Vulnerabilities > Mozilla > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-13 | CVE-2024-11159 | Unspecified vulnerability in Mozilla Thunderbird Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. | 4.3 |
| 2024-10-29 | CVE-2024-10460 | Unspecified vulnerability in Mozilla Firefox and Thunderbird The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`. | 5.3 |
| 2024-10-29 | CVE-2024-10461 | Cross-site Scripting vulnerability in Mozilla Thunderbird In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could allow XSS attacks. | 6.1 |
| 2024-10-29 | CVE-2024-10462 | Authentication Bypass by Spoofing vulnerability in Mozilla Thunderbird Truncation of a long URL could have allowed origin spoofing in a permission prompt. | 6.5 |
| 2024-10-29 | CVE-2024-10463 | Information Exposure Through Discrepancy vulnerability in Mozilla Thunderbird Video frames could have been leaked between origins in some situations. | 6.5 |
| 2024-10-29 | CVE-2024-10464 | Out-of-bounds Read vulnerability in Mozilla Thunderbird Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser. | 6.5 |
| 2024-10-29 | CVE-2024-10465 | Authentication Bypass by Spoofing vulnerability in Mozilla Thunderbird A clipboard "paste" button could persist across tabs which allowed a spoofing attack. | 6.5 |
| 2024-10-29 | CVE-2024-10468 | Race Condition vulnerability in Mozilla Firefox Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially exploitable crash. | 5.3 |
| 2024-10-29 | CVE-2024-10474 | Unspecified vulnerability in Mozilla Firefox Focus 122.0 Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects Focus for iOS < 132. | 6.5 |
| 2024-10-01 | CVE-2024-9397 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. | 6.1 |