Vulnerabilities > Mozilla > Thunderbird > 0.7.1

DATE CVE VULNERABILITY TITLE RISK
2021-12-08 CVE-2021-43528 Improper Privilege Management vulnerability in multiple products
Thunderbird unexpectedly enabled JavaScript in the composition area.
network
low complexity
mozilla debian CWE-269
6.5
2021-12-08 CVE-2021-43534 Out-of-bounds Write vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2.
network
low complexity
mozilla debian CWE-787
8.8
2021-12-08 CVE-2021-43535 Use After Free vulnerability in multiple products
A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash.
network
low complexity
mozilla debian CWE-416
8.8
2021-12-08 CVE-2021-43536 Information Exposure vulnerability in multiple products
Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL.
network
low complexity
mozilla debian CWE-200
6.5
2021-12-08 CVE-2021-43537 Incorrect Type Conversion or Cast vulnerability in multiple products
An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash.
network
low complexity
mozilla debian CWE-704
8.8
2021-12-08 CVE-2021-43538 Race Condition vulnerability in multiple products
By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks.
network
low complexity
mozilla debian CWE-362
4.3
2021-12-08 CVE-2021-43539 Use After Free vulnerability in multiple products
Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers.
network
low complexity
mozilla debian CWE-416
8.8
2021-12-08 CVE-2021-43541 When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped.
network
low complexity
mozilla debian
6.5
2021-12-08 CVE-2021-43542 Information Exposure Through an Error Message vulnerability in multiple products
Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols.
network
low complexity
mozilla debian CWE-209
6.5
2021-12-08 CVE-2021-43543 Cross-site Scripting vulnerability in multiple products
Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content.
network
low complexity
mozilla debian CWE-79
6.1