Vulnerabilities > Mozilla > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-09-11 CVE-2023-4575 Use After Free vulnerability in Mozilla Thunderbird
When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished.
network
low complexity
mozilla CWE-416
6.5
2023-09-11 CVE-2023-4577 Unspecified vulnerability in Mozilla Thunderbird
When `UpdateRegExpStatics` attempted to access `initialStringHeap` it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash.
network
low complexity
mozilla
6.5
2023-09-11 CVE-2023-4578 Allocation of Resources Without Limits or Throttling vulnerability in Mozilla Thunderbird
When calling `JS::CheckRegExpSyntax` a Syntax Error could have been set which would end in calling `convertToRuntimeErrorAndClear`.
network
low complexity
mozilla CWE-770
6.5
2023-09-11 CVE-2023-4580 Missing Encryption of Sensitive Data vulnerability in Mozilla Thunderbird
Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information.
network
low complexity
mozilla CWE-311
6.5
2023-09-11 CVE-2023-4581 Unspecified vulnerability in Mozilla Thunderbird
Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm.
network
low complexity
mozilla
4.3
2023-09-11 CVE-2023-4573 Use After Free vulnerability in Mozilla Thunderbird
When receiving rendering data over IPC `mStream` could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash.
network
low complexity
mozilla CWE-416
6.5
2023-08-01 CVE-2023-4054 Unspecified vulnerability in Mozilla Firefox
When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code.
local
low complexity
mozilla
5.5
2023-08-01 CVE-2023-4045 Origin Validation Error vulnerability in multiple products
Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy.
network
low complexity
mozilla debian CWE-346
5.3
2023-08-01 CVE-2023-4046 In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis.
network
low complexity
mozilla debian
5.3
2023-08-01 CVE-2023-4049 Race Condition vulnerability in multiple products
Race conditions in reference counting code were found through code inspection.
network
high complexity
mozilla debian CWE-362
5.9