Vulnerabilities > Mozilla > Firefox ESR > 45.1.1

DATE CVE VULNERABILITY TITLE RISK
2023-09-11 CVE-2023-4583 Unspecified vulnerability in Mozilla Thunderbird
When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended.
network
low complexity
mozilla
7.5
7.5
2023-09-11 CVE-2023-4584 Out-of-bounds Write vulnerability in Mozilla Thunderbird
Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1.
network
low complexity
mozilla CWE-787
8.8
8.8
2023-09-11 CVE-2023-4585 Out-of-bounds Write vulnerability in Mozilla Thunderbird
Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1.
network
low complexity
mozilla CWE-787
8.8
8.8
2023-09-11 CVE-2023-4573 Use After Free vulnerability in Mozilla Thunderbird
When receiving rendering data over IPC `mStream` could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash.
network
low complexity
mozilla CWE-416
6.5
6.5
2023-08-01 CVE-2023-4057 Out-of-bounds Write vulnerability in Mozilla Firefox
Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0.
network
low complexity
mozilla CWE-787
critical
 9.8
9.8
2023-08-01 CVE-2023-4052 Link Following vulnerability in Mozilla Firefox
The Firefox updater created a directory writable by non-privileged users.
network
low complexity
mozilla CWE-59
6.5
6.5
2023-07-12 CVE-2023-3600 Use After Free vulnerability in Mozilla Firefox
During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash.
network
low complexity
mozilla CWE-416
8.8
8.8
2023-07-05 CVE-2023-37211 Out-of-bounds Write vulnerability in multiple products
Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12.
network
low complexity
mozilla debian CWE-787
8.8
8.8
2023-07-05 CVE-2023-37201 Use After Free vulnerability in multiple products
An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS.
network
low complexity
mozilla debian CWE-416
8.8
8.8
2023-07-05 CVE-2023-37202 Use After Free vulnerability in multiple products
Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free.
network
low complexity
mozilla debian CWE-416
8.8
8.8