Vulnerabilities > Mozilla > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-08-05 CVE-2021-29969 Files or Directories Accessible to External Parties vulnerability in Mozilla Thunderbird
If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data.
network
high complexity
mozilla CWE-552
5.9
2021-08-05 CVE-2021-29974 Unspecified vulnerability in Mozilla Firefox
When network partitioning was enabled, e.g.
network
low complexity
mozilla
4.3
2021-08-05 CVE-2021-29975 Unspecified vulnerability in Mozilla Firefox
Through a series of DOM manipulations, a message, over which the attacker had control of the text but not HTML or formatting, could be overlaid on top of another domain (with the new domain correctly shown in the address bar) resulting in possible user confusion.
network
low complexity
mozilla
6.5
2021-08-02 CVE-2021-29979 Cross-site Scripting vulnerability in Mozilla Hubs Cloud
Hubs Cloud allows users to download shared content, specifically HTML and JS, which could allow javascript execution in the Hub Cloud instance’s primary hosting domain.*.
network
low complexity
mozilla CWE-79
6.1
2021-06-24 CVE-2021-23991 Unspecified vulnerability in Mozilla Thunderbird
If a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has extended the validity period of her key, but Alice's updated key has not yet been imported, an attacker may send an email containing a crafted version of Alice's key with an invalid subkey, Thunderbird might subsequently attempt to use the invalid subkey, and will fail to send encrypted email to Alice.
network
high complexity
mozilla
6.8
2021-06-24 CVE-2021-23992 Improper Verification of Cryptographic Signature vulnerability in Mozilla Thunderbird
Thunderbird did not check if the user ID associated with an OpenPGP key has a valid self signature.
network
low complexity
mozilla CWE-347
4.3
2021-06-24 CVE-2021-23993 Improper Verification of Cryptographic Signature vulnerability in Mozilla Thunderbird
An attacker may perform a DoS attack to prevent a user from sending encrypted email to a correspondent.
network
low complexity
mozilla CWE-347
6.5
2021-06-24 CVE-2021-23996 Unspecified vulnerability in Mozilla Firefox
By utilizing 3D CSS in conjunction with Javascript, content could have been rendered outside the webpage's viewport, resulting in a spoofing attack that could have been used for phishing or other attacks on a user.
network
low complexity
mozilla
6.5
2021-06-24 CVE-2021-23998 Insufficient Verification of Data Authenticity vulnerability in Mozilla Thunderbird
Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page.
network
low complexity
mozilla CWE-345
6.5
2021-06-24 CVE-2021-24001 Exposure of Resource to Wrong Sphere vulnerability in Mozilla Firefox
A compromised content process could have performed session history manipulations it should not have been able to due to testing infrastructure that was not restricted to testing-only configurations.
network
low complexity
mozilla CWE-668
4.3