Vulnerabilities > Mozilla
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-16 | CVE-2021-43529 | Out-of-bounds Write vulnerability in Mozilla Thunderbird Thunderbird versions prior to 91.3.0 are vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages. | 9.8 |
| 2023-02-16 | CVE-2022-0637 | Open Redirect vulnerability in Mozilla Pollbot open redirect in pollbot (pollbot.services.mozilla.com) in versions before 1.4.6 | 6.1 |
| 2022-12-22 | CVE-2020-15679 | Session Fixation vulnerability in Mozilla VPN 1.0.7/1.1.0 An OAuth session fixation vulnerability existed in the VPN login flow, where an attacker could craft a custom login URL, convince a VPN user to login via that URL, and obtain authenticated access as that user. | 7.6 |
| 2022-12-22 | CVE-2020-15685 | Command Injection vulnerability in Mozilla Thunderbird During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. | 8.8 |
| 2022-12-22 | CVE-2021-4126 | Unspecified vulnerability in Mozilla Thunderbird When receiving an OpenPGP/MIME signed email message that contains an additional outer MIME message layer, for example a message footer added by a mailing list gateway, Thunderbird only considered the inner signed message for the signature validity. | 6.5 |
| 2022-12-22 | CVE-2021-4127 | Unspecified vulnerability in Mozilla Thunderbird An out of date graphics library (Angle) likely contained vulnerabilities that could potentially be exploited. | 9.8 |
| 2022-12-22 | CVE-2021-4128 | Use After Free vulnerability in Mozilla Firefox When transitioning in and out of fullscreen mode, a graphics object was not correctly protected; resulting in memory corruption and a potentially exploitable crash.<br>*This bug only affects Firefox on MacOS. | 6.5 |
| 2022-12-22 | CVE-2021-4129 | Out-of-bounds Write vulnerability in Mozilla Firefox ESR Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Firefox 94. | 9.8 |
| 2022-12-22 | CVE-2021-4140 | XML Injection (aka Blind XPath Injection) vulnerability in Mozilla Firefox It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. | 10.0 |
| 2022-12-22 | CVE-2021-4221 | Unspecified vulnerability in Mozilla Firefox If a domain name contained a RTL character, it would cause the domain to be rendered to the right of the path. | 4.3 |