Vulnerabilities > Mozilla > Firefox ESR
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-05 | CVE-2021-29976 | Out-of-bounds Write vulnerability in Mozilla Firefox Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. | 8.8 |
| 2021-06-24 | CVE-2021-23994 | Missing Initialization of Resource vulnerability in Mozilla Thunderbird A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. | 8.8 |
| 2021-06-24 | CVE-2021-23995 | Operation on a Resource after Expiration or Release vulnerability in Mozilla Thunderbird When Responsive Design Mode was enabled, it used references to objects that were previously freed. | 8.8 |
| 2021-06-24 | CVE-2021-23998 | Insufficient Verification of Data Authenticity vulnerability in Mozilla Thunderbird Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. | 6.5 |
| 2021-06-24 | CVE-2021-23999 | Incorrect Comparison vulnerability in Mozilla Thunderbird If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. | 8.8 |
| 2021-06-24 | CVE-2021-24002 | Injection vulnerability in Mozilla Thunderbird When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. | 8.8 |
| 2021-06-24 | CVE-2021-29945 | Incorrect Calculation vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. | 6.5 |
| 2021-06-24 | CVE-2021-29946 | Integer Overflow or Wraparound vulnerability in Mozilla Thunderbird Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header. | 8.8 |
| 2021-06-24 | CVE-2021-29951 | Improper Privilege Management vulnerability in Mozilla Firefox The Mozilla Maintenance Service granted SERVICE_START access to BUILTIN|Users which, in a domain network, grants normal remote users access to start or stop the service. | 6.5 |
| 2021-06-24 | CVE-2021-29955 | Injection vulnerability in Mozilla Firefox A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. | 5.3 |