Vulnerabilities > Mozilla

DATE CVE VULNERABILITY TITLE RISK
2021-11-03 CVE-2021-38495 Out-of-bounds Write vulnerability in Mozilla Firefox ESR
Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0.
network
low complexity
mozilla CWE-787
8.8
2021-11-03 CVE-2021-38496 Use After Free vulnerability in multiple products
During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash.
network
low complexity
mozilla debian CWE-416
8.8
2021-11-03 CVE-2021-38497 Origin Validation Error vulnerability in Mozilla Firefox
Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks.
network
low complexity
mozilla CWE-346
6.5
2021-11-03 CVE-2021-38498 Use After Free vulnerability in Mozilla Firefox
During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash.
network
low complexity
mozilla CWE-416
7.5
2021-11-03 CVE-2021-38499 Out-of-bounds Write vulnerability in Mozilla Firefox
Mozilla developers reported memory safety bugs present in Firefox 92.
network
low complexity
mozilla CWE-787
8.8
2021-11-03 CVE-2021-38500 Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1.
network
low complexity
mozilla debian
8.8
2021-11-03 CVE-2021-38501 Unspecified vulnerability in Mozilla Firefox
Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1.
network
low complexity
mozilla
8.8
2021-11-03 CVE-2021-38502 Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection.
network
high complexity
mozilla debian
5.9
2021-09-06 CVE-2021-40529 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.
network
high complexity
botan-project fedoraproject mozilla CWE-327
5.9
2021-08-17 CVE-2021-29980 Missing Initialization of Resource vulnerability in Mozilla Thunderbird
Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash.
network
low complexity
mozilla CWE-909
8.8