Lucene search
+L

1214 matches found

cve
cve
added 2021/12/08 9:19 p.m.279 views

CVE-2021-43546

CVE-2021-43546 concerns cursor spoofing that could overlay the UI when a native cursor is zoomed. Affected products mentioned across connected documents include Thunderbird < 91.4.0 and Firefox < 95 (including Firefox ESR

4.3CVSS6.1AI score0.014EPSS
cve
cve
added 2020/01/08 7:51 p.m.278 views

CVE-2019-11760

CVE-2019-11760 describes a fixed-size stack buffer overflow in nrappkit during WebRTC signaling that could lead to a potentially exploitable crash. The vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR

8.8CVSS8.5AI score0.01371EPSS
cve
cve
added 2021/01/07 1:51 p.m.277 views

CVE-2020-26978

CVE-2020-26978 is a Firefox/Thunderbird remote-info-exposure vulnerability. A malicious webpage could probe an internal network and access services on the user’s device due to slipstream-based techniques. Affected: Firefox < 84, Thunderbird < 78.6, Firefox ESR

6.1CVSS6.5AI score0.01266EPSS
cve
cve
added 2021/12/08 9:20 p.m.277 views

CVE-2021-43538

CVE-2021-43538 is a race condition in the notification code that could allow spoofing by hiding fullscreen/pointer-lock notifications on affected Mozilla products. Affected: Thunderbird < 91.4.0, Firefox ESR < 91.4.0, Firefox

4.3CVSS6.4AI score0.01158EPSS
cve
cve
added 2019/02/28 6:0 p.m.276 views

CVE-2018-18498

CVE-2018-18498 is an integer overflow vulnerability in image buffer size calculations that can cause out-of-bounds writes. The description in connected advisories ties this CVE to Thunderbird and Firefox families (Thunderbird < 60.4, Firefox ESR < 60.4, Firefox

9.8CVSS7.4AI score0.04032EPSS
cve
cve
added 2020/03/02 4:5 a.m.276 views

CVE-2020-6795

The CVE-2020-6795 issue is documented in multiple sources as a bug in Thunderbird’s MIME handling: when processing a message with multiple S/MIME signatures, a bug in the MIME processing code caused a null pointer dereference, resulting in a crash. Affected product: Thunderbird, version range bef...

6.5CVSS6.9AI score0.01273EPSS
cve
cve
added 2021/11/03 12:3 a.m.274 views

CVE-2021-38500

CVE-2021-38500 corresponds to memory-safety bugs in Firefox 92/ESR 91.1–93 and affects Thunderbird and Firefox ESR up to certain versions (Thunderbird <78.15, <91.2; Firefox ESR <91.2, <78.15; Firefox

8.8CVSS9.7AI score0.01232EPSS
cve
cve
added 2021/01/07 1:49 p.m.273 views

CVE-2020-35113

CVE-2020-35113 concerns memory safety bugs in Mozilla Firefox and Firefox ESR that could allow memory corruption and potential arbitrary code execution. Public docs indicate affected versions include Firefox below 84, Firefox ESR below 78.6, and Thunderbird below 78.6, with fixes coordinated in F...

8.8CVSS9.1AI score0.01328EPSS
cve
cve
added 2020/12/09 12:20 a.m.272 views

CVE-2020-26953

CVE-2020-26953 : A vulnerability allowing a browser to enter fullscreen mode without displaying the security UI, enabling potential phishing or user confusion. Affected: Firefox < 83, Firefox ESR < 78.5, Thunderbird

4.3CVSS5.7AI score0.01267EPSS
cve
cve
added 2021/02/26 3:29 p.m.272 views

CVE-2021-23964

CVE-2021-23964 corresponds to memory-safety bugs in Mozilla Firefox 84 and Firefox ESR 78.6 that could enable memory corruption and potentially arbitrary code execution. Affected products include Firefox <85, Thunderbird <78.7, and Firefox ESR

8.8CVSS9.1AI score0.01263EPSS
cve
cve
added 2020/08/10 5:43 p.m.271 views

CVE-2020-15653

CVE-2020-15653 concerns bypassing an iframe sandbox when the sandbox allows popups, via noopener links in affected Firefox ESR < 78.1, Firefox < 79, and Thunderbird

6.5CVSS6.7AI score0.01209EPSS
cve
cve
added 2020/08/10 5:43 p.m.271 views

CVE-2020-15658

The CVE-2020-15658 issue affects Mozilla Firefox (non-ESR < 79) and Firefox ESR < 78.1, and Thunderbird

6.5CVSS6.5AI score0.01202EPSS
cve
cve
added 2021/12/08 9:19 p.m.271 views

CVE-2021-43543

CVE-2021-43543 is a CSP sandbox bypass where documents loaded with the CSP sandbox directive could escape restrictions by embedding additional content. Affected products include Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox

6.1CVSS7.3AI score0.01352EPSS
cve
cve
added 2020/03/02 4:5 a.m.270 views

CVE-2020-6793

Thunderbird is affected by CVE-2020-6793 (memory read bug) in processing emails with an ill-formed envelope, impacting versions older than 68.5. The issue involves reading data from a random memory location due to a memory-safety flaw in envelope handling. Affected product: Thunderbird pre-68.5. ...

6.5CVSS6.7AI score0.01473EPSS
cve
cve
added 2021/12/08 9:21 p.m.270 views

CVE-2021-38509

CVE-2021-38509 describes an issue where, due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbitrary contents could be displayed over an attacker’s chosen page. Affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR

4.3CVSS6.1AI score0.01622EPSS
cve
cve
added 2021/12/08 9:20 p.m.270 views

CVE-2021-43541

CVE-2021-43541 is a vulnerability in how external protocol handler URLs are processed. In affected products (Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox

6.5CVSS7.3AI score0.01576EPSS
cve
cve
added 2023/09/27 2:13 p.m.270 views

CVE-2023-5171

CVE-2023-5171 describes a use-after-free in the Ion compiler’s garbage collection that could allow memory corruption and a potentially exploitable crash, by allowing an attacker to write two NUL bytes. Affected products include Firefox and Thunderbird: Firefox ≤ 117.x (with ESR ≤ 115.3) prior to ...

6.5CVSS7.3AI score0.0102EPSS
cve
cve
added 2019/02/28 6:0 p.m.269 views

CVE-2018-18494

CVE-2018-18494 is a same-origin policy violation in Thunderbird/Firefox components caused by using the location property with performance.getEntries to steal cross-origin URL entries. Affected: Thunderbird < 60.4, Firefox ESR < 60.4, Firefox

6.5CVSS7AI score0.01549EPSS
cve
cve
added 2020/07/09 2:19 p.m.269 views

CVE-2020-12418

CVE-2020-12418 describes a flaw where manipulating individual parts of a URL object could cause an out-of-bounds read, leaking process memory to malicious JavaScript. Affected products per the provided data include Firefox ESR < 68.10, Firefox < 78, and Thunderbird

6.5CVSS6.6AI score0.03034EPSS
cve
cve
added 2020/12/09 12:22 a.m.269 views

CVE-2020-26958

The CVE-2020-26958 issue is a MIME-type handling flaw: Firefox did not block script execution when responses with incorrect MIME types were intercepted and cached via a ServiceWorker, enabling a cross-site script inclusion or CSP bypass. Affected products are Firefox (non-ESR) < 83, Firefox ES...

6.1CVSS6.5AI score0.01307EPSS
cve
cve
added 2020/07/09 2:39 p.m.268 views

CVE-2020-12420

CVE-2020-12420 describes a race-condition use-after-free when connecting to a STUN server, leading to memory corruption and potentially exploitable crashes. Affected products include Thunderbird and Firefox variants prior to versions 68.10.x (Thunderbird < 68.10.0; Firefox ESR < 68.10, Fire...

9.3CVSS8.4AI score0.01859EPSS
cve
cve
added 2020/05/26 5:1 p.m.265 views

CVE-2020-12393

CVE-2020-12393 affects Firefox on Windows (and related Mozilla products) where the Devtools Network tab’s Copy as cURL feature failed to properly escape the HTTP method, allowing a website-controlled method to be injected into a pasted terminal command and potentially leading to arbitrary command...

7.8CVSS8.1AI score0.01011EPSS
cve
cve
added 2022/12/22 12:0 a.m.264 views

CVE-2022-2505

CVE-2022-2505 describes memory safety bugs in Firefox 102.x (and Thunderbird <102.1) with evidence of memory corruption. Affected: Firefox ESR < 102.1, Firefox < 103, and Thunderbird

8.8CVSS9AI score0.00748EPSS
cve
cve
added 2020/08/10 5:43 p.m.263 views

CVE-2020-15657

CVE-2020-15657 is a Windows-specific DLL hijacking flaw in Mozilla Firefox (and Thunderbird) where attacker-controlled DLLs in the installation directory could be loaded. Affected: Firefox ESR < 78.1, Firefox < 79, Thunderbird

7.8CVSS7.2AI score0.00353EPSS
cve
cve
added 2020/10/01 6:29 p.m.263 views

CVE-2020-15678

CVE-2020-15678 involves a use-after-free in the Gecko rendering stack due to improper iterator invalidation in APZCTreeManager::ComputeClippedCompositionBounds when recursing through graphical layers during scrolling. Affected products include Firefox (before 81), Thunderbird (before 78.3), and F...

8.8CVSS8.1AI score0.01882EPSS
cve
cve
added 2021/12/08 9:19 p.m.263 views

CVE-2021-43542

CVE-2021-43542 is a information-disclosure vulnerability involving XMLHttpRequest: error messages could reveal the existence of an external protocol handler, enabling an attacker to identify installed applications. Connected sources indicate the issue affects Thunderbird < 91.4.0, Firefox ESR ...

6.5CVSS7.3AI score0.01714EPSS
cve
cve
added 2021/12/08 9:19 p.m.263 views

CVE-2021-43545

CVE-2021-43545: Denial of Service via the Location API loop in Firefox/Thunderbird. Affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox

6.5CVSS7.3AI score0.01597EPSS
cve
cve
added 2020/07/09 2:39 p.m.262 views

CVE-2020-12419

CVE-2020-12419 describes a use-after-free in the browser/windowing code: during processing of callbacks in window flushing in the parent process, a window may die, leading to memory corruption and a potentially exploitable crash. Affected products in the provided docs include Thunderbird and Fire...

9.3CVSS8.4AI score0.02322EPSS
cve
cve
added 2020/07/09 2:39 p.m.262 views

CVE-2020-12421

CVE-2020-12421 describes a flaw where add-on updates could reject certificate chains terminating in non-built-in roots, causing add-ons to appear out-of-date without user notification. Public advisories place affected products as Mozilla Firefox ESR (<68.10) and Firefox (<78) and Thunderbird (

6.5CVSS6.7AI score0.01843EPSS
cve
cve
added 2020/12/09 12:25 a.m.262 views

CVE-2020-26966

CVE-2020-26966 affects Mozilla Firefox (Windows only) and Thunderbird; the issue arises from a memory leak via broadcasting of single-word search queries as mDNS requests on the local network. Affected products include Firefox before version 83, Firefox ESR before 78.5, and Thunderbird before 78....

6.5CVSS6.2AI score0.01338EPSS
cve
cve
added 2022/12/22 12:0 a.m.262 views

CVE-2022-31744

CVE-2022-31744 involves an CSS injection flaw that could let an attacker inject CSS into stylesheets accessible via internal URIs (e.g., resource:) and bypass a page's Content Security Policy. Affected products include Firefox ESR < 91.11, Thunderbird < 102, Thunderbird < 91.11, and Fire...

6.5CVSS7.2AI score0.0058EPSS
cve
cve
added 2023/10/24 12:47 p.m.262 views

CVE-2023-5721

CVE-2023-5721 describes a UX vulnerability where certain browser prompts and dialogs could be activated or dismissed unintentionally by users due to an insufficient activation-delay. Affected products/versions per provided documents: Firefox prior to 119, Firefox ESR prior to 115.4, and Thunderbi...

4.3CVSS6AI score0.00781EPSS
cve
cve
added 2012/02/01 4:0 p.m.260 views

CVE-2012-0444

CVE-2012-0444 describes a heap-based memory corruption vulnerability in the libvorbis Ogg Vorbis parser that could allow remote code execution or a crash when processing crafted Ogg Vorbis files. Affected products across Mozilla ecosystem (Firefox, Thunderbird, Seamonkey and related XULRunner/Ice...

10CVSS8.9AI score0.07936EPSS
cve
cve
added 2020/10/01 6:31 p.m.260 views

CVE-2020-15677

CVE-2020-15677 is an Open Redirect vulnerability affecting Firefox < 81, Thunderbird < 78.3, and Firefox ESR

6.1CVSS6.4AI score0.01643EPSS
cve
cve
added 2021/12/08 9:21 p.m.260 views

CVE-2021-38506

CVE-2021-38506 describes a UI spoofing risk in Mozilla products where, after a series of navigations, Firefox could enter fullscreen mode without user notification. Affected: Firefox < 94, Thunderbird < 91.3, and Firefox ESR

4.3CVSS6AI score0.01459EPSS
cve
cve
added 2013/01/13 8:0 p.m.258 views

CVE-2013-0753

CVE-2013-0753 is a Use‑after‑free vulnerability in Mozilla Firefox’s XMLSerializer.serializeToStream, affecting Firefox before 18.0 (and ESR/Thunderbird/SeaMonkey variants) and allowing remote code execution via crafted content. The issue is exploitable as part of Firefox 17.x lineage; Metasploit...

9.3CVSS9.5AI score0.51324EPSS
cve
cve
added 2021/01/07 1:53 p.m.258 views

CVE-2020-26973

The provided connected sources confirm CVE-2020-26973 affects Mozilla Firefox and Thunderbird, tied to the CSS Sanitizer. Affected versions include Firefox prior to 84 and Thunderbird prior to 78.6 (Firefox ESR

8.8CVSS8.1AI score0.0154EPSS
cve
cve
added 2021/06/24 1:16 p.m.258 views

CVE-2021-29957

Thunderbird

4.3CVSS5.7AI score0.0094EPSS
cve
cve
added 2022/12/22 12:0 a.m.258 views

CVE-2022-45403

CVE-2022-45403 describes a vulnerability where Service Workers could infer the size of cross-origin media by correlating timing information with Range requests, potentially exposing presence/length of a media file. Affected: Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox

6.5CVSS7AI score0.00696EPSS
cve
cve
added 2023/09/11 8:2 a.m.258 views

CVE-2023-4584

CVE-2023-4584 relates to memory safety bugs in Firefox and Thunderbird affecting multiple versions (e.g., Firefox 116/ESR 102.x/ Thunderbird 102.x/115.x). Connected advisories confirm the issue and map to Firefox/Thunderbird versions and the remediation path: upgrade to Firefox 117 or ESR 102.15/...

8.8CVSS9.1AI score0.00693EPSS
cve
cve
added 2023/09/11 8:2 a.m.258 views

CVE-2023-4585

CVE-2023-4585 describes memory safety bugs in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1, with evidence of memory corruption and the potential for arbitrary code execution. Affected versions are Firefox < 117, Firefox ESR < 115.2, and Thunderbird

8.8CVSS9AI score0.00657EPSS
cve
cve
added 2020/08/10 5:43 p.m.257 views

CVE-2020-15654

CVE-2020-15654 affects Mozilla Firefox and Thunderbird where a site-based CSS-override cursor can overlay the UI, causing a perceived broken state and interfering with dialogs. Affected: Firefox ESR earlier than 78.1, Firefox earlier than 79, and Thunderbird earlier than 78.1. Root cause: an erro...

6.5CVSS6.3AI score0.01237EPSS
cve
cve
added 2019/09/27 5:10 p.m.256 views

CVE-2019-11755

CVE-2019-11755 affects Mozilla Thunderbird. A crafted S/MIME message can be shown as having a valid signature when the inner encryption layer is present and the signer did not access the message contents, enabling spoofing of the message author. The issue is tied to Thunderbird versions prior to ...

7.5CVSS7.4AI score0.01075EPSS
cve
cve
added 2020/10/01 6:41 p.m.256 views

CVE-2020-15670

CVE-2020-15670 involves memory safety bugs in Mozilla Firefox components, affecting Firefox for Android 79 and other Firefox variants prior to 80, including Firefox ESR < 78.2 and Thunderbird

8.8CVSS8.7AI score0.01077EPSS
cve
cve
added 2023/09/11 8:1 a.m.256 views

CVE-2023-4581

CVE-2023-4581 covers a blocklist gap where Excel .xll add-in files could be downloaded without warnings due to Firefox’s executable blocklist lacking an entry. Affected products/versions shown in the documents: Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 10...

4.3CVSS5.5AI score0.00495EPSS
cve
cve
added 2020/01/08 7:28 p.m.253 views

CVE-2019-11758

CVE-2019-11758 is a memory-safety bug in Mozilla Firefox that can lead to arbitrary code execution when 360 Total Security is installed. The advisory notes it affects Firefox versions before 69, Thunderbird before 68.2, and Firefox ESR before 68.2. Public documentation in connected sources confir...

8.8CVSS8.6AI score0.01326EPSS
cve
cve
added 2020/07/09 2:45 p.m.253 views

CVE-2020-12398

CVE-2020-12398 affects Mozilla Thunderbird when STARTTLS is used for IMAP and the server sends PREAUTH, causing Thunderbird to proceed with an unencrypted connection and expose email data. Impact is described as information leakage due to unencrypted transmission; affected versions are Thunderbir...

7.5CVSS7.4AI score0.00976EPSS
cve
cve
added 2023/09/27 2:13 p.m.253 views

CVE-2023-5169

CVE-2023-5169 (Firefox/Thunderbird) involves a compromised content process that could feed malicious data into PathRecording, causing an out-of-bounds write and potentially a crash in a privileged process. Affected products include Firefox <118, Firefox ESR <115.3, and Thunderbird

6.5CVSS7.2AI score0.01EPSS
cve
cve
added 2021/01/07 1:50 p.m.252 views

CVE-2020-35112

CVE-2020-35112 is a Windows-specific issue in Mozilla Firefox (affecting Firefox <84, Thunderbird <78.6, and Firefox ESR

8.8CVSS7.9AI score0.01289EPSS
cve
cve
added 2013/01/13 8:0 p.m.251 views

CVE-2013-0758

CVE-2013-0758 affects Mozilla Firefox (pre-18.0), Firefox ESR (pre-10.0.12 and pre-17.0.2), Thunderbird (pre-17.0.2, including ESR 10.x pre-10.0.12 and pre-17.0.2), and SeaMonkey (pre-2.15). It allows remote attackers to execute arbitrary JavaScript with chrome privileges due to improper interact...

9.3CVSS9.4AI score0.73364EPSS
Total number of security vulnerabilities1214