Lucene search
K

1214 matches found

CVE
CVE
added 2022/12/22 12:0 a.m.482 views

CVE-2022-31739

CVE-2022-31739 is a Windows file-save path traversal in Mozilla Thunderbird (versions 91.0–91.9.1 per CNVD). An input-validation flaw could allow a downloaded file to be saved to attacker-controlled paths (e.g., using environment variables like %HOMEPATH% or %APPDATA%). No public fix/version deta...

8.8CVSS8.2AI score0.00662EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.472 views

CVE-2022-45418

CVE-2022-45418 describes a UI spoofing risk where a custom CSS mouse cursor could be drawn over the browser UI, potentially confusing users. Affected products include Firefox ESR and Firefox releases prior to 102.5, and Thunderbird prior to 102.5. Public sources in connected documents consistentl...

6.1CVSS7.1AI score0.00728EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.469 views

CVE-2022-34468

CVE-2022-34468: An iframe that is not allowed to run scripts could execute scripts when a user clicked a javascript: link. Affected: Firefox <102, Firefox ESR <91.11, Thunderbird <102, Thunderbird

8.8CVSS8.5AI score0.00937EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.466 views

CVE-2022-22753

CVE-2022-22753 affects Mozilla Firefox on Windows, with a Time-of-Check Time-of-Use bug in the Maintenance (Updater) Service that could grant a user write access to an arbitrary directory and escalate to SYSTEM. The umbrella set includes Firefox versions below 97 and affected Thunderbird ESR line...

7.1CVSS7.3AI score0.00632EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.465 views

CVE-2022-31736

CVE-2022-31736 is a cross-origin length disclosure in Mozilla products: a malicious site could learn the length of a cross-origin resource that supports Range requests. Affected are Thunderbird < 91.10, Firefox < 101, and Firefox ESR

9.8CVSS8.9AI score0.01055EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.463 views

CVE-2022-42927

CVE-2022-42927 is a same-origin policy violation that could leak cross-origin URL entries and the redirect result via performance.getEntries(). Connected sources confirm impact on Firefox before version 106, Firefox ESR before 102.4, and Thunderbird before 102.4. Mitigations referenced include up...

8.1CVSS7.7AI score0.00414EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.459 views

CVE-2022-1834

The CVE-2022-1834 vulnerability affects Thunderbird and is triggered when the sender name contains multiple Braille Pattern Blank space characters, causing all spaces to be displayed. An attacker could craft an email where the sender’s visible address appears to be the attacker’s while the signin...

6.5CVSS7.4AI score0.0038EPSS
CVE
CVE
added 2024/04/16 3:14 p.m.459 views

CVE-2024-3864

CVE-2024-3864 is a memory-safety vulnerability in Mozilla Firefox and Thunderbird. It affects Firefox <125, Firefox ESR <115.10, and Thunderbird

8.1CVSS6.5AI score0.00847EPSS
CVE
CVE
added 2019/07/23 1:16 p.m.457 views

CVE-2019-11729

CVE-2019-11729 is confirmed in the connected documents as an NSS vulnerability: empty or malformed p256-ECDH public keys may cause a segmentation fault due to improper sanitization during memory copy. The issue affects NSS-related components used by Firefox ESR (<60.8), Firefox (<68), Thund...

7.5CVSS7.3AI score0.02794EPSS
CVE
CVE
added 2020/12/09 12:19 a.m.457 views

CVE-2020-26950

CVE-2020-26950 concerns a write-side effect in the MCallGetProperty opcode causing a use-after-free in Mozilla Firefox/Thunderbird. Affected software: Firefox < 82.0.3, Firefox ESR < 78.4.1, Thunderbird

9.3CVSS8.3AI score0.42327EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.451 views

CVE-2022-1520

CVE-2022-1520 affects Thunderbird prior to 91.9. The issue is an incorrect encryption/signature status display when viewing an email A with an attached B (encrypted/digitally signed). After opening B, returning to A may cause A to show B’s security status. This is a client-side UI discrepancy, no...

4.3CVSS6.1AI score0.00266EPSS
CVE
CVE
added 2020/12/09 12:26 a.m.450 views

CVE-2020-26970

CVE-2020-26970 – Thunderbird SMTP handling stack overflow : The vulnerability occurs when reading SMTP server status codes, causing Thunderbird

9.3CVSS8.3AI score0.01222EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.445 views

CVE-2022-45421

CVE-2022-45421 describes memory safety bugs reported in Thunderbird 102.4 (and related Gecko code paths) with evidence of memory corruption; the advisory notes these could be exploited to execute arbitrary code. Affected products include Thunderbird < 102.5, Firefox ESR < 102.5, and Firefox

8.8CVSS9.6AI score0.00702EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.440 views

CVE-2022-42932

CVE-2022-42932 involves memory safety bugs in Mozilla Firefox/Thunderbird. Affected products: Firefox 105 and ESR 102.3 (and older branches) with vulnerability present in Firefox < 106, ESR < 102.4, and Thunderbird

8.8CVSS9.1AI score0.00712EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.439 views

CVE-2022-45404

CVE-2022-45404 : The vulnerability is a fullscreen notification bypass caused by a sequence of popup/window.print() calls that lets a window go fullscreen without the user prompt. Affected products include Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox

6.5CVSS7.1AI score0.0061EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.438 views

CVE-2022-45412

CVE-2022-45412 is a memory-unclear error that occurs when resolving the symlink file:///proc/self/fd/1, producing an error message with uninitialized memory content. The issue affects Thunderbird on Unix-based systems (Android, Linux, macOS) and also involves Firefox ESR <102.5 and Firefox

8.8CVSS8.5AI score0.00789EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.436 views

CVE-2022-42929

Affects Firefox and Thunderbird: CVE-2022-42929 describes a denial-of-service vulnerability triggered by a particular handling of window.print(), with exploits leading to browser DoS that may persist across restarts depending on session restore. Public sources (CVE entry, Astra Linux advisory, De...

6.5CVSS6.6AI score0.0073EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.435 views

CVE-2022-45420

CVE-2022-45420 describes a phishing/spoofing risk where iframe content could be rendered outside the iframe boundaries in Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox

6.5CVSS7.2AI score0.0057EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.431 views

CVE-2022-22746

CVE-2022-22746 describes a race condition that could bypass the fullscreen notification, potentially enabling a fullscreen window spoof in Firefox on Windows. The vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird

5.9CVSS6.1AI score0.0059EPSS
CVE
CVE
added 2020/07/09 2:52 p.m.429 views

CVE-2020-12399

CVE-2020-12399 involves NSS showing timing differences during DSA signatures, a vulnerability that could allow leakage of DSA private keys. The connected documents consistently state affected software as Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR

4.4CVSS5.9AI score0.00651EPSS
CVE
CVE
added 2021/06/24 1:19 p.m.421 views

CVE-2021-29945

CVE-2021-29945 concerns the WebAssembly JIT: the JIT could miscalculate the size of a return type, causing a null read and a crash on x86-32. Affected products per the provided documents include Firefox ESR and Firefox releases prior to 78.10 and Thunderbird prior to 78.10 (Firefox

6.5CVSS6.2AI score0.01208EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.416 views

CVE-2022-45408

Summary: CVE-2022-45408 describes a web/browser UI issue where a sequence of popups that reuse the same windowName can force a window into fullscreen mode without showing the notification prompt, enabling user confusion or spoofing. Affected products/versions: Firefox ESR and Firefox, Thunderbird...

6.5CVSS7.1AI score0.007EPSS
CVE
CVE
added 2021/06/24 1:14 p.m.414 views

CVE-2021-29967

CVE-2021-29967 is a set of memory-safety bugs in Mozilla’s Firefox stack (affecting Firefox 88/ESR 78.11 path) that Mozilla indicated could be exploited to run arbitrary code. Affected products include Thunderbird < 78.11, Firefox < 89, and Firefox ESR

8.8CVSS7.3AI score0.01368EPSS
CVE
CVE
added 2024/03/19 12:2 p.m.394 views

CVE-2024-2608

CVE-2024-2608 affects Mozilla Firefox (including ESR) and Thunderbird. The issue arises from integer overflow in encoding routines (AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding(), and AppendEncodedCharacters()) that can underallocate an output buffer, leading to an out-of-bounds...

8.4CVSS6.9AI score0.00385EPSS
CVE
CVE
added 2020/05/26 5:4 p.m.393 views

CVE-2020-12387

CVE-2020-12387 is a use-after-free vulnerability caused by a race condition during Web Worker shutdown in Mozilla Firefox/Thunderbird. Affected products include Firefox ESR < 68.8, Firefox < 76, and Thunderbird

8.1CVSS8.4AI score0.01403EPSS
CVE
CVE
added 2021/01/07 1:52 p.m.384 views

CVE-2020-26974

CVE-2020-26974 is a Firefox/Thunderbird vulnerability where using flex-basis on a table wrapper could cause a StyleGenericFlexBasis object to be cast to the wrong type, leading to a heap use-after-free and memory corruption, potentially crashing the browser. Affected: Firefox <84, Thunderbird ...

8.8CVSS8.3AI score0.01455EPSS
CVE
CVE
added 2020/03/02 4:5 a.m.382 views

CVE-2020-6800

CVE-2020-6800 involves memory safety bugs identified in Firefox 72 and Firefox ESR 68.4, with potential to corrupt memory and enable arbitrary code execution in browser-like contexts. Affected products include Thunderbird and Firefox versions older than 68.5/73 respectively (Thunderbird < 68.5...

8.8CVSS9.2AI score0.02274EPSS
CVE
CVE
added 2023/06/02 12:0 a.m.379 views

CVE-2023-28176

CVE-2023-28176 corresponds to memory safety bugs in Firefox 110 and Firefox ESR 102.8, with potential to cause memory corruption and possible arbitrary code execution. Affected products include Firefox <111, Firefox ESR <102.9, and Thunderbird

8.8CVSS9.1AI score0.00713EPSS
CVE
CVE
added 2021/02/26 1:59 a.m.374 views

CVE-2021-23968

CVE-2021-23968 describes a disclosure risk where, if a Content Security Policy blocked frame navigation, the violation report could reveal the destination of a redirect instead of the original frame URI. This could leak sensitive information contained in those URIs. Affected products include Fire...

4.3CVSS5.4AI score0.01212EPSS
CVE
CVE
added 2025/02/04 1:58 p.m.373 views

CVE-2025-1013

CVE-2025-1013 describes a race condition that could cause private browsing tabs to open in normal browsing windows, potentially leaking private data. The initial CVE entry asserts impact on Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird

6.5CVSS7AI score0.00313EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.372 views

CVE-2018-5146

CVE-2018-5146 describes an out-of-bounds memory write in Vorbis audio data processing. Affected are Mozilla Firefox (<59.0.1), Firefox ESR (<52.7.2), and Thunderbird (

8.8CVSS7AI score0.12054EPSS
CVE
CVE
added 2019/04/26 4:13 p.m.371 views

CVE-2019-9791

CVE-2019-9791 affects Thunderbird and Firefox (including Firefox ESR) and stems from the IonMonkey JIT: type confusion for constructors entered via on-stack replacement. The advisory notes that the vulnerability can enable arbitrary reading/writing of objects during an exploitable crash, with fix...

9.8CVSS9.3AI score0.19762EPSS
CVE
CVE
added 2023/06/02 12:0 a.m.369 views

CVE-2023-32205

CVE-2023-32205 affects Firefox (versions < 113), Firefox ESR (< 102.11), and Thunderbird (

4.3CVSS5.8AI score0.00631EPSS
CVE
CVE
added 2019/09/27 5:19 p.m.365 views

CVE-2019-11740

CVE-2019-11740 corresponds to memory-safety bugs in Firefox 68/ESR 68 and Firefox 60.8, with potential for arbitrary code execution. According to the consolidated sources, affected products include Firefox < 69, Thunderbird < 68.1/60.9, and Firefox ESR

8.8CVSS9.4AI score0.01643EPSS
CVE
CVE
added 2020/03/25 9:12 p.m.364 views

CVE-2020-6811

CVE-2020-6811 concerns Mozilla Firefox/Thunderbird where Devtools Network tab’s Copy as cURL did not properly escape the HTTP method. The underlying issue could allow command injection if the generated curl command is pasted into a terminal. Public advisories indicate affected products include Th...

8.8CVSS9.1AI score0.03191EPSS
CVE
CVE
added 2023/07/12 1:45 p.m.363 views

CVE-2023-3600

CVE-2023-3600 affects Firefox (all channels) < 115.0.2, Firefox ESR < 115.0.2, and Thunderbird

8.8CVSS7.8AI score0.00634EPSS
CVE
CVE
added 2024/03/19 12:2 p.m.363 views

CVE-2024-2610

CVE-2024-2610 involves a markup-injection issue that could leak CSP nonces, enabling CSP policy leakage. Affected: Firefox <124, Firefox ESR <115.9, Thunderbird

6.1CVSS7AI score0.00704EPSS
CVE
CVE
added 2021/11/03 12:3 a.m.362 views

CVE-2021-38493

CVE-2021-38493 covers memory-safety bugs in Mozilla Firefox 91/ESR 78.13 (and Thunderbird <78.14) that could lead to memory corruption and potentially arbitrary code execution. Affected: Firefox ESR <78.14, Thunderbird <78.14, and Firefox

8.8CVSS9.1AI score0.01205EPSS
CVE
CVE
added 2020/05/22 6:57 p.m.361 views

CVE-2020-12397

CVE-2020-12397 affects Mozilla Thunderbird. By encoding Unicode whitespace characters within the From header, an attacker could spoof the sender email address displayed by Thunderbird. It impacts Thunderbird versions older than 68.8.0. The connected sources confirm this as part of a set of relate...

4.3CVSS6AI score0.00597EPSS
CVE
CVE
added 2020/10/01 6:42 p.m.360 views

CVE-2020-15669

CVE-2020-15669 details (concrete): A use-after-free bug occurs when aborting an operation (e.g., fetch) where an abort signal is deleted while alerting observers, potentially allowing arbitrary code execution. Affected products include Firefox ESR versions earlier than 68.12 and Thunderbird versi...

8.8CVSS8.4AI score0.01119EPSS
CVE
CVE
added 2019/09/27 5:17 p.m.359 views

CVE-2019-11744

CVE-2019-11744 concerns an XSS in HTML elements such as and where literal angle brackets can be left unescaped, allowing a crafted closing tag to be injected via innerHTML and make subsequent content appear outside the tag. Affected products include Firefox (versions before 69), Thunderbird (be...

6.1CVSS6.6AI score0.0145EPSS
CVE
CVE
added 2019/04/26 4:13 p.m.359 views

CVE-2019-9792

The CVE-2019-9792 issue is an IonMonkey JIT leak in Firefox/Thunderbird where the JS_OPTIMIZED_OUT magic value is leaked during bailout, enabling memory corruption and potentially a crash. Affected: Thunderbird < 60.6, Firefox ESR < 60.6, Firefox

9.8CVSS9.1AI score0.13197EPSS
CVE
CVE
added 2025/01/07 4:7 p.m.359 views

CVE-2025-0242

The connected documents confirm CVE-2025-0242 involves memory safety bugs in Firefox and Thunderbird (including ESR branches) with evidence of memory corruption and potential arbitrary code execution given sufficient effort. Affected products and versions stated: Firefox < 134, Firefox ESR &lt...

6.5CVSS7AI score0.1307EPSS
CVE
CVE
added 2024/03/19 12:2 p.m.357 views

CVE-2024-2607

CVE-2024-2607 is a concrete issue affecting Mozilla Firefox/Thunderbird components on Armv7-A: return registers may be overwritten during JIT/return handling , potentially enabling arbitrary code execution. The CVE is referenced in multiple advisories (Debian, AlmaLinux, CentOS) with explicit fix...

8.1CVSS7.2AI score0.01107EPSS
CVE
CVE
added 2024/05/14 5:21 p.m.354 views

CVE-2024-4767

CVE-2024-4767 is a fault in Firefox/Thunderbird where IndexedDB files were not properly deleted when a window closed if browser.privatebrowsing.autostart is enabled. Affected products include Firefox versions older than 126, Firefox ESR older than 115.11, and Thunderbird older than 115.11. The is...

4.3CVSS5.7AI score0.00488EPSS
CVE
CVE
added 2021/11/03 12:4 a.m.353 views

CVE-2021-29991

CVE-2021-29991 affects Mozilla Firefox and Mozilla Thunderbird. The issue arises when Firefox incorrectly accepts a newline in an HTTP/3 header, treating it as two separate headers, enabling a header-splitting scenario for servers using HTTP/3. Affected versions are Firefox < 91.0.1 and Thunde...

8.1CVSS7.7AI score0.00885EPSS
CVE
CVE
added 2024/11/26 1:33 p.m.353 views

CVE-2024-11694

The CVE-2024-11694 issue is a CSP frame-src bypass and DOM-based XSS stemming from Enhanced Tracking Protection in Mozilla products via the Web Compatibility extension’s Google SafeFrame shim. Affected: Firefox versions <133, Firefox ESR <128.5, Firefox ESR <115.18, Thunderbird <133, ...

6.1CVSS6.3AI score0.00499EPSS
CVE
CVE
added 2024/10/01 3:13 p.m.353 views

CVE-2024-9400

A memory corruption vulnerability (CVE-2024-9400) can be triggered by triggering an OOM at a specific moment during JIT compilation, affecting Firefox versions before 131, Firefox ESR before 128.3, Thunderbird before 128.3, and Thunderbird before 131. The issue has been acknowledged in multiple a...

8.8CVSS6.4AI score0.00474EPSS
CVE
CVE
added 2024/11/26 1:34 p.m.352 views

CVE-2024-11699

CVE-2024-11699 describes memory-safety bugs in Mozilla Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4 that could allow arbitrary code execution; vulnerable when running Firefox <133, Firefox ESR <128.5, Thunderbird <133, or Thunderbird

8.8CVSS7.3AI score0.00686EPSS
CVE
CVE
added 2024/05/14 5:21 p.m.352 views

CVE-2024-4770

CVE-2024-4770 is a memory-safety use-after-free issue in PDF rendering when saving a page to PDF, reported for Firefox <126, Firefox ESR <115.11, and Thunderbird

8.8CVSS5.7AI score0.00587EPSS
Total number of security vulnerabilities1214