Thunderbird

thunderbird

Vendor: Mozilla • 1,729 CVEs

CVEs (1,729)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-6765 1Mozilla 2Firefox Thunderbird Apr 22, 2026 Apr 21, 2026 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Information disclosure in the Form Autofill component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
CVE-2026-6764 1Mozilla 2Firefox Thunderbird Apr 22, 2026 Apr 21, 2026 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Incorrect boundary conditions in the DOM: Device Interfaces component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
CVE-2026-6763 1Mozilla 2Firefox Thunderbird Apr 22, 2026 Apr 21, 2026 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Mitigation bypass in the File Handling component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
CVE-2026-6762 1Mozilla 2Firefox Thunderbird Apr 22, 2026 Apr 21, 2026 N/A· v4 6.3 MEDIUM· v3 N/A· v2 Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
CVE-2026-6761 1Mozilla 2Firefox Thunderbird Apr 22, 2026 Apr 21, 2026 N/A· v4 8.8 HIGH· v3 N/A· v2 Privilege escalation in the Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
CVE-2026-6760 1Mozilla 2Firefox Thunderbird Apr 22, 2026 Apr 21, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
CVE-2026-6759 1Mozilla 2Firefox Thunderbird Apr 22, 2026 Apr 21, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
CVE-2026-6758 1Mozilla 2Firefox Thunderbird Apr 22, 2026 Apr 21, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
CVE-2026-6757 1Mozilla 2Firefox Thunderbird Apr 22, 2026 Apr 21, 2026 N/A· v4 6.3 MEDIUM· v3 N/A· v2 Invalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
CVE-2026-6755 1Mozilla 2Firefox Thunderbird Apr 22, 2026 Apr 21, 2026 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Mitigation bypass in the DOM: postMessage component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
CVE-2026-6754 1Mozilla 2Firefox Thunderbird Apr 22, 2026 Apr 21, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
CVE-2026-6753 1Mozilla 2Firefox Thunderbird Apr 22, 2026 Apr 21, 2026 N/A· v4 7.3 HIGH· v3 N/A· v2 Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
CVE-2026-6752 1Mozilla 2Firefox Thunderbird Apr 22, 2026 Apr 21, 2026 N/A· v4 7.3 HIGH· v3 N/A· v2 Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
CVE-2026-6751 1Mozilla 2Firefox Thunderbird Apr 22, 2026 Apr 21, 2026 N/A· v4 7.3 HIGH· v3 N/A· v2 Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
CVE-2026-6750 1Mozilla 2Firefox Thunderbird Apr 24, 2026 Apr 21, 2026 N/A· v4 8.8 HIGH· v3 N/A· v2 Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
CVE-2026-6749 1Mozilla 2Firefox Thunderbird Apr 22, 2026 Apr 21, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
CVE-2026-6748 1Mozilla 2Firefox Thunderbird Apr 22, 2026 Apr 21, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
CVE-2026-6747 1Mozilla 2Firefox Thunderbird Apr 22, 2026 Apr 21, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 Use-after-free in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
CVE-2026-6746 1Mozilla 2Firefox Thunderbird Apr 22, 2026 Apr 21, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
CVE-2026-5735 1Mozilla 2Firefox Thunderbird May 10, 2026 Apr 7, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitra...Show more Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149.0.2 and Thunderbird 149.0.2.Show less

Previous 1 2 345...87 Next