Lucene search
K

1214 matches found

CVE
CVE
added 2024/10/29 12:19 p.m.297 views

CVE-2024-10462

CVE-2024-10462 describes a truncation of long URLs that could allow origin spoofing in a permission prompt for Mozilla Firefox and Thunderbird. The connected documents confirm affected products and versions: Firefox and Firefox ESR up to certain releases (Firefox < 132; ESR < 128.4), Thunde...

7.5CVSS6.1AI score0.0054EPSS
CVE
CVE
added 2024/08/06 12:38 p.m.297 views

CVE-2024-7529

CVE-2024-7529: The date picker can partially obscure security prompts in Mozilla Firefox and Thunderbird up to specific versions (Firefox < 129, ESR < 115.14/128.1; Thunderbird

8.1CVSS7.6AI score0.00492EPSS
CVE
CVE
added 2019/02/28 6:0 p.m.296 views

CVE-2018-18492

CVE-2018-18492 is a use-after-free in the Firefox/ Thunderbird codebase: after deleting a selection element, a weak reference in the options collection can lead to a potentially exploitable crash. Affected products include Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox

9.8CVSS7.5AI score0.09646EPSS
CVE
CVE
added 2020/07/09 2:45 p.m.296 views

CVE-2020-12406

CVE-2020-12406 involves a missing type check during unboxed objects removal in Mozilla code, leading to a crash that could be exploited to run arbitrary code. Affected products/versions from the provided documents include Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR

9.3CVSS8.3AI score0.0102EPSS
CVE
CVE
added 2023/06/02 12:0 a.m.296 views

CVE-2023-23602

CVE-2023-23602 describes a mishandled security check when creating a WebSocket in a WebWorker, causing the Content Security Policy connect-src header to be ignored. Affected products in the provided sources include Firefox (versions before 109), Firefox ESR (before 102.7), and Thunderbird (before...

6.5CVSS6.6AI score0.00601EPSS
CVE
CVE
added 2024/08/06 12:38 p.m.296 views

CVE-2024-7518

CVE-2024-7518 describes that select options could obscure the fullscreen notification dialog, enabling spoofing by a malicious site. Affected products and versions identified in connected docs include Mozilla Firefox (older builds: Firefox < 129 and Firefox ESR < 128.1) and Mozilla Thunderb...

6.5CVSS8.7AI score0.0048EPSS
CVE
CVE
added 2024/10/01 3:13 p.m.295 views

CVE-2024-9398

CVE-2024-9398 affects Mozilla Firefox and Thunderbird: an attacker could enumerate external protocol handlers by exploiting a check of window.open results, effectively testing whether a protocol handler is installed. Affected: Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and ...

5.3CVSS6.2AI score0.00561EPSS
CVE
CVE
added 2020/03/25 9:13 p.m.294 views

CVE-2020-6807

CVE-2020-6807 describes a use-after-free in Thunderbird involving stream-reinit when a device/stream is modified as it is being destroyed. Affected products include Thunderbird

8.8CVSS9AI score0.01239EPSS
CVE
CVE
added 2021/12/08 9:21 p.m.294 views

CVE-2021-38507

CVE-2021-38507 describes a vulnerability in HTTP/2 Opportunistic Encryption (RFC 8164) where, if a second encrypted port on the same IP (e.g., 8443) did not opt in, a network attacker could forward 443 to 8443 and trick the browser into treating the content as same-origin with HTTP. The issue was...

6.5CVSS7AI score0.00805EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.294 views

CVE-2021-4140

CVE-2021-4140 is a vulnerability where crafted XSLT markup could bypass the iframe sandbox, affecting Mozilla Firefox/Thunderbird products. Connected advisories consistently describe an iframe sandbox bypass with XSLT as the issue (CVE-2021-4140) and document affected versions such as Firefox ESR...

10CVSS8.8AI score0.0134EPSS
CVE
CVE
added 2024/11/26 1:33 p.m.294 views

CVE-2024-11697

The CVE-2024-11697 entry concerns Mozilla Firefox and Thunderbird and involves improper handling of keypresses in the Executable File Confirmation dialog. Affected versions are Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird

8.8CVSS6.6AI score0.00768EPSS
CVE
CVE
added 2020/01/08 9:24 p.m.293 views

CVE-2019-17012

Mozilla reported memory safety bugs in Firefox 70 and Firefox ESR 68.2, with potential to exploit for arbitrary code. Affected: Thunderbird < 68.3, Firefox ESR < 68.3, Firefox

8.8CVSS9.2AI score0.01976EPSS
CVE
CVE
added 2020/12/09 12:21 a.m.293 views

CVE-2020-26956

CVE-2020-26956 is an XSS issue caused by removing HTML elements during sanitization, which could leave SVG event handlers active. Affected: Firefox <83, Firefox ESR <78.5, Thunderbird

6.1CVSS6.5AI score0.01218EPSS
CVE
CVE
added 2020/12/09 12:22 a.m.293 views

CVE-2020-26959

CVE-2020-26959 is a use-after-free in the WebRequestService during browser shutdown, potentially enabling memory corruption and a crash in Firefox/Thunderbird prior to the fixed versions. Connected advisories confirm this affects Firefox <83, Firefox ESR <78.5, and Thunderbird

8.8CVSS8.3AI score0.0127EPSS
CVE
CVE
added 2025/01/07 4:7 p.m.293 views

CVE-2025-0241

CVE-2025-0241 is a memory-corruption vulnerability in Mozilla Firefox/Thunderbird caused by faulty text segmentation. Affected products include Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird

7.7CVSS6.9AI score0.00725EPSS
CVE
CVE
added 2019/07/23 1:24 p.m.292 views

CVE-2019-9817

CVE-2019-9817 describes cross-origin image access via canvas that can leak image data across domains. Publicly reported impact affects Mozilla products including Thunderbird and Firefox (non-ESR and ESR lines) prior to version thresholds: Thunderbird <60.7, Firefox <67, ESR

5.3CVSS5.4AI score0.00825EPSS
CVE
CVE
added 2024/10/29 12:19 p.m.292 views

CVE-2024-10461

CVE-2024-10461: In multipart/x-mixed-replace responses, Content-Disposition: attachment header was not respected, enabling XSS. Affected: Firefox <132, Firefox ESR <128.4, Thunderbird <128.4, Thunderbird

6.1CVSS5.4AI score0.00572EPSS
CVE
CVE
added 2020/01/08 7:53 p.m.291 views

CVE-2019-11762

The CVE-2019-11762 issue is a cross-origin origin isolation bug where two same-origin documents setting document.domain differently could allow calling arbitrary DOM methods/getters/setters on the now-cross-origin window. Affected products include Firefox (<70) and Firefox ESR (<68.2), and ...

6.1CVSS6.7AI score0.00609EPSS
CVE
CVE
added 2020/12/09 12:23 a.m.291 views

CVE-2020-26961

CVE-2020-26961 describes a DoH-related issue where IPv4 addresses mapped through IPv6 bypass RFC1918 filtering, enabling a DNS rebinding-like condition in Firefox/Thunderbird before versions 83/78.5. Connected sources (CentOS advisories) confirm Mozilla patches addressing multiple issues includin...

6.5CVSS6.8AI score0.01151EPSS
CVE
CVE
added 2020/07/09 2:45 p.m.290 views

CVE-2020-12405

The CVE-2020-12405 issue is a race condition in Thunderbird/Firefox SharedWorkerService that could cause a crash. It affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR

5.3CVSS6.3AI score0.01352EPSS
CVE
CVE
added 2021/12/08 9:21 p.m.290 views

CVE-2021-38508

CVE-2021-38508 is a vulnerability affecting Mozilla products where a form validity message shown in the same location as a permission prompt (e.g., geolocation) can obscure the prompt, potentially tricking users into granting permissions. Affected: Firefox < 94, Thunderbird < 91.3, and Fire...

4.3CVSS6.1AI score0.01527EPSS
CVE
CVE
added 2024/11/26 1:33 p.m.290 views

CVE-2024-11701

CVE-2024-11701 affects Mozilla Firefox and Mozilla Thunderbird. The issue is an incorrect domain being displayed in the address bar during interrupted navigation, which could enable spoofing attacks. Affected versions are Firefox < 133 and Thunderbird

4.3CVSS6.2AI score0.00401EPSS
CVE
CVE
added 2020/01/08 7:52 p.m.289 views

CVE-2019-11761

CVE-2019-11761 affects Thunderbird (and Firefox/Firefox ESR) via an unintended access to a privileged JSONView object that has been cloned into content. The root cause is exposure of this object through a form using a data: URI, enabling access to privileged content and bypassing defense-in-depth...

5.8CVSS6.4AI score0.00791EPSS
CVE
CVE
added 2021/06/24 1:26 p.m.289 views

CVE-2021-23995

CVE-2021-23995 is a use-after-free vulnerability in Responsive Design Mode that could allow arbitrary code execution. Affected products: Firefox ESR <78.10, Thunderbird <78.10, and Firefox

8.8CVSS6.7AI score0.01214EPSS
CVE
CVE
added 2021/06/24 1:15 p.m.289 views

CVE-2021-29964

CVE-2021-29964 is a local, Windows-only vulnerability in Mozilla Firefox where a hostile WM_COPYDATA message could cause an out-of-bounds read while parsing the message. Affected products include Thunderbird < 78.11, Firefox < 89, and Firefox ESR

7.1CVSS6.7AI score0.00787EPSS
CVE
CVE
added 2019/02/28 6:0 p.m.288 views

CVE-2018-18493

CVE-2018-18493 describes a buffer overflow in the Skia library used for hardware-accelerated 2D canvas, caused by 32-bit offset calculations where 64-bit calculations were needed. Affected products include Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox

9.8CVSS7.6AI score0.04975EPSS
CVE
CVE
added 2020/12/09 12:26 a.m.288 views

CVE-2020-26968

CVE-2020-26968 is a Mozilla Firefox/Thunderbird memory-safety issue. The provided documents indicate memory-safety bugs in Firefox 82 and ESR 78.4, with potential memory corruption that could allow running arbitrary code. Affected versions: Firefox < 83, Firefox ESR < 78.5, and Thunderbird

9.3CVSS9.1AI score0.01484EPSS
CVE
CVE
added 2020/01/08 7:59 p.m.287 views

CVE-2019-11763

The CVE-2019-11763 entry concerns a parsing defect in handling null bytes in HTML entities, causing Firefox to mis-parse entities and potentially treat HTML comments as code. This could enable XSS in web apps under certain conditions and allow masking of actual characters by filters. Public detai...

6.1CVSS6.5AI score0.00994EPSS
CVE
CVE
added 2020/01/08 9:23 p.m.287 views

CVE-2019-17010

CVE-2019-17010 is a race-condition vulnerability that, during device orientation checks, can cause a use-after-free and a potentially exploitable crash in Thunderbird and Firefox products. It affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox

7.5CVSS7.7AI score0.01566EPSS
CVE
CVE
added 2020/08/10 5:43 p.m.287 views

CVE-2020-15659

CVE-2020-15659 concerns memory safety bugs in Firefox 78 and Firefox ESR 78.x, with potential to run arbitrary code. The entry affects Firefox < 79 and Firefox ESR < 68.11/78.1, and Thunderbird

9.3CVSS9.2AI score0.02401EPSS
CVE
CVE
added 2021/08/05 7:46 p.m.287 views

CVE-2021-29969

Thunderbird is affected by CVE-2021-29969: when STARTTLS is used for IMAP, an attacker injecting IMAP responses before TLS completion could cause Thunderbird to display spoofed information (e.g., folders that don’t exist). Affects Thunderbird versions older than 78.12. The issue originates from n...

5.9CVSS5.7AI score0.012EPSS
CVE
CVE
added 2024/08/06 12:38 p.m.287 views

CVE-2024-7525

CVE-2024-7525 is linked to a vulnerability in Mozilla Firefox/Thunderbird where a web extension with minimal permissions could create a StreamFilter, enabling reading and modification of response bodies on any site due to a missing permission check when creating the StreamFilter. Affected product...

9.1CVSS8.6AI score0.00564EPSS
CVE
CVE
added 2020/01/08 7:48 p.m.286 views

CVE-2019-11759

CVE-2019-11759 describes a stack buffer overflow in the HKDF output that could allow code execution or a crash. Affected products include Firefox < 70, Thunderbird < 68.2, and Firefox ESR

8.8CVSS8.5AI score0.01799EPSS
CVE
CVE
added 2020/07/09 2:39 p.m.286 views

CVE-2020-12417

CVE-2020-12417 is a memory-corruption issue in Firefox/Thunderbird affecting ARM64 JavaScript ValueTags, permitting a cross-boundary pass for ARM64 objects. Affected: Firefox ESR < 68.10, Firefox < 78, and Thunderbird

9.3CVSS8.4AI score0.02688EPSS
CVE
CVE
added 2020/08/10 5:43 p.m.286 views

CVE-2020-15652

CVE-2020-15652 : The issue is a leak of the result of a cross-origin redirect observed from stack traces of JavaScript errors in web workers. Affected products include Firefox (and ESR branches) and Thunderbird before version 79/68.11–78.1 depending on branch. The root cause is described as a mem...

6.5CVSS6.6AI score0.01263EPSS
CVE
CVE
added 2020/12/09 12:19 a.m.286 views

CVE-2020-26951

CVE-2020-26951 involves a parsing and event loading mismatch in Firefox’s SVG code that could allow load events to fire after sanitization, potentially bypassing a built-in sanitizer. Affected products include Firefox < 83, Firefox ESR < 78.5, and Thunderbird

6.1CVSS6.5AI score0.01038EPSS
CVE
CVE
added 2020/03/25 9:14 p.m.284 views

CVE-2020-6805

CVE-2020-6805 affects Thunderbird (and Firefox) with a use-after-free in the Quota manager when removing data about origins for a recently closed tab, potentially causing a crash. Affected versions include Thunderbird < 68.6 and Firefox < 74/ESR68.6/ESR

8.8CVSS9AI score0.0125EPSS
CVE
CVE
added 2021/12/08 9:20 p.m.284 views

CVE-2021-43536

CVE-2021-43536: The connected advisories confirm an information-disclosure/URL leakage flaw triggered when navigating asynchronously in Firefox/Thunderbird prior to fixed releases. Affected: Thunderbird < 91.4.0, Firefox ESR < 91.4.0, Firefox

6.5CVSS7.2AI score0.0167EPSS
CVE
CVE
added 2021/01/07 1:54 p.m.283 views

CVE-2020-26971

CVE-2020-26971 describes a heap buffer overflow caused by unconstained blit values in user input, affecting Mozilla Firefox (unspecified versions), Thunderbird < 78.6 and Firefox ESR

8.8CVSS8.3AI score0.01876EPSS
CVE
CVE
added 2020/10/01 6:39 p.m.282 views

CVE-2020-15673

CVE-2020-15673 refers to memory-safety bugs reported in Mozilla Firefox (including ESR) and Thunderbird. Affected products and versions include Firefox <81, Firefox ESR <78.3, and Thunderbird

8.8CVSS9.1AI score0.01961EPSS
CVE
CVE
added 2022/12/22 12:0 a.m.282 views

CVE-2022-46872

CVE-2022-46872 describes an attacker who compromised a Thunderbird content process on Linux could partially escape the sandbox and read arbitrary files via clipboard-related IPC messages. Publicly cited texts indicate the vulnerability affects Firefox <108, Firefox ESR <102.6, and Thunderbird

8.6CVSS8.5AI score0.00772EPSS
CVE
CVE
added 2023/09/27 2:13 p.m.282 views

CVE-2023-5176

CVE-2023-5176 concerns memory safety bugs in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2, with affected range Firefox <118, ESR <115.3, and Thunderbird

9.8CVSS9.8AI score0.01233EPSS
CVE
CVE
added 2019/04/26 4:13 p.m.281 views

CVE-2019-9793

CVE-2019-9793 describes an issue where, if Spectre mitigations are disabled, bounds checking is loosened for string/array/typed array accesses, enabling an attacker to cause the range analysis to infer controlled, incorrect values in JavaScript. Connected advisories confirm affected products and ...

5.9CVSS7.1AI score0.0163EPSS
CVE
CVE
added 2021/01/07 1:50 p.m.281 views

CVE-2020-35111

CVE-2020-35111 covers a proxy.onRequest handling flaw: when an extension with proxy privileges registers for , view-source URLs fail to trigger the proxy.onRequest callback, potentially leaking the user’s IP when viewing source. Affected: Firefox < 84, Thunderbird < 78.6, Firefox ESR

4.3CVSS5.6AI score0.01172EPSS
CVE
CVE
added 2021/11/03 12:3 a.m.281 views

CVE-2021-38496

CVE-2021-38496 describes a memory-safety issue: during MessageTask operations, a scheduled task could be removed, causing memory corruption and a potentially exploitable crash. Affected products include Thunderbird versions older than 78.15 and 91.2, Firefox ESR older than 91.2 and 78.15, and Fir...

8.8CVSS9.2AI score0.01593EPSS
CVE
CVE
added 2020/01/08 7:26 p.m.280 views

CVE-2019-11757

CVE-2019-11757 affects Mozilla Firefox (versions before 70) and Firefox ESR (before 68.2) as well as Thunderbird (before 68.2). The issue stems from following a value’s prototype chain, which allowed retaining a reference to a locale, deleting it, and then referencing it again, causing a use-afte...

8.8CVSS8.3AI score0.01336EPSS
CVE
CVE
added 2020/08/10 5:43 p.m.280 views

CVE-2020-15656

CVE-2020-15656 involves a type confusion for special arguments in IonMonkey affecting Firefox ESR <78.1, Firefox <79, and Thunderbird

9.3CVSS7.8AI score0.01511EPSS
CVE
CVE
added 2021/12/08 9:20 p.m.280 views

CVE-2021-43539

CVE-2021-43539 is a Mozilla Firefox/Thunderbird memory safety issue: GC rooting failure when calling wasm instance methods can cause a use-after-free and potentially exploitable crash. Connected sources confirm the flaw affects Firefox up to 95 and Thunderbird up to 91.4.0, linked advisories show...

8.8CVSS8.9AI score0.0162EPSS
CVE
CVE
added 2024/10/01 3:13 p.m.280 views

CVE-2024-9403

CVE-2024-9403 involves memory safety bugs in Firefox 130 that could lead to memory corruption; Mozilla notes these bugs could potentially be exploited to run arbitrary code. The issue affects Firefox versions earlier than 131 and Thunderbird versions earlier than 131. The connected advisories ind...

7.3CVSS7.4AI score0.00444EPSS
CVE
CVE
added 2021/12/08 9:19 p.m.279 views

CVE-2021-43546

CVE-2021-43546 concerns cursor spoofing that could overlay the UI when a native cursor is zoomed. Affected products mentioned across connected documents include Thunderbird < 91.4.0 and Firefox < 95 (including Firefox ESR

4.3CVSS6.1AI score0.014EPSS
Total number of security vulnerabilities1214