Vulnerabilities > Mozilla

DATE CVE VULNERABILITY TITLE RISK
2024-11-13 CVE-2024-11159 Unspecified vulnerability in Mozilla Thunderbird
Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext.
network
low complexity
mozilla
4.3
2024-10-29 CVE-2024-10458 Unspecified vulnerability in Mozilla Thunderbird
A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements.
network
low complexity
mozilla
7.5
2024-10-29 CVE-2024-10459 Use After Free vulnerability in Mozilla Thunderbird
An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash.
network
low complexity
mozilla CWE-416
7.5
2024-10-29 CVE-2024-10460 Unspecified vulnerability in Mozilla Firefox and Thunderbird
The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`.
network
low complexity
mozilla
5.3
2024-10-29 CVE-2024-10461 Cross-site Scripting vulnerability in Mozilla Thunderbird
In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could allow XSS attacks.
network
low complexity
mozilla CWE-79
6.1
2024-10-29 CVE-2024-10462 Authentication Bypass by Spoofing vulnerability in Mozilla Thunderbird
Truncation of a long URL could have allowed origin spoofing in a permission prompt.
network
low complexity
mozilla CWE-290
6.5
2024-10-29 CVE-2024-10463 Information Exposure Through Discrepancy vulnerability in Mozilla Thunderbird
Video frames could have been leaked between origins in some situations.
network
low complexity
mozilla CWE-203
6.5
2024-10-29 CVE-2024-10464 Out-of-bounds Read vulnerability in Mozilla Thunderbird
Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser.
network
low complexity
mozilla CWE-125
6.5
2024-10-29 CVE-2024-10465 Authentication Bypass by Spoofing vulnerability in Mozilla Thunderbird
A clipboard "paste" button could persist across tabs which allowed a spoofing attack.
network
low complexity
mozilla CWE-290
6.5
2024-10-29 CVE-2024-10466 Unspecified vulnerability in Mozilla Thunderbird
By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive.
network
low complexity
mozilla
7.5