1214 matches found
CVE-2021-43546
CVE-2021-43546 concerns cursor spoofing that could overlay the UI when a native cursor is zoomed. Affected products mentioned across connected documents include Thunderbird < 91.4.0 and Firefox < 95 (including Firefox ESR
CVE-2019-11760
CVE-2019-11760 describes a fixed-size stack buffer overflow in nrappkit during WebRTC signaling that could lead to a potentially exploitable crash. The vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR
CVE-2020-26978
CVE-2020-26978 is a Firefox/Thunderbird remote-info-exposure vulnerability. A malicious webpage could probe an internal network and access services on the user’s device due to slipstream-based techniques. Affected: Firefox < 84, Thunderbird < 78.6, Firefox ESR
CVE-2021-43538
CVE-2021-43538 is a race condition in the notification code that could allow spoofing by hiding fullscreen/pointer-lock notifications on affected Mozilla products. Affected: Thunderbird < 91.4.0, Firefox ESR < 91.4.0, Firefox
CVE-2018-18498
CVE-2018-18498 is an integer overflow vulnerability in image buffer size calculations that can cause out-of-bounds writes. The description in connected advisories ties this CVE to Thunderbird and Firefox families (Thunderbird < 60.4, Firefox ESR < 60.4, Firefox
CVE-2020-6795
The CVE-2020-6795 issue is documented in multiple sources as a bug in Thunderbird’s MIME handling: when processing a message with multiple S/MIME signatures, a bug in the MIME processing code caused a null pointer dereference, resulting in a crash. Affected product: Thunderbird, version range bef...
CVE-2021-38500
CVE-2021-38500 corresponds to memory-safety bugs in Firefox 92/ESR 91.1–93 and affects Thunderbird and Firefox ESR up to certain versions (Thunderbird <78.15, <91.2; Firefox ESR <91.2, <78.15; Firefox
CVE-2020-35113
CVE-2020-35113 concerns memory safety bugs in Mozilla Firefox and Firefox ESR that could allow memory corruption and potential arbitrary code execution. Public docs indicate affected versions include Firefox below 84, Firefox ESR below 78.6, and Thunderbird below 78.6, with fixes coordinated in F...
CVE-2020-26953
CVE-2020-26953 : A vulnerability allowing a browser to enter fullscreen mode without displaying the security UI, enabling potential phishing or user confusion. Affected: Firefox < 83, Firefox ESR < 78.5, Thunderbird
CVE-2021-23964
CVE-2021-23964 corresponds to memory-safety bugs in Mozilla Firefox 84 and Firefox ESR 78.6 that could enable memory corruption and potentially arbitrary code execution. Affected products include Firefox <85, Thunderbird <78.7, and Firefox ESR
CVE-2020-15653
CVE-2020-15653 concerns bypassing an iframe sandbox when the sandbox allows popups, via noopener links in affected Firefox ESR < 78.1, Firefox < 79, and Thunderbird
CVE-2020-15658
The CVE-2020-15658 issue affects Mozilla Firefox (non-ESR < 79) and Firefox ESR < 78.1, and Thunderbird
CVE-2021-43543
CVE-2021-43543 is a CSP sandbox bypass where documents loaded with the CSP sandbox directive could escape restrictions by embedding additional content. Affected products include Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox
CVE-2020-6793
Thunderbird is affected by CVE-2020-6793 (memory read bug) in processing emails with an ill-formed envelope, impacting versions older than 68.5. The issue involves reading data from a random memory location due to a memory-safety flaw in envelope handling. Affected product: Thunderbird pre-68.5. ...
CVE-2021-38509
CVE-2021-38509 describes an issue where, due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbitrary contents could be displayed over an attacker’s chosen page. Affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR
CVE-2021-43541
CVE-2021-43541 is a vulnerability in how external protocol handler URLs are processed. In affected products (Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox
CVE-2023-5171
CVE-2023-5171 describes a use-after-free in the Ion compiler’s garbage collection that could allow memory corruption and a potentially exploitable crash, by allowing an attacker to write two NUL bytes. Affected products include Firefox and Thunderbird: Firefox ≤ 117.x (with ESR ≤ 115.3) prior to ...
CVE-2018-18494
CVE-2018-18494 is a same-origin policy violation in Thunderbird/Firefox components caused by using the location property with performance.getEntries to steal cross-origin URL entries. Affected: Thunderbird < 60.4, Firefox ESR < 60.4, Firefox
CVE-2020-12418
CVE-2020-12418 describes a flaw where manipulating individual parts of a URL object could cause an out-of-bounds read, leaking process memory to malicious JavaScript. Affected products per the provided data include Firefox ESR < 68.10, Firefox < 78, and Thunderbird
CVE-2020-26958
The CVE-2020-26958 issue is a MIME-type handling flaw: Firefox did not block script execution when responses with incorrect MIME types were intercepted and cached via a ServiceWorker, enabling a cross-site script inclusion or CSP bypass. Affected products are Firefox (non-ESR) < 83, Firefox ES...
CVE-2020-12420
CVE-2020-12420 describes a race-condition use-after-free when connecting to a STUN server, leading to memory corruption and potentially exploitable crashes. Affected products include Thunderbird and Firefox variants prior to versions 68.10.x (Thunderbird < 68.10.0; Firefox ESR < 68.10, Fire...
CVE-2020-12393
CVE-2020-12393 affects Firefox on Windows (and related Mozilla products) where the Devtools Network tab’s Copy as cURL feature failed to properly escape the HTTP method, allowing a website-controlled method to be injected into a pasted terminal command and potentially leading to arbitrary command...
CVE-2022-2505
CVE-2022-2505 describes memory safety bugs in Firefox 102.x (and Thunderbird <102.1) with evidence of memory corruption. Affected: Firefox ESR < 102.1, Firefox < 103, and Thunderbird
CVE-2020-15657
CVE-2020-15657 is a Windows-specific DLL hijacking flaw in Mozilla Firefox (and Thunderbird) where attacker-controlled DLLs in the installation directory could be loaded. Affected: Firefox ESR < 78.1, Firefox < 79, Thunderbird
CVE-2020-15678
CVE-2020-15678 involves a use-after-free in the Gecko rendering stack due to improper iterator invalidation in APZCTreeManager::ComputeClippedCompositionBounds when recursing through graphical layers during scrolling. Affected products include Firefox (before 81), Thunderbird (before 78.3), and F...
CVE-2021-43542
CVE-2021-43542 is a information-disclosure vulnerability involving XMLHttpRequest: error messages could reveal the existence of an external protocol handler, enabling an attacker to identify installed applications. Connected sources indicate the issue affects Thunderbird < 91.4.0, Firefox ESR ...
CVE-2021-43545
CVE-2021-43545: Denial of Service via the Location API loop in Firefox/Thunderbird. Affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox
CVE-2020-12419
CVE-2020-12419 describes a use-after-free in the browser/windowing code: during processing of callbacks in window flushing in the parent process, a window may die, leading to memory corruption and a potentially exploitable crash. Affected products in the provided docs include Thunderbird and Fire...
CVE-2020-12421
CVE-2020-12421 describes a flaw where add-on updates could reject certificate chains terminating in non-built-in roots, causing add-ons to appear out-of-date without user notification. Public advisories place affected products as Mozilla Firefox ESR (<68.10) and Firefox (<78) and Thunderbird (
CVE-2020-26966
CVE-2020-26966 affects Mozilla Firefox (Windows only) and Thunderbird; the issue arises from a memory leak via broadcasting of single-word search queries as mDNS requests on the local network. Affected products include Firefox before version 83, Firefox ESR before 78.5, and Thunderbird before 78....
CVE-2022-31744
CVE-2022-31744 involves an CSS injection flaw that could let an attacker inject CSS into stylesheets accessible via internal URIs (e.g., resource:) and bypass a page's Content Security Policy. Affected products include Firefox ESR < 91.11, Thunderbird < 102, Thunderbird < 91.11, and Fire...
CVE-2023-5721
CVE-2023-5721 describes a UX vulnerability where certain browser prompts and dialogs could be activated or dismissed unintentionally by users due to an insufficient activation-delay. Affected products/versions per provided documents: Firefox prior to 119, Firefox ESR prior to 115.4, and Thunderbi...
CVE-2012-0444
CVE-2012-0444 describes a heap-based memory corruption vulnerability in the libvorbis Ogg Vorbis parser that could allow remote code execution or a crash when processing crafted Ogg Vorbis files. Affected products across Mozilla ecosystem (Firefox, Thunderbird, Seamonkey and related XULRunner/Ice...
CVE-2020-15677
CVE-2020-15677 is an Open Redirect vulnerability affecting Firefox < 81, Thunderbird < 78.3, and Firefox ESR
CVE-2021-38506
CVE-2021-38506 describes a UI spoofing risk in Mozilla products where, after a series of navigations, Firefox could enter fullscreen mode without user notification. Affected: Firefox < 94, Thunderbird < 91.3, and Firefox ESR
CVE-2013-0753
CVE-2013-0753 is a Use‑after‑free vulnerability in Mozilla Firefox’s XMLSerializer.serializeToStream, affecting Firefox before 18.0 (and ESR/Thunderbird/SeaMonkey variants) and allowing remote code execution via crafted content. The issue is exploitable as part of Firefox 17.x lineage; Metasploit...
CVE-2020-26973
The provided connected sources confirm CVE-2020-26973 affects Mozilla Firefox and Thunderbird, tied to the CSS Sanitizer. Affected versions include Firefox prior to 84 and Thunderbird prior to 78.6 (Firefox ESR
CVE-2021-29957
Thunderbird
CVE-2022-45403
CVE-2022-45403 describes a vulnerability where Service Workers could infer the size of cross-origin media by correlating timing information with Range requests, potentially exposing presence/length of a media file. Affected: Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox
CVE-2023-4584
CVE-2023-4584 relates to memory safety bugs in Firefox and Thunderbird affecting multiple versions (e.g., Firefox 116/ESR 102.x/ Thunderbird 102.x/115.x). Connected advisories confirm the issue and map to Firefox/Thunderbird versions and the remediation path: upgrade to Firefox 117 or ESR 102.15/...
CVE-2023-4585
CVE-2023-4585 describes memory safety bugs in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1, with evidence of memory corruption and the potential for arbitrary code execution. Affected versions are Firefox < 117, Firefox ESR < 115.2, and Thunderbird
CVE-2020-15654
CVE-2020-15654 affects Mozilla Firefox and Thunderbird where a site-based CSS-override cursor can overlay the UI, causing a perceived broken state and interfering with dialogs. Affected: Firefox ESR earlier than 78.1, Firefox earlier than 79, and Thunderbird earlier than 78.1. Root cause: an erro...
CVE-2019-11755
CVE-2019-11755 affects Mozilla Thunderbird. A crafted S/MIME message can be shown as having a valid signature when the inner encryption layer is present and the signer did not access the message contents, enabling spoofing of the message author. The issue is tied to Thunderbird versions prior to ...
CVE-2020-15670
CVE-2020-15670 involves memory safety bugs in Mozilla Firefox components, affecting Firefox for Android 79 and other Firefox variants prior to 80, including Firefox ESR < 78.2 and Thunderbird
CVE-2023-4581
CVE-2023-4581 covers a blocklist gap where Excel .xll add-in files could be downloaded without warnings due to Firefox’s executable blocklist lacking an entry. Affected products/versions shown in the documents: Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 10...
CVE-2019-11758
CVE-2019-11758 is a memory-safety bug in Mozilla Firefox that can lead to arbitrary code execution when 360 Total Security is installed. The advisory notes it affects Firefox versions before 69, Thunderbird before 68.2, and Firefox ESR before 68.2. Public documentation in connected sources confir...
CVE-2020-12398
CVE-2020-12398 affects Mozilla Thunderbird when STARTTLS is used for IMAP and the server sends PREAUTH, causing Thunderbird to proceed with an unencrypted connection and expose email data. Impact is described as information leakage due to unencrypted transmission; affected versions are Thunderbir...
CVE-2023-5169
CVE-2023-5169 (Firefox/Thunderbird) involves a compromised content process that could feed malicious data into PathRecording, causing an out-of-bounds write and potentially a crash in a privileged process. Affected products include Firefox <118, Firefox ESR <115.3, and Thunderbird
CVE-2020-35112
CVE-2020-35112 is a Windows-specific issue in Mozilla Firefox (affecting Firefox <84, Thunderbird <78.6, and Firefox ESR
CVE-2013-0758
CVE-2013-0758 affects Mozilla Firefox (pre-18.0), Firefox ESR (pre-10.0.12 and pre-17.0.2), Thunderbird (pre-17.0.2, including ESR 10.x pre-10.0.12 and pre-17.0.2), and SeaMonkey (pre-2.15). It allows remote attackers to execute arbitrary JavaScript with chrome privileges due to improper interact...