Thunderbird

thunderbird

Vendor: Mozilla • 1,729 CVEs

CVEs (1,729)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-7520 1Mozilla 3Firefox Firefox EsrThunderbird Mar 24, 2025 Aug 6, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.
CVE-2024-7519 1Mozilla 3Firefox Firefox EsrThunderbird Aug 12, 2024 Aug 6, 2024 N/A· v4 9.6 CRITICAL· v3 N/A· v2 Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. This vulnerability affects Firefox < 129, Firefox ESR <...Show more Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.Show less
CVE-2024-7518 1Mozilla 3Firefox Firefox EsrThunderbird Oct 29, 2024 Aug 6, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1...Show more Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.Show less
CVE-2024-6615 1Mozilla 2Firefox Thunderbird Apr 4, 2025 Jul 9, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Memory safety bugs present in Firefox 127 and Thunderbird 127. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code....Show more Memory safety bugs present in Firefox 127 and Thunderbird 127. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 128 and Thunderbird < 128.Show less
CVE-2024-6614 1Mozilla 2Firefox Thunderbird Apr 4, 2025 Jul 9, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox < 128 and Thunderbird < 128.
CVE-2024-6613 1Mozilla 2Firefox Thunderbird Apr 4, 2025 Jul 9, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox < 128 and Thunderbird < 128.
CVE-2024-6612 1Mozilla 2Firefox Thunderbird Apr 4, 2025 Jul 9, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 CSP violations generated links in the console tab of the developer tools, pointing to the violating resource. This caused a DNS prefetch which leaked that a CSP violation happened. This vulnerability affects Firefox < 12...Show more CSP violations generated links in the console tab of the developer tools, pointing to the violating resource. This caused a DNS prefetch which leaked that a CSP violation happened. This vulnerability affects Firefox < 128 and Thunderbird < 128.Show less
CVE-2024-6611 1Mozilla 2Firefox Thunderbird Apr 4, 2025 Jul 9, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox < 128 and Thunderbird < 128.
CVE-2024-6610 1Mozilla 2Firefox Thunderbird Mar 18, 2025 Jul 9, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Form validation popups could capture escape key presses. Therefore, spamming form validation messages could be used to prevent users from exiting full-screen mode. This vulnerability affects Firefox < 128 and Thunderbird...Show more Form validation popups could capture escape key presses. Therefore, spamming form validation messages could be used to prevent users from exiting full-screen mode. This vulnerability affects Firefox < 128 and Thunderbird < 128.Show less
CVE-2024-6609 1Mozilla 2Firefox Thunderbird Nov 3, 2025 Jul 9, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 When almost out-of-memory an elliptic curve key which was never allocated could have been freed again. This vulnerability affects Firefox < 128 and Thunderbird < 128.
CVE-2024-6608 1Mozilla 2Firefox Thunderbird Mar 25, 2025 Jul 9, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor outside of the viewport and the Firefox window. This vulnerability affects Firefox < 128 and Thunderbird < 128.
CVE-2024-6607 1Mozilla 2Firefox Thunderbird Jul 16, 2025 Jul 9, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 It was possible to prevent a user from exiting pointerlock when pressing escape and to overlay customValidity notifications from a `<select>` element over certain permission prompts. This could be used to confuse a...Show more It was possible to prevent a user from exiting pointerlock when pressing escape and to overlay customValidity notifications from a `<select>` element over certain permission prompts. This could be used to confuse a user into giving a site unintended permissions. This vulnerability affects Firefox < 128 and Thunderbird < 128.Show less
CVE-2024-6606 1Mozilla 2Firefox Thunderbird Apr 4, 2025 Jul 9, 2024 N/A· v4 8.2 HIGH· v3 N/A· v2 Clipboard code failed to check the index on an array access. This could have led to an out-of-bounds read. This vulnerability affects Firefox < 128 and Thunderbird < 128.
CVE-2024-6604 1Mozilla 2Firefox Thunderbird Apr 4, 2025 Jul 9, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploite...Show more Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.Show less
CVE-2024-6603 1Mozilla 2Firefox Thunderbird Apr 4, 2025 Jul 9, 2024 N/A· v4 7.4 HIGH· v3 N/A· v2 In an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory corruption. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird <...Show more In an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory corruption. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.Show less
CVE-2024-6602 1Mozilla 2Firefox Thunderbird Nov 3, 2025 Jul 9, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A mismatch between allocator and deallocator could have led to memory corruption. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.
CVE-2024-6601 1Mozilla 2Firefox Thunderbird Apr 4, 2025 Jul 9, 2024 N/A· v4 4.7 MEDIUM· v3 N/A· v2 A race condition could lead to a cross-origin container obtaining permissions of the top-level origin. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.
CVE-2024-6600 1Mozilla 2Firefox Thunderbird Sep 26, 2025 Jul 9, 2024 N/A· v4 6.3 MEDIUM· v3 N/A· v2 Due to large allocation checks in Angle for GLSL shaders being too lenient an out-of-bounds access could occur when allocating more than 8192 ints in private shader memory on macOS. This vulnerability affects Firefox < 1...Show more Due to large allocation checks in Angle for GLSL shaders being too lenient an out-of-bounds access could occur when allocating more than 8192 ints in private shader memory on macOS. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.Show less
CVE-2024-5702 1Mozilla 2Firefox Thunderbird Apr 4, 2025 Jun 11, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Memory corruption in the networking stack could have led to a potentially exploitable crash. This vulnerability affects Firefox < 125, Firefox ESR < 115.12, and Thunderbird < 115.12.
CVE-2024-5700 1Mozilla 2Firefox Thunderbird Apr 4, 2025 Jun 11, 2024 N/A· v4 7.0 HIGH· v3 N/A· v2 Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploite...Show more Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.Show less

Previous 1...171819...87 Next