Vulnerabilities > Mozilla > Thunderbird > 0.7.1

DATE CVE VULNERABILITY TITLE RISK
2022-12-22 CVE-2021-4140 XML Injection (aka Blind XPath Injection) vulnerability in Mozilla Firefox
It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox.
network
low complexity
mozilla CWE-91
critical
10.0
2022-12-22 CVE-2022-0566 Out-of-bounds Write vulnerability in Mozilla Thunderbird
It may be possible for an attacker to craft an email message that causes Thunderbird to perform an out-of-bounds write of one byte when processing the message.
network
low complexity
mozilla CWE-787
8.8
2022-12-22 CVE-2022-1097 Use After Free vulnerability in Mozilla Firefox ESR
<code>NSSToken</code> objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash.
network
low complexity
mozilla CWE-416
6.5
2022-12-22 CVE-2022-1196 Use After Free vulnerability in Mozilla Firefox ESR
After a VR Process is destroyed, a reference to it may have been retained and used, leading to a use-after-free and potentially exploitable crash.
network
low complexity
mozilla CWE-416
6.5
2022-12-22 CVE-2022-1197 Improper Certificate Validation vulnerability in Mozilla Thunderbird
When importing a revoked key that specified key compromise as the revocation reason, Thunderbird did not update the existing copy of the key that was not yet revoked, and the existing key was kept as non-revoked.
network
low complexity
mozilla CWE-295
5.4
2022-12-22 CVE-2022-1520 Unspecified vulnerability in Mozilla Thunderbird
When viewing an email message A, which contains an attached message B, where B is encrypted or digitally signed or both, Thunderbird may show an incorrect encryption or signature status.
network
low complexity
mozilla
4.3
2022-12-22 CVE-2022-1529 Unspecified vulnerability in Mozilla Thunderbird
An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process.
network
low complexity
mozilla
8.8
2022-12-22 CVE-2022-1802 Unspecified vulnerability in Mozilla Thunderbird
If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context.
network
low complexity
mozilla
8.8
2022-12-22 CVE-2022-1834 Improper Certificate Validation vulnerability in Mozilla Thunderbird
When displaying the sender of an email, and the sender name contained the Braille Pattern Blank space character multiple times, Thunderbird would have displayed all the spaces.
network
low complexity
mozilla CWE-295
6.5
2022-12-22 CVE-2022-22737 Race Condition vulnerability in Mozilla Firefox
Constructing audio sinks could have lead to a race condition when playing audio files and closing windows.
network
high complexity
mozilla CWE-362
7.5