Lucene search
+L

1214 matches found

CVE
CVE
added 2018/10/18 1:0 p.m.221 views

CVE-2018-5188

CVE-2018-5188 involves memory safety bugs in Firefox 60/ESR 60 and Thunderbird

9.8CVSS8.5AI score0.03945EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.221 views

CVE-2022-3266

CVE-2022-3266 is an out-of-bounds read in H.264 video decoding that can trigger a crash. Affected products in the provided documents include Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox

5.5CVSS5.9AI score0.00293EPSS
CVE
CVE
added 2018/10/18 1:0 p.m.220 views

CVE-2018-12363

CVE-2018-12363 is a use-after-free vulnerability in Firefox/Thunderbird caused by mutation events moving DOM nodes between documents. The old document may be freed while a stale pointer remains, potentially enabling a crash. Public references show affected products include Thunderbird versions ol...

8.8CVSS7.7AI score0.03096EPSS
CVE
CVE
added 2018/10/18 1:0 p.m.220 views

CVE-2018-12366

CVE-2018-12366 describes an out-of-bounds read during QCMS color profile transformations caused by an invalid grid size. The vulnerability could leak private data in output. Affected products/versions include Thunderbird (and Firefox components) before specific fixed releases: Debian/CentOS advis...

6.5CVSS7.2AI score0.03158EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.220 views

CVE-2022-34472

CVE-2022-34472 : If a PAC URL is configured and the PAC host is unreachable, OCSP requests are blocked, leading to incorrect error pages being shown. Affected: Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, Thunderbird

4.3CVSS6.3AI score0.0058EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.219 views

CVE-2017-5462

The CVE-2017-5462 issue is a DRBG generation flaw in the NSS library where the internal state V does not correctly carry bits over. This vulnerability affects Mozilla products including Thunderbird (<52.1), Firefox ESR (<52.1), Firefox (

5.3CVSS6.4AI score0.02642EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.219 views

CVE-2018-5089

CVE-2018-5089 is a memory-safety vulnerability affecting Mozilla products: Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox

9.8CVSS9.9AI score0.03343EPSS
CVE
CVE
added 2021/11/03 12:3 a.m.219 views

CVE-2021-38495

CVE-2021-38495 relates to memory safety bugs reported in Mozilla Thunderbird 78.13.0, with evidence of memory corruption and the possibility that, with effort, exploit could lead to arbitrary code execution. The vulnerability affects Thunderbird < 91.1 and Firefox ESR

8.8CVSS9.5AI score0.01072EPSS
CVE
CVE
added 2018/10/18 1:0 p.m.218 views

CVE-2018-12364

The CVE-2018-12364 entry affects Thunderbird and was mitigated in various distributions through Thunderbird 52.9.1 and related security advisories. The connected documents confirm concrete details: NPAPI plugins (e.g., Flash) can bypass CORS by issuing a same-origin POST that redirects (307) to t...

8.8CVSS7.5AI score0.01821EPSS
CVE
CVE
added 2018/10/18 1:0 p.m.218 views

CVE-2018-12378

CVE-2018-12378 is a use-after-free in Thunderbird/Firefox related to deleting an IndexedDB index while it is still in use by JavaScript, causing a potentially exploitable crash. Affected: Thunderbird

9.8CVSS6.4AI score0.03357EPSS
CVE
CVE
added 2023/10/24 12:47 p.m.218 views

CVE-2023-5725

CVE-2023-5725 is a documented vulnerability affecting Firefox (before 119), Firefox ESR (before 115.4), and Thunderbird (before 115.4.1). A malicious installed WebExtension could open arbitrary URLs, which under certain conditions could enable collection of sensitive user data. The connected docu...

4.3CVSS6AI score0.00906EPSS
CVE
CVE
added 2021/06/24 1:26 p.m.217 views

CVE-2021-23992

Thunderbird is affected by CVE-2021-23992, where an attacker can craft an OpenPGP key by replacing an original user ID or adding another, causing the user to be confused about key ownership. The issue stems from Thunderbird not checking that the OpenPGP key’s user ID has a valid self-signature be...

4.3CVSS5.5AI score0.0048EPSS
CVE
CVE
added 2021/11/03 12:3 a.m.217 views

CVE-2021-38492

CVE-2021-38492 affects Mozilla Firefox on Windows, where delegating navigations to the OS could accept mk: URLs and load Internet Explorer in unprivileged mode. The vulnerability impacts Firefox versions older than 92 (and related Thunderbird/ ESR lines). Remediation is to upgrade to Firefox 92+ ...

6.5CVSS6.5AI score0.01118EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.215 views

CVE-2017-5380

CVE-2017-5380 is a use-after-free vulnerability related to SVG content processing. Connected IBM advisories confirm this CVE ID is present and tie it to vulnerabilities in Mozilla Firefox shipped with IBM Storwize V7000 Unified and IBM SONAS. Affected IBM products and versions are IBM Storwize V7...

9.8CVSS9.1AI score0.03208EPSS
CVE
CVE
added 2018/10/18 1:0 p.m.215 views

CVE-2018-12360

CVE-2018-12360 is a use-after-free vulnerability in Thunderbird (and Firefox components) triggered by deleting an input element during a mutation event handler invoked by focusing that element. Affected versions include Thunderbird before 60 and Thunderbird before 52.9.1; Firefox ESR before 60.1/...

8.8CVSS7.8AI score0.0311EPSS
CVE
CVE
added 2020/08/10 5:43 p.m.215 views

CVE-2020-15648

CVE-2020-15648 involves a framing bypass: using object/embed tags could frame other sites even if X-Frame-Options blocks framing. Affected: Firefox < 78.0.2 and Thunderbird

6.5CVSS6.5AI score0.01142EPSS
CVE
CVE
added 2021/06/24 1:27 p.m.215 views

CVE-2021-23991

CVE-2021-23991 affects Thunderbird before 78.9.1. If a user has previously imported Alice’s OpenPGP key and Alice extends its validity but the updated key hasn’t been imported, an attacker can send a crafted version of Alice’s key containing an invalid subkey. Thunderbird may then attempt to use ...

6.8CVSS6.8AI score0.01035EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.215 views

CVE-2022-31742

CVE-2022-31742 describes a timing-attack flaw in WebAuthn: an attacker could send many allowCredential entries and distinguish valid vs invalid key handles, enabling cross-origin account linking. Affected products in the provided records are Thunderbird < 91.10, Firefox < 101, and Firefox ESR

6.5CVSS7.2AI score0.00594EPSS
CVE
CVE
added 2018/10/18 1:0 p.m.213 views

CVE-2018-12383

CVE-2018-12383 describes an information disclosure in Thunderbird (and Firefox components) where, if a user saved passwords before migrating to the new password format (pre-Firefox 58) and later set a master password, an unencrypted copy of those passwords could remain accessible because the lega...

5.5CVSS5.6AI score0.0046EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.213 views

CVE-2018-5104

CVE-2018-5104 is a use-after-free in font-face manipulation that can trigger a crash when a font face is freed while still in use. Affected products include Mozilla Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox

9.8CVSS9.3AI score0.07262EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.213 views

CVE-2022-34481

The CVE-2022-34481 entry describes an integer overflow in nsTArray_Impl::ReplaceElementsAt() that could occur when replacing too many elements, affecting Firefox <102, Firefox ESR <91.11, Thunderbird <102, and Thunderbird

8.8CVSS8.7AI score0.00776EPSS
CVE
CVE
added 2023/06/02 12:0 a.m.213 views

CVE-2023-29541

The CVE-2023-29541 issue concerns Firefox on Linux (and Thunderbird) where downloads of files ending with .desktop could be interpreted as commands, enabling attacker-controlled execution. Public advisories show affected products as Firefox (Linux) older than 112, Thunderbird older than 102.10, a...

8.8CVSS7.9AI score0.00737EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.211 views

CVE-2016-9899

CVE-2016-9899 describes a use-after-free in Firefox/Thunderbird caused by errors in node adoption handling during DOM event manipulation and audio element removal. Affected: Firefox < 50.1, Firefox ESR < 45.6, Thunderbird

9.8CVSS8.8AI score0.21401EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.211 views

CVE-2018-5095

CVE-2018-5095 is an integer overflow in the Skia library during edge-builder memory allocation on systems with 8 GB+ RAM, causing uninitialized memory usage and a potentially exploitable crash. Public disclosures show affected products include Thunderbird < 52.6, Firefox ESR < 52.6, and Fir...

9.8CVSS9.3AI score0.04265EPSS
CVE
CVE
added 2020/01/08 9:22 p.m.210 views

CVE-2019-17009

CVE-2019-17009 affects Mozilla Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox

7.8CVSS7.2AI score0.00333EPSS
CVE
CVE
added 2023/09/27 2:13 p.m.210 views

CVE-2023-5174

The CVE-2023-5174 entry describes a Windows-specific issue in the Firefox sandbox handling: if a process fails to duplicate a handle during process creation, the sandbox code may double-free a pointer, causing a use-after-free and potentially an exploitable crash. Affected products are Firefox be...

9.8CVSS9AI score0.0099EPSS
CVE
CVE
added 2019/02/28 6:0 p.m.209 views

CVE-2018-12393

CVE-2018-12393 concerns 32‑bit Firefox builds (not 64‑bit) where an integer overflow during scripts-to-UTF-16 conversion can allocate a too-small buffer, causing an out-of-bounds write. Affected products include Firefox < 63, Firefox ESR < 60.3, and Thunderbird

7.5CVSS7.4AI score0.03924EPSS
CVE
CVE
added 2021/11/03 12:2 a.m.209 views

CVE-2021-38502

Thunderbird is affected by CVE-2021-38502 where STARTTLS requirements for SMTP were ignored, enabling a MITM to downgrade to an unencrypted connection or hijack an authenticated session and potentially obtain credentials if unprotected methods are configured. Multiple connected advisories confirm...

5.9CVSS7.4AI score0.01066EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.209 views

CVE-2022-46874

CVE-2022-46874 describes a filename truncation issue where a long filename could lose its valid extension, leaving a malicious extension that could confuse users or lead to execution of malicious code. Public reports indicate affected products include Firefox versions before 108 and Thunderbird v...

8.8CVSS8.7AI score0.00884EPSS
CVE
CVE
added 2025/05/17 9:7 p.m.209 views

CVE-2025-4918

CVE-2025-4918 describes an out-of-bounds read/write on a JavaScript Promise object affecting Firefox and Thunderbird. Affected: Firefox < 138.0.4, Firefox ESR < 128.10.1, Firefox ESR < 115.23.1; Thunderbird < 128.10.2, Thunderbird

9.8CVSS7.4AI score0.08947EPSS
CVE
CVE
added 2018/10/18 1:0 p.m.208 views

CVE-2018-12385

CVE-2018-12385 describes a potentially exploitable crash in TransportSecurityInfo used for SSL, triggered by data stored in the local cache within the user profile. Affected products include Thunderbird < 60.2.1, Firefox ESR < 60.2.1, and Firefox

7CVSS6AI score0.00358EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.208 views

CVE-2018-5103

CVE-2018-5103 is a use-after-free vulnerability that can occur during mouse event handling due to multiprocess-related issues, leading to potentially exploitable crashes. Affected products include Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox

9.8CVSS9.3AI score0.03066EPSS
CVE
CVE
added 2018/10/18 1:0 p.m.208 views

CVE-2018-5156

The CVE-2018-5156 entry describes a vulnerability in media capture: when the media source type is changed during capture, stream data can be cast to the wrong type, causing a crash. Affected products include Thunderbird

9.8CVSS6.9AI score0.03755EPSS
CVE
CVE
added 2021/06/24 1:26 p.m.208 views

CVE-2021-23993

CVE-2021-23993 affects Thunderbird: an attacker can cause encryption to fail by crafting an OpenPGP key with a subkey that has an invalid self-signature. When a user imports such a key, Thunderbird may attempt to use the invalid subkey, but the RNP library rejects it, leading to a DoS on sending ...

6.5CVSS6.7AI score0.00427EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.207 views

CVE-2018-5117

CVE-2018-5117 describes a URL spoofing issue where, when right-to-left text is used in the address bar with left-to-right alignment, the displayed URL can be scrolled to mislead users about the actual site. The vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox

5.3CVSS6.3AI score0.02386EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.206 views

CVE-2017-5378

CVE-2017-5378 involves hashed codes of JavaScript objects enabling pointer leaks and potential data leakage. The vulnerability affects Mozilla products as noted in connected sources: Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox

7.5CVSS8.1AI score0.03371EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.205 views

CVE-2017-5376

CVE-2017-5376 is a use-after-free in XSL processing of XSLT documents. Connected IBM advisories tie this CVE to Mozilla Firefox components shipped in IBM Storwize V7000 Unified and IBM SONAS; affected products include Thunderbird and Firefox binaries reported in the CVE. The IBM bulletins specify...

9.8CVSS9AI score0.03208EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.205 views

CVE-2018-5098

CVE-2018-5098 is a use-after-free in Thunderbird/Firefox related to manipulating form input elements, focus, and selections via script content, causing potential crashes. Affected: Thunderbird < 52.6, Firefox ESR < 52.6, Firefox

9.8CVSS9.3AI score0.03111EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.205 views

CVE-2018-5102

CVE-2018-5102 is a use-after-free in HTML media element handling with media streams, affecting Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox

9.8CVSS9.3AI score0.07157EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.204 views

CVE-2016-9893

CVE-2016-9893 relates to memory safety bugs reported in Thunderbird 45.5, with evidence of memory corruption. Affected products include Firefox <50.1, Firefox ESR <45.6, and Thunderbird

9.8CVSS9.7AI score0.02567EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.204 views

CVE-2018-5097

CVE-2018-5097 is a use-after-free vulnerability in XSL transformations where the source document is manipulated by script content during transformation. Affected products include Mozilla Thunderbird and Firefox variants prior to version 52.6/58, with upstream fixes targeting Thunderbird 52.6.0 (a...

9.8CVSS9.3AI score0.07262EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.204 views

CVE-2018-5099

CVE-2018-5099 is a use-after-free vulnerability in the widget listener that can crash or potentially allow code execution when references to freed browser objects are used. Affected products/versions include Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox

9.8CVSS9.3AI score0.03066EPSS
CVE
CVE
added 2020/10/08 1:37 p.m.204 views

CVE-2020-15646

This CVE describes a credential theft flaw in Thunderbird: if an attacker can intercept Thunderbird’s initial automatic account setup via Microsoft Exchange autodiscovery and reply with crafted data, Thunderbird may send a username and password over HTTPS to the attacker-controlled server. Affect...

5.9CVSS6.3AI score0.00961EPSS
CVE
CVE
added 2021/06/24 1:18 p.m.204 views

CVE-2021-29950

Summary: CVE-2021-29950 affects Mozilla Thunderbird prior to 78.8.1. The issue occurs when OpenPGP keys are unprotected in memory before decryption, signing, or import tasks; if the task fails, the secret key may remain in memory in an unprotected state. Impact (as described): Potential exposure ...

7.5CVSS6.4AI score0.00853EPSS
CVE
CVE
added 2023/06/02 12:0 a.m.204 views

CVE-2023-32207

CVE-2023-32207 describes a missing delay in popup notifications that could let an attacker trick a user into granting permissions. Affected software includes Firefox < 113, Firefox ESR < 102.11, and Thunderbird

8.8CVSS8AI score0.00731EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.203 views

CVE-2018-5155

CVE-2018-5155 is a use-after-free in the layout code when processing SVG text-paths during animations, causing a potentially exploitable crash. Affected products include Thunderbird and Firefox: Thunderbird < 52.8 (including ESR), and Firefox

9.8CVSS7AI score0.03493EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.203 views

CVE-2018-5159

CVE-2018-5159 describes an integer overflow in the Skia library caused by 32-bit integer use in an array without bounds checks, leading to out-of-bounds writes. This can crash web content and is potentially exploitable. Affected products include Thunderbird < 52.8, Thunderbird ESR < 52.8, F...

9.8CVSS6.9AI score0.21288EPSS
Web
CVE
CVE
added 2022/12/22 12:0 a.m.203 views

CVE-2022-45410

CVE-2022-45410 : When a ServiceWorker intercepted a request with a FetchEvent, the origin of the request could be lost after the ServiceWorker took ownership, negating SameSite cookie protections. Affected: Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox

6.5CVSS7.1AI score0.00744EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.201 views

CVE-2022-46880

CVE-2022-46880 describes a missing check related to tex units that could cause a use-after-free and an exploitable crash. Affected products include Firefox (ESR < 102.6, and Firefox < 105) and Thunderbird

6.5CVSS7.4AI score0.00653EPSS
CVE
CVE
added 2019/07/23 1:20 p.m.200 views

CVE-2019-11703

Summary (CVE-2019-11703) : A flaw in Thunderbird’s iCal handling causes a heap buffer overflow in libical’s parser_get_next_char, triggered by processing certain calendar-containing messages. The issue is documented to affect Thunderbird versions prior to 60.7.1, with public reports and advisorie...

9.8CVSS9.3AI score0.10527EPSS
Total number of security vulnerabilities1214