI score0.00131EPSS
CVE
CVEadded 2022/12/22 8:15 p.m.101 views

CVE-2022-38473

A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access). This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox

8.8CVSS8.3AI score0.00253EPSS
CVE
CVEadded 2022/12/22 8:15 p.m.96 views

CVE-2022-40960

Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox

6.5CVSS6.9AI score0.00123EPSS
CVE
CVEadded 2022/12/22 8:15 p.m.95 views

CVE-2022-40958

By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context, leading to session fixation and other attacks. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3...

6.5CVSS6.6AI score0.00237EPSS
CVE
CVEadded 2022/12/22 8:15 p.m.89 views

CVE-2020-15685

During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. This vulnerability affects Thunderbird

8.8CVSS8.4AI score0.0042EPSS
CVE
CVEadded 2022/12/22 8:15 p.m.89 views

CVE-2021-4127

An out of date graphics library (Angle) likely contained vulnerabilities that could potentially be exploited. This vulnerability affects Thunderbird < 78.9 and Firefox ESR

9.8CVSS9.2AI score0.0024EPSS
Total number of security vulnerabilities116