Vulnerabilities > Mozilla > Thunderbird > 0.7.1

DATE CVE VULNERABILITY TITLE RISK
2021-08-17 CVE-2021-29988 Out-of-bounds Write vulnerability in Mozilla Thunderbird
Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash.
network
low complexity
mozilla CWE-787
8.8
2021-08-17 CVE-2021-29989 Out-of-bounds Write vulnerability in Mozilla Thunderbird
Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12.
network
low complexity
mozilla CWE-787
8.8
2021-08-05 CVE-2021-29969 Files or Directories Accessible to External Parties vulnerability in Mozilla Thunderbird
If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data.
network
high complexity
mozilla CWE-552
5.9
2021-08-05 CVE-2021-29970 Use After Free vulnerability in Mozilla Firefox
A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash.
network
low complexity
mozilla CWE-416
8.8
2021-08-05 CVE-2021-29976 Out-of-bounds Write vulnerability in Mozilla Firefox
Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird.
network
low complexity
mozilla CWE-787
8.8
2021-06-24 CVE-2021-23991 Unspecified vulnerability in Mozilla Thunderbird
If a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has extended the validity period of her key, but Alice's updated key has not yet been imported, an attacker may send an email containing a crafted version of Alice's key with an invalid subkey, Thunderbird might subsequently attempt to use the invalid subkey, and will fail to send encrypted email to Alice.
network
high complexity
mozilla
6.8
2021-06-24 CVE-2021-23992 Improper Verification of Cryptographic Signature vulnerability in Mozilla Thunderbird
Thunderbird did not check if the user ID associated with an OpenPGP key has a valid self signature.
network
low complexity
mozilla CWE-347
4.3
2021-06-24 CVE-2021-23993 Improper Verification of Cryptographic Signature vulnerability in Mozilla Thunderbird
An attacker may perform a DoS attack to prevent a user from sending encrypted email to a correspondent.
network
low complexity
mozilla CWE-347
6.5
2021-06-24 CVE-2021-23994 Missing Initialization of Resource vulnerability in Mozilla Thunderbird
A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write.
network
low complexity
mozilla CWE-909
8.8
2021-06-24 CVE-2021-23995 Operation on a Resource after Expiration or Release vulnerability in Mozilla Thunderbird
When Responsive Design Mode was enabled, it used references to objects that were previously freed.
network
low complexity
mozilla CWE-672
8.8