Lucene search

K

1376 matches found

CVE
CVE
added 2022/12/22 8:15 p.m.421 views

CVE-2022-34479

A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks. <br>This bug only affects Thunderbird for Linux. Other operating systems are unaffected. . This vulnerability affect...

6.5CVSS7.1AI score0.00113EPSS
CVE
CVE
added 2021/02/26 3:15 a.m.419 views

CVE-2021-23954

Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability affects Firefox &lt; 85, Thunderbird &lt; 78.7, and Firefox ESR &lt; 78.7.

8.8CVSS8.4AI score0.00302EPSS
CVE
CVE
added 2022/12/22 8:15 p.m.419 views

CVE-2022-34484

The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 102, Firefo...

8.8CVSS9.4AI score0.00197EPSS
CVE
CVE
added 2019/07/23 2:15 p.m.418 views

CVE-2019-11719

When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR &lt; 60.8, Firefox &lt; 68, and Thunderb...

7.5CVSS6.7AI score0.00254EPSS
CVE
CVE
added 2022/12/22 8:15 p.m.409 views

CVE-2022-1520

When viewing an email message A, which contains an attached message B, where B is encrypted or digitally signed or both, Thunderbird may show an incorrect encryption or signature status. After opening and viewing the attached message B, when returning to the display of message A, the message A migh...

4.3CVSS6.1AI score0.00145EPSS
CVE
CVE
added 2022/12/22 8:15 p.m.404 views

CVE-2022-22753

A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access.<br>This bug only affects Firefox on Windows. Other operating systems are unaffected. . Thi...

7.1CVSS7.3AI score0.00143EPSS
CVE
CVE
added 2022/12/22 8:15 p.m.402 views

CVE-2022-45418

If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR &lt; 102.5, Thunderbird &lt; 102.5, and Firefox &lt; 107.

6.1CVSS7.1AI score0.00118EPSS
CVE
CVE
added 2019/04/26 5:29 p.m.401 views

CVE-2019-9810

Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox &lt; 66.0.1, Firefox ESR &lt; 60.6.1, and Thunderbird &lt; 60.6.1.

8.8CVSS8.2AI score0.7088EPSS
CVE
CVE
added 2022/12/22 8:15 p.m.400 views

CVE-2022-34468

An iframe that was not permitted to run scripts could do so if the user clicked on a <code>javascript:</code> link. This vulnerability affects Firefox &lt; 102, Firefox ESR &lt; 91.11, Thunderbird &lt; 102, and Thunderbird &lt; 91.11.

8.8CVSS8.5AI score0.00131EPSS
CVE
CVE
added 2022/12/22 8:15 p.m.399 views

CVE-2022-31736

A malicious website could have learned the size of a cross-origin resource that supported Range requests. This vulnerability affects Thunderbird &lt; 91.10, Firefox &lt; 101, and Firefox ESR &lt; 91.10.

9.8CVSS8.9AI score0.00171EPSS
CVE
CVE
added 2022/12/22 8:15 p.m.381 views

CVE-2022-42927

A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via performance.getEntries(). This vulnerability affects Firefox &lt; 106, Firefox ESR &lt; 102.4, and Thunderbird &lt; 102.4.

8.1CVSS7.7AI score0.00163EPSS
CVE
CVE
added 2019/07/23 2:15 p.m.375 views

CVE-2019-11729

Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR &lt; 60.8, Firefox &lt; 68, and Thunderbird &lt; 60.8.

7.5CVSS7.3AI score0.00684EPSS
CVE
CVE
added 2022/12/22 8:15 p.m.375 views

CVE-2022-45421

Mozilla developers Andrew McCreight and Gabriele Svelto reported memory safety bugs present in Thunderbird 102.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects ...

8.8CVSS9.6AI score0.00122EPSS
CVE
CVE
added 2020/12/09 1:15 a.m.373 views

CVE-2020-26950

In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox &lt; 82.0.3, Firefox ESR &lt; 78.4.1, and Thunderbird &lt; 78.4.2.

9.3CVSS8.3AI score0.76006EPSS
CVE
CVE
added 2022/12/22 8:15 p.m.373 views

CVE-2022-45404

Through a series of popup and <code>window.print()</code> calls, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR &lt; 102.5, Thunderbird &lt; 102.5, and...

6.5CVSS7.1AI score0.00075EPSS
CVE
CVE
added 2022/12/22 8:15 p.m.371 views

CVE-2022-22746

A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed.<br>This bug only affects Firefox for Windows. Other operating systems are unaffected. . This vulnerability affects Firefox ESR &lt; 91.5, Firefox &lt; 96, an...

5.9CVSS6.1AI score0.00025EPSS
CVE
CVE
added 2015/05/14 10:59 a.m.370 views

CVE-2015-2716

Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.

7.5CVSS8.6AI score0.05699EPSS
CVE
CVE
added 2025/02/04 2:15 p.m.366 views

CVE-2025-1009

An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. This vulnerability affects Firefox &lt; 135, Firefox ESR &lt; 115.20, Firefox ESR &lt; 128.7, Thunderbird &lt; 128.7, and Thunderbird &lt; 135.

9.8CVSS6.3AI score0.00277EPSS
CVE
CVE
added 2022/12/22 8:15 p.m.365 views

CVE-2022-42929

If a website called window.print() in a particular way, it could cause a denial of service of the browser, which may persist beyond browser restart depending on the user's session restore settings. This vulnerability affects Firefox &lt; 106, Firefox ESR &lt; 102.4, and Thunderbird &lt; 102.4.

6.5CVSS6.6AI score0.00144EPSS
CVE
CVE
added 2022/12/22 8:15 p.m.365 views

CVE-2022-42932

Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 105 and Firefox ESR 102.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vu...

8.8CVSS9.1AI score0.0023EPSS
CVE
CVE
added 2022/12/22 8:15 p.m.363 views

CVE-2022-45412

When resolving a symlink such as <code>file:///proc/self/fd/1</code>, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer. <br>This bug only affects Thunderbird on Unix-based operated systems (Android, Linux, MacOS). Windows is una...

8.8CVSS8.5AI score0.00108EPSS
CVE
CVE
added 2021/06/24 2:15 p.m.362 views

CVE-2021-29945

The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. Note: This issue only affected x86-32 platforms. Other platforms are unaffected. . This vulnerability affects Firefox ESR &lt; 78.10, Thunderbird &lt; 78.10, and Firefox &lt; 88.

6.5CVSS6.2AI score0.00411EPSS
CVE
CVE
added 2022/12/22 8:15 p.m.362 views

CVE-2022-45420

Use tables inside of an iframe, an attacker could have caused iframe contents to be rendered outside the boundaries of the iframe, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR &lt; 102.5, Thunderbird &lt; 102.5, and Firefox &lt; 107.

6.5CVSS7.2AI score0.00092EPSS
CVE
CVE
added 2020/07/09 3:15 p.m.360 views

CVE-2020-12399

NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird &lt; 68.9.0, Firefox &lt; 77, and Firefox ESR &lt; 68.9.

4.4CVSS5.9AI score0.0008EPSS
CVE
CVE
added 2024/04/16 4:15 p.m.359 views

CVE-2024-3864

Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 125, Firefox ESR &lt; 115.10, and Th...

8.1CVSS6.5AI score0.00788EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.351 views

CVE-2017-7805

During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointi...

7.5CVSS8AI score0.04831EPSS
CVE
CVE
added 2022/12/22 8:15 p.m.351 views

CVE-2022-45408

Through a series of popups that reuse windowName, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR &lt; 102.5, Thunderbird &lt; 102.5, and Firefox &lt; 1...

6.5CVSS7.1AI score0.00121EPSS
CVE
CVE
added 2020/10/01 7:15 p.m.332 views

CVE-2020-15669

When aborting an operation, such as a fetch, an abort signal may be deleted while alerting the objects to be notified. This results in a use-after-free and we presume that with enough effort it could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR &lt; 68.12 and Th...

8.8CVSS8.4AI score0.00451EPSS
CVE
CVE
added 2021/06/24 2:15 p.m.332 views

CVE-2021-29967

Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird &lt; 78.11...

8.8CVSS7.3AI score0.00183EPSS
CVE
CVE
added 2020/05/22 7:15 p.m.325 views

CVE-2020-12397

By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. This vulnerability affects Thunderbird &lt; 68.8.0.

4.3CVSS6AI score0.00184EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.319 views

CVE-2016-9905

A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents. This vulnerability affects Firefox ESR &lt; 45.6 and Thunderbird &lt; 45.6.

8.8CVSS8.7AI score0.01236EPSS
CVE
CVE
added 2021/01/07 2:15 p.m.318 views

CVE-2020-26974

When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox &lt; 84, Thunderbird &lt; 78.6, and Fir...

8.8CVSS8.3AI score0.00535EPSS
CVE
CVE
added 2020/03/02 5:15 a.m.318 views

CVE-2020-6800

Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. In general, these flaws cann...

8.8CVSS9.2AI score0.00884EPSS
CVE
CVE
added 2023/06/02 5:15 p.m.315 views

CVE-2023-28176

Memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 111, Firefox ESR &lt; 102.9, and Thu...

8.8CVSS9.1AI score0.00146EPSS
CVE
CVE
added 2020/05/26 6:15 p.m.314 views

CVE-2020-12387

A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash. This vulnerability affects Firefox ESR &lt; 68.8, Firefox &lt; 76, and Thunderbird &lt; 68.8.0.

8.1CVSS8.4AI score0.00998EPSS
CVE
CVE
added 2019/04/26 5:29 p.m.304 views

CVE-2019-9791

The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR). This allows for possible arbitrary ...

9.8CVSS9.3AI score0.39295EPSS
CVE
CVE
added 2019/09/27 6:15 p.m.299 views

CVE-2019-11744

Some HTML elements, such as &lt;title&gt; and &lt;textarea&gt;, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can ...

6.1CVSS6.6AI score0.00786EPSS
CVE
CVE
added 2024/03/19 12:15 p.m.299 views

CVE-2024-2608

AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding() and AppendEncodedCharacters() could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write. This vulnerability affects Firefox &lt; 124, Firefox ESR &lt; 115.9, and Thunderbir...

8.4CVSS6.9AI score0.0016EPSS
CVE
CVE
added 2018/06/11 9:29 p.m.298 views

CVE-2018-5146

An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox &lt; 59.0.1, Firefox ESR &lt; 52.7.2, and Thunderbird &lt; 52.7.

8.8CVSS7AI score0.26243EPSS
CVE
CVE
added 2021/02/26 2:15 a.m.298 views

CVE-2021-23968

If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox &lt; 86...

4.3CVSS5.4AI score0.01004EPSS
CVE
CVE
added 2019/09/27 6:15 p.m.295 views

CVE-2019-11740

Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerabilit...

8.8CVSS9.4AI score0.01022EPSS
CVE
CVE
added 2017/05/11 1:29 a.m.292 views

CVE-2017-5461

Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations.

9.8CVSS9.1AI score0.01411EPSS
CVE
CVE
added 2020/03/25 10:15 p.m.292 views

CVE-2020-6811

The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execu...

8.8CVSS9.1AI score0.0097EPSS
CVE
CVE
added 2021/11/03 1:15 a.m.291 views

CVE-2021-38493

Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR &lt; 78.14...

8.8CVSS9.1AI score0.002EPSS
CVE
CVE
added 2021/11/03 1:15 a.m.289 views

CVE-2021-29991

Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3. This vulnerability affects Firefox &lt; 91.0.1 and Thunderbird &lt; 91.0.1.

8.1CVSS7.7AI score0.00341EPSS
CVE
CVE
added 2023/06/02 5:15 p.m.288 views

CVE-2023-23598

Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to <code>DataTransfer.setData</code>. This vulnerability affects Firefox &lt; 109, Thunderbird &lt; 10...

6.5CVSS6.5AI score0.00137EPSS
CVE
CVE
added 2023/07/12 2:15 p.m.288 views

CVE-2023-3600

During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. This vulnerability affects Firefox &lt; 115.0.2, Firefox ESR &lt; 115.0.2, and Thunderbird &lt; 115.0.1.

8.8CVSS8.6AI score0.00175EPSS
CVE
CVE
added 2014/09/25 5:55 p.m.285 views

CVE-2014-1568

Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1...

7.5CVSS5.3AI score0.42007EPSS
CVE
CVE
added 2019/04/26 5:29 p.m.285 views

CVE-2019-9792

The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory corruption, which results in a potentially exploitable crash. This vulnerability affects Thunderbird ...

9.8CVSS9.1AI score0.19723EPSS
CVE
CVE
added 2020/03/02 5:15 a.m.284 views

CVE-2020-6794

If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Thunderbird 60. The new master passwo...

6.5CVSS6.8AI score0.00326EPSS
Total number of security vulnerabilities1376