Vulnerabilities > Mozilla > Firefox ESR > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-03 | CVE-2021-38495 | Out-of-bounds Write vulnerability in Mozilla Firefox ESR Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. | 8.8 |
| 2021-08-17 | CVE-2021-29980 | Missing Initialization of Resource vulnerability in Mozilla Thunderbird Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash. | 8.8 |
| 2021-08-17 | CVE-2021-29984 | Out-of-bounds Write vulnerability in Mozilla Thunderbird Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. | 8.8 |
| 2021-08-17 | CVE-2021-29985 | Use After Free vulnerability in Mozilla Thunderbird A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash. | 8.8 |
| 2021-08-17 | CVE-2021-29986 | Race Condition vulnerability in Mozilla Thunderbird A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. | 8.1 |
| 2021-08-17 | CVE-2021-29988 | Out-of-bounds Write vulnerability in Mozilla Thunderbird Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. | 8.8 |
| 2021-08-17 | CVE-2021-29989 | Out-of-bounds Write vulnerability in Mozilla Thunderbird Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. | 8.8 |
| 2021-08-05 | CVE-2021-29970 | Use After Free vulnerability in Mozilla Firefox A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. | 8.8 |
| 2021-08-05 | CVE-2021-29976 | Out-of-bounds Write vulnerability in Mozilla Firefox Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. | 8.8 |
| 2021-06-24 | CVE-2021-24002 | Injection vulnerability in Mozilla Thunderbird When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. | 8.8 |