Vulnerabilities > Mozilla > High

DATE CVE VULNERABILITY TITLE RISK
2021-06-24 CVE-2021-24002 Injection vulnerability in Mozilla Thunderbird
When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server.
network
low complexity
mozilla CWE-74
8.8
2021-06-24 CVE-2021-29946 Integer Overflow or Wraparound vulnerability in Mozilla Thunderbird
Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header.
network
low complexity
mozilla CWE-190
8.8
2021-06-24 CVE-2021-29947 Out-of-bounds Write vulnerability in Mozilla Firefox
Mozilla developers and community members reported memory safety bugs present in Firefox 87.
network
low complexity
mozilla CWE-787
8.8
2021-06-24 CVE-2021-29949 Uncontrolled Search Path Element vulnerability in Mozilla Thunderbird
When loading the shared library that provides the OTR protocol implementation, Thunderbird will initially attempt to open it using a filename that isn't distributed by Thunderbird.
local
low complexity
mozilla CWE-427
7.8
2021-06-24 CVE-2021-29950 Cleartext Storage of Sensitive Information vulnerability in Mozilla Thunderbird
Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key import task.
network
low complexity
mozilla CWE-312
7.5
2021-06-24 CVE-2021-29952 Race Condition vulnerability in Mozilla Firefox
When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have been exploitable to run arbitrary code.
network
high complexity
mozilla CWE-362
7.5
2021-06-24 CVE-2021-29964 Out-of-bounds Read vulnerability in Mozilla Firefox
A locally-installed hostile program could send `WM_COPYDATA` messages that Firefox would process incorrectly, leading to an out-of-bounds read.
local
low complexity
mozilla CWE-125
7.1
2021-06-24 CVE-2021-29966 Out-of-bounds Write vulnerability in Mozilla Firefox
Mozilla developers reported memory safety bugs present in Firefox 88.
network
low complexity
mozilla CWE-787
8.8
2021-06-24 CVE-2021-29967 Out-of-bounds Write vulnerability in Mozilla Firefox ESR
Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11.
network
low complexity
mozilla CWE-787
8.8
2021-06-24 CVE-2021-29968 Out-of-bounds Read vulnerability in Mozilla Firefox
When drawing text onto a canvas with WebRender disabled, an out of bounds read could occur.
network
low complexity
mozilla CWE-125
8.1