Thunderbird@129.0 Security Vulnerabilities and Issues — Thunderbird@129.0 CVE List

Lucene search

MozillaThunderbird129.0

4 matches found

CVE•added 2024/10/01 4:15 p.m.•233 views

CVE-2024-9393

An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://pdf.js origin. This could allow them to access cross-origin PDF content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-...

7.5CVSS6.5AI score0.00137EPSS

CVE•added 2024/10/01 4:15 p.m.•212 views

CVE-2024-9394

An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://devtools origin. This could allow them to access cross-origin JSON content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cro...

7.5CVSS6.5AI score0.00178EPSS

CVE•added 2024/10/01 4:15 p.m.•211 views

CVE-2024-9397

A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird

6.1CVSS6.3AI score0.00165EPSS

CVE•added 2024/10/01 4:15 p.m.•204 views

CVE-2024-9398

By checking the result of calls to window.open with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird

5.3CVSS6.2AI score0.00888EPSS