Vulnerabilities > Mozilla > Thunderbird > 0.7.1

DATE CVE VULNERABILITY TITLE RISK
2021-06-24 CVE-2021-23998 Insufficient Verification of Data Authenticity vulnerability in Mozilla Thunderbird
Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page.
network
low complexity
mozilla CWE-345
6.5
2021-06-24 CVE-2021-23999 Incorrect Comparison vulnerability in Mozilla Thunderbird
If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content.
network
low complexity
mozilla CWE-697
8.8
2021-06-24 CVE-2021-24002 Injection vulnerability in Mozilla Thunderbird
When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server.
network
low complexity
mozilla CWE-74
8.8
2021-06-24 CVE-2021-29946 Integer Overflow or Wraparound vulnerability in Mozilla Thunderbird
Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header.
network
low complexity
mozilla CWE-190
8.8
2021-06-24 CVE-2021-29948 Race Condition vulnerability in Mozilla Thunderbird
Signatures are written to disk before and read during verification, which might be subject to a race condition when a malicious local process or user is replacing the file.
local
high complexity
mozilla CWE-362
2.5
2021-06-24 CVE-2021-29949 Uncontrolled Search Path Element vulnerability in Mozilla Thunderbird
When loading the shared library that provides the OTR protocol implementation, Thunderbird will initially attempt to open it using a filename that isn't distributed by Thunderbird.
local
low complexity
mozilla CWE-427
7.8
2021-06-24 CVE-2021-29950 Cleartext Storage of Sensitive Information vulnerability in Mozilla Thunderbird
Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key import task.
network
low complexity
mozilla CWE-312
7.5
2021-06-24 CVE-2021-29951 Improper Privilege Management vulnerability in Mozilla Firefox
The Mozilla Maintenance Service granted SERVICE_START access to BUILTIN|Users which, in a domain network, grants normal remote users access to start or stop the service.
network
low complexity
mozilla CWE-269
6.5
2021-06-24 CVE-2021-29957 Unspecified vulnerability in Mozilla Thunderbird
If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the message are protected.
network
low complexity
mozilla
4.3
2021-06-24 CVE-2021-29964 Out-of-bounds Read vulnerability in Mozilla Firefox
A locally-installed hostile program could send `WM_COPYDATA` messages that Firefox would process incorrectly, leading to an out-of-bounds read.
local
low complexity
mozilla CWE-125
7.1