Vulnerabilities > Mozilla > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-08-05 | CVE-2021-29969 | Files or Directories Accessible to External Parties vulnerability in Mozilla Thunderbird If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. | 5.9 |
2021-08-05 | CVE-2021-29974 | Unspecified vulnerability in Mozilla Firefox When network partitioning was enabled, e.g. | 4.3 |
2021-08-05 | CVE-2021-29975 | Unspecified vulnerability in Mozilla Firefox Through a series of DOM manipulations, a message, over which the attacker had control of the text but not HTML or formatting, could be overlaid on top of another domain (with the new domain correctly shown in the address bar) resulting in possible user confusion. | 6.5 |
2021-08-02 | CVE-2021-29979 | Cross-site Scripting vulnerability in Mozilla Hubs Cloud Hubs Cloud allows users to download shared content, specifically HTML and JS, which could allow javascript execution in the Hub Cloud instance’s primary hosting domain.*. | 6.1 |
2021-06-24 | CVE-2021-23991 | Unspecified vulnerability in Mozilla Thunderbird If a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has extended the validity period of her key, but Alice's updated key has not yet been imported, an attacker may send an email containing a crafted version of Alice's key with an invalid subkey, Thunderbird might subsequently attempt to use the invalid subkey, and will fail to send encrypted email to Alice. | 6.8 |
2021-06-24 | CVE-2021-23992 | Improper Verification of Cryptographic Signature vulnerability in Mozilla Thunderbird Thunderbird did not check if the user ID associated with an OpenPGP key has a valid self signature. | 4.3 |
2021-06-24 | CVE-2021-23993 | Improper Verification of Cryptographic Signature vulnerability in Mozilla Thunderbird An attacker may perform a DoS attack to prevent a user from sending encrypted email to a correspondent. | 6.5 |
2021-06-24 | CVE-2021-23996 | Unspecified vulnerability in Mozilla Firefox By utilizing 3D CSS in conjunction with Javascript, content could have been rendered outside the webpage's viewport, resulting in a spoofing attack that could have been used for phishing or other attacks on a user. | 6.5 |
2021-06-24 | CVE-2021-23998 | Insufficient Verification of Data Authenticity vulnerability in Mozilla Thunderbird Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. | 6.5 |
2021-06-24 | CVE-2021-24001 | Exposure of Resource to Wrong Sphere vulnerability in Mozilla Firefox A compromised content process could have performed session history manipulations it should not have been able to due to testing infrastructure that was not restricted to testing-only configurations. | 4.3 |