Lucene search
K

1214 matches found

CVE
CVE
added 2022/12/22 12:0 a.m.593 views

CVE-2022-28285

CVE-2022-28285 describes an incorrect AliasSet used during MLoadTypedArrayElementHole JIT codegen, enabling a potential out-of-bounds read when combined with another vulnerability. Affected products include Thunderbird < 91.8, Firefox < 99, and Firefox ESR

6.5CVSS7.2AI score0.00759EPSS
CVE
CVE
added 2025/01/07 4:7 p.m.575 views

CVE-2025-0237

CVE-2025-0237 concerns the WebChannel API: the sending principal was accepted without validation, enabling potential privilege escalation. Affected products include Firefox (all releases before 134; including ESR

5.4CVSS6.8AI score0.00604EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.571 views

CVE-2022-26387

The CVE-2022-26387 issue is a Mozilla add-on verification weakness. A time-of-check/time-of-use (TOCTOU) bug could allow the add-on file to be altered after Firefox/Thunderbird signatures were checked but before user confirmation, leaving the user exposed. Affected products and versions per conne...

7.5CVSS7.8AI score0.00657EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.571 views

CVE-2022-28282

Summary: CVE-2022-28282 is a use-after-free in the L10n/TranslateDocument path triggered when destroying an object during JavaScript execution and then referencing it via a freed pointer, with exploits tied to Firefox/Thunderbird. Affected versions: Thunderbird < 91.8, Firefox < 99, and Fir...

6.5CVSS7.1AI score0.02012EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.564 views

CVE-2022-29911

CVE-2022-29911 is an iframe sandbox bypass vulnerability described as an improper implementation of allow-top-navigation-by-user-activation that could permit script execution without allow-scripts. Affected products include Thunderbird (<91.9), Firefox ESR (<91.9), and Firefox (

6.1CVSS7.3AI score0.00561EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.562 views

CVE-2022-26383

CVE-2022-26383 concerns a UI/UX issue in Firefox and Thunderbird where, after requesting fullscreen, resizing the popup prevented the fullscreen notification from displaying. Connected docs confirm the flaw affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird

4.3CVSS6AI score0.00655EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.557 views

CVE-2022-22751

CVE-2022-22751 relates to memory-safety bugs in Firefox 95 and Firefox ESR 91.4, with evidence of memory corruption and a presumption that some could be exploited to run arbitrary code. Affected: Firefox ESR < 91.5, Firefox < 96, and Thunderbird

8.8CVSS9.6AI score0.0087EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.557 views

CVE-2022-29909

CVE-2022-29909 is a Firefox/Thunderbird vulnerability described as privilege escalation via deeply-nested cross-origin browsing contexts that could inherit top-level permissions. Affected products and versions from connected advisories: Thunderbird < 91.9 and Firefox (including ESR)

8.8CVSS8.7AI score0.00848EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.555 views

CVE-2022-22747

Summary: CVE-2022-22747 describes a denial of service caused by incorrect parsing of empty PKCS#7 sequences after accepting an untrusted certificate, leading to a crash. The vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird

6.5CVSS7.1AI score0.0063EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.555 views

CVE-2022-26386

The CVE-2022-26386 issue concerns Firefox ESR versions prior to 91.7 and Thunderbird versions prior to 91.7. Previously, Firefox on macOS/Linux downloaded temporary files to a user-specific directory in /tmp; this was changed to /tmp where other local users could affect the files. The behavior wa...

6.5CVSS6.9AI score0.0068EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.553 views

CVE-2022-22740

CVE-2022-22740 is confirmed in connected documents as a use-after-free caused by freeing network request objects too early, potentially enabling a crash. Affected products: Firefox ESR < 91.5, Firefox < 96, and Thunderbird

8.8CVSS8.8AI score0.0096EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.550 views

CVE-2022-29916

CVE-2022-29916 is an information-disclosure issue where Firefox behaves differently when loading CSS resources with CSS variables, potentially allowing history probing. Affected products in public advisories include Thunderbird and Firefox variants (Thunderbird < 91.9, Firefox/ ESR < 91.9, ...

6.5CVSS7.4AI score0.00723EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.548 views

CVE-2022-26381

CVE-2022-26381 describes a use-after-free risk caused by forcing a text reflow in an SVG object, potentially exploitable as a crash. Affected products include Mozilla Firefox (less than 98) and Firefox ESR (less than 91.7) and Mozilla Thunderbird (less than 91.7). External documents (Astra Linux,...

8.8CVSS8.6AI score0.00849EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.542 views

CVE-2022-22739

CVE-2022-22739 describes a vulnerability where malicious websites could lure users into launching a program to handle an external URL protocol. Public references in the provided documents indicate affected products are Mozilla Firefox (Firefox ESR < 91.5, Firefox < 96) and Thunderbird (

6.5CVSS7AI score0.00679EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.542 views

CVE-2022-29912

The CVE-2022-29912 issue concerns the handling of SameSite cookies in reader mode. Affected products include Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox

6.1CVSS7.2AI score0.00644EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.539 views

CVE-2022-22742

CVE-2022-22742 is confirmed in connected records as an out-of-bounds memory access in Firefox/Thunderbird when inserting text in edit mode. Affected products include Firefox ESR < 91.5, Firefox < 96, and Thunderbird

6.5CVSS7.3AI score0.00796EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.538 views

CVE-2022-22738

The CVE-2022-22738 entry concerns a heap-buffer-overflow caused by applying a CSS filter, potentially exploitable via memory corruption. Affected products are Mozilla Firefox/Thunderbird: Firefox ESR < 91.5, Firefox < 96, and Thunderbird

8.8CVSS8.7AI score0.00995EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.538 views

CVE-2022-22745

CVE-2022-22745 describes a cross-origin information leak via SecurityPolicyViolation events for frame-ancestors violations. Public documents associate this with Firefox ESR versions earlier than 91.5, Firefox versions earlier than 96, and Thunderbird versions earlier than 91.5. The connected advi...

6.5CVSS7.1AI score0.00646EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.536 views

CVE-2022-22741

CVE-2022-22741 : A fullscreen-related issue in Firefox/Thunderbird where resizing a popup while requesting fullscreen could trap the popup in fullscreen and prevent exit. Affected: Firefox ESR < 91.5, Firefox < 96, Thunderbird

7.5CVSS7.7AI score0.00652EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.535 views

CVE-2022-22737

The CVE-2022-22737 entry is supported by connected advisories showing a race condition in constructing audio sinks that can lead to a use-after-free and potentially exploitable crash in Mozilla Firefox ESR < 91.5, Firefox < 96, and Thunderbird

7.5CVSS8AI score0.0075EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.533 views

CVE-2022-22754

CVE-2022-22754: Affects Firefox <97, Thunderbird <91.6, and Firefox ESR

6.5CVSS7AI score0.00644EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.533 views

CVE-2022-22760

CVE-2022-22760: A cross-origin information disclosure in Firefox/Thunderbird arises when importing resources via Web Workers, where error messages could reveal whether a response is JavaScript (application/javascript) or not. Affected: Firefox < 97, Thunderbird < 91.6, and Firefox ESR

6.5CVSS7AI score0.00759EPSS
CVE
CVE
added 2019/07/23 1:19 p.m.529 views

CVE-2019-11709

CVE-2019-11709 involves memory safety bugs reported in Mozilla Firefox (67) and Firefox ESR (60.7). Some bugs show memory corruption and could potentially be exploited to run arbitrary code. Affected versions include Firefox ESR < 60.8, Firefox < 68, and Thunderbird

9.8CVSS9.9AI score0.02349EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.529 views

CVE-2022-1097

The CVE-2022-1097 entry concerns NSSToken objects that could be accessed unsafely across threads, causing a use-after-free and potentially exploitable crash. Affected products explicitly named in connected documents include Thunderbird (versions earlier than 91.8), Firefox (versions earlier than ...

6.5CVSS7.3AI score0.00917EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.529 views

CVE-2022-22743

CVE-2022-22743 affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird

4.3CVSS6AI score0.00643EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.523 views

CVE-2022-22756

CVE-2022-22756 describes a drag-and-drop image object that could be turned into an executable script, enabling arbitrary code execution when clicked. Affected products and versions include Firefox <97, Thunderbird <91.6, and Firefox ESR

8.8CVSS8.6AI score0.00926EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.521 views

CVE-2022-22764

CVE-2022-22764 is a set of memory-safety bugs in Mozilla Firefox (affecting Firefox < 97 and Firefox ESR < 91.6) and related Thunderbird components (Thunderbird

8.8CVSS9.5AI score0.00702EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.518 views

CVE-2022-42928

CVE-2022-42928 is a memory-corruption vulnerability affecting Firefox and Thunderbird prior to the specified versions (Firefox <106, ESR <102.4, Thunderbird

8.8CVSS8.5AI score0.0083EPSS
CVE
CVE
added 2020/01/08 7:22 p.m.517 views

CVE-2019-11745

CVE-2019-11745 is a heap-based out-of-bounds write in Mozilla NSS (NSC_EncryptUpdate) when data smaller than the block size is encrypted. This could allow a remote attacker to trigger a crash or execute arbitrary code with the user’s privileges (attack surface includes NSS-enabled apps such as Th...

8.8CVSS8.7AI score0.02994EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.514 views

CVE-2022-22748

CVE-2022-22748 is a cross-origin spoof vulnerability in Mozilla components where malicious websites could confuse Thunderbird or a browser dialog about launching a program to handle an external URL protocol, resulting in a spoofed origin. Public documentation in connected advisories ties this to ...

6.5CVSS7.1AI score0.00737EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.513 views

CVE-2022-1197

CVE-2022-1197 concerns Thunderbird’s handling of OpenPGP revocation. According to the provided docs, when importing a revoked key that used the revocation reason “key compromise,” Thunderbird failed to update the existing non-revoked copy, leaving it effectively unrevoked. Revocations that used a...

5.4CVSS6.3AI score0.00373EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.511 views

CVE-2022-28286

The CVE-2022-28286 issue is a layout-related vulnerability where iframe contents could render outside their border, potentially enabling spoofing or user confusion. Affected products and versions identified in connected documents include Thunderbird < 91.8, Firefox < 99, and Firefox ESR

5.4CVSS6.3AI score0.00561EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.511 views

CVE-2022-31741

CVE-2022-31741 is a memory-safety issue triggered by processing a crafted CMS message, affecting Thunderbird < 91.10, Firefox < 101, and Firefox ESR

8.8CVSS8.8AI score0.00662EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.509 views

CVE-2022-22759

The CVE-2022-22759 issue describes a flaw where a sandboxed iframe that lacks allow-scripts could still execute an appended element’s JavaScript (e.g., event handlers) when that element is added to the iframe’s document. Affected products and versions include Firefox < 97, Thunderbird < 91....

9.6CVSS8.6AI score0.00743EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.507 views

CVE-2022-1196

CVE-2022-1196 involves a use-after-free caused by retaining a reference to a VR Process after destruction, potentially allowing an exploitable crash. The vulnerability affects Thunderbird before 91.8 and Firefox ESR before 91.8. The connected advisories indicate remediation by upgrading Thunderbi...

6.5CVSS7.3AI score0.00718EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.505 views

CVE-2022-28281

CVE-2022-28281 describes a memory safety vulnerability in Mozilla Firefox/Thunderbird where a compromised content process could send an unexpected number of WebAuthN Extensions in a Register command to the parent process, causing an out-of-bounds write and memory corruption that could lead to a p...

8.8CVSS8.1AI score0.02556EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.505 views

CVE-2022-34470

CVE-2022-34470 is a real-use-after-free vulnerability in Firefox/Thunderbird related to session-history navigations that could cause a crash. The connected documents identify the affected products and versions: Firefox and Firefox ESR (Firefox < 102, ESR < 91.11) and Thunderbird (Thunderbir...

9.8CVSS9.1AI score0.01064EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.502 views

CVE-2022-22763

CVE-2022-22763 describes a post-shutdown script execution issue in Mozilla Firefox, Thunderbird and Firefox ESR where a worker could run late in the lifecycle after it should be prevented. Affected products: Firefox < 96, Thunderbird < 91.6, Firefox ESR

8.8CVSS8.3AI score0.00564EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.501 views

CVE-2022-22761

CVE-2022-22761 fixes a vulnerability where the frame-ancestors CSP directive was not enforced for moz-extension:// pages, affecting Firefox < 97, Thunderbird < 91.6, and Firefox ESR

8.8CVSS8.4AI score0.00743EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.500 views

CVE-2022-31740

CVE-2022-31740 describes a register allocation bug in arm64 WASM code that could cause an exploitable crash. Publicly listed impact covers Thunderbird < 91.10, Firefox < 101, and Firefox ESR

8.8CVSS8.9AI score0.00651EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.499 views

CVE-2022-31747

CVE-2022-31747 involves memory safety bugs in Mozilla Firefox 100 and Firefox ESR 91.9 that could lead to memory corruption and potential arbitrary code execution. Affected products include Thunderbird < 91.10, Firefox < 101, and Firefox ESR

9.8CVSS9.9AI score0.00878EPSS
CVE
CVE
added 2019/04/26 4:10 p.m.497 views

CVE-2019-9810

CVE-2019-9810 is an IonMonkey JIT bug in Firefox/Thunderbird where incorrect alias information for Array.prototype.slice can skip bounds checks, enabling a buffer overflow and potential remote code execution. Affected: Firefox prior to 66.0.1 and Firefox ESR prior to 60.6.1; Thunderbird prior to ...

8.8CVSS8.2AI score0.29514EPSS
In wild
CVE
CVE
added 2022/12/22 12:0 a.m.496 views

CVE-2022-28289

CVE-2022-28289 corresponds to Mozilla Thunderbird memory-safety bugs reported by the Mozilla Fuzzing Team, with evidence of memory corruption and the possibility that, with enough effort, some flaws could be exploited to run arbitrary code. The vulnerability affects Thunderbird versions earlier t...

8.8CVSS8.4AI score0.00697EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.493 views

CVE-2022-31738

CVE-2022-31738 concerns an issue where, when exiting fullscreen mode, an iframe could mislead the browser about the current fullscreen state, enabling user confusion or spoofing. Affected: Thunderbird < 91.10, Firefox < 101, and Firefox ESR

6.5CVSS7.3AI score0.00584EPSS
CVE
CVE
added 2023/06/02 12:0 a.m.489 views

CVE-2023-23605

CVE-2023-23605 corresponds to memory-safety bugs in Mozilla Firefox 108 and Firefox ESR 102.6 (Thunderbird < 102.7; Firefox < 109; ESR

8.8CVSS8.6AI score0.00702EPSS
CVE
CVE
added 2021/02/26 2:10 a.m.486 views

CVE-2021-23954

CVE-2021-23954 : A memory corruption vulnerability in Firefox/Thunderbird was caused by using the new logical assignment operators inside a JavaScript switch, leading to a type confusion and potentially exploitable crash. Affected: Firefox <= 85.0 (fixed in 85.0+), Thunderbird

8.8CVSS8.4AI score0.011EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.486 views

CVE-2022-2200

CVE-2022-2200 affects Firefox and Thunderbird where an attacker could corrupt an object prototype to set undesired attributes on a JavaScript object, leading to privileged code execution. Affected versions are Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird

8.8CVSS8.7AI score0.23941EPSS
CVE
CVE
added 2019/07/23 1:17 p.m.485 views

CVE-2019-11719

CVE-2019-11719 describes an out-of-bounds read in NSS when importing a curve25519 private key in PKCS#8 format with leading 0x00 bytes, potentially leading to information disclosure. Affected products include Mozilla Firefox ESR and Thunderbird releases prior to 60.8, and Firefox versions prior t...

7.5CVSS6.7AI score0.02202EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.483 views

CVE-2022-34479

CVE-2022-34479 describes a vulnerability where a malicious website could create a popup that is resized to overlay the browser address bar, potentially causing user confusion or spoofing. The issue explicitly affects Thunderbird for Linux and, per the referenced advisories, Firefox and Thunderbir...

6.5CVSS7.1AI score0.00744EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.483 views

CVE-2022-34484

CVE-2022-34484 is a memory-corruption issue reported by the Mozilla Fuzzing Team affecting Mozilla Thunderbird and Firefox/Firefox ESR: Thunderbird < 102 and Thunderbird < 91.11, Firefox < 102, and Firefox ESR

8.8CVSS9.4AI score0.00981EPSS
Total number of security vulnerabilities1214