Vulnerabilities > Mozilla > Thunderbird > 0.7.1

DATE CVE VULNERABILITY TITLE RISK
2023-11-21 CVE-2023-6207 Use After Free vulnerability in multiple products
Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
network
low complexity
mozilla debian CWE-416
8.8
2023-11-21 CVE-2023-6208 When using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary storage not unlike the clipboard. *This bug only affects Firefox on X11.
network
low complexity
mozilla debian
8.8
2023-11-21 CVE-2023-6209 Path Traversal vulnerability in multiple products
Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host.
network
low complexity
mozilla debian CWE-22
6.5
2023-11-21 CVE-2023-6212 Out-of-bounds Write vulnerability in multiple products
Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4.
network
low complexity
mozilla debian CWE-787
8.8
2023-10-25 CVE-2023-5721 Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products
It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay.
network
low complexity
mozilla debian CWE-1021
4.3
2023-10-25 CVE-2023-5724 Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash.
network
low complexity
mozilla debian
7.5
2023-10-25 CVE-2023-5725 A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data.
network
low complexity
mozilla debian
4.3
2023-10-25 CVE-2023-5726 Unspecified vulnerability in Mozilla Firefox
A website could have obscured the full screen notification by using the file open dialog.
network
low complexity
mozilla
4.3
2023-10-25 CVE-2023-5727 Unspecified vulnerability in Mozilla Firefox
The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer.
network
low complexity
mozilla
6.5
2023-10-25 CVE-2023-5728 During garbage collection extra operations were performed on a object that should not be.
network
low complexity
mozilla debian
7.5