Vulnerabilities > Mozilla > Thunderbird > 0.7.1

DATE CVE VULNERABILITY TITLE RISK
2021-12-08 CVE-2021-43545 Excessive Iteration vulnerability in multiple products
Using the Location API in a loop could have caused severe application hangs and crashes.
network
low complexity
mozilla debian CWE-834
6.5
2021-12-08 CVE-2021-43546 Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products
It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor.
network
low complexity
mozilla debian CWE-1021
4.3
2021-11-03 CVE-2021-29991 HTTP Request Smuggling vulnerability in Mozilla Thunderbird
Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers.
network
low complexity
mozilla CWE-444
8.1
2021-11-03 CVE-2021-38492 Unspecified vulnerability in Mozilla Firefox
When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode.
network
low complexity
mozilla
6.5
2021-11-03 CVE-2021-38493 Out-of-bounds Write vulnerability in Mozilla Firefox
Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13.
network
low complexity
mozilla CWE-787
8.8
2021-11-03 CVE-2021-38495 Out-of-bounds Write vulnerability in Mozilla Firefox ESR
Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0.
network
low complexity
mozilla CWE-787
8.8
2021-11-03 CVE-2021-38496 Use After Free vulnerability in multiple products
During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash.
network
low complexity
mozilla debian CWE-416
8.8
2021-11-03 CVE-2021-38497 Origin Validation Error vulnerability in Mozilla Firefox
Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks.
network
low complexity
mozilla CWE-346
6.5
2021-11-03 CVE-2021-38498 Use After Free vulnerability in Mozilla Firefox
During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash.
network
low complexity
mozilla CWE-416
7.5
2021-11-03 CVE-2021-38500 Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1.
network
low complexity
mozilla debian
8.8