Vulnerabilities > Mozilla > Thunderbird > 1.5.0.9
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-02 | CVE-2023-0767 | Unspecified vulnerability in Mozilla Firefox ESR An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. | 8.8 |
| 2023-06-02 | CVE-2023-1945 | Out-of-bounds Write vulnerability in Mozilla Thunderbird Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. | 6.5 |
| 2023-06-02 | CVE-2023-23598 | Unspecified vulnerability in Mozilla Firefox Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to <code>DataTransfer.setData</code>. | 6.5 |
| 2023-06-02 | CVE-2023-23599 | Improper Encoding or Escaping of Output vulnerability in Mozilla Firefox When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within. | 6.5 |
| 2023-06-02 | CVE-2023-23601 | Origin Validation Error vulnerability in Mozilla Firefox Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks. | 6.5 |
| 2023-06-02 | CVE-2023-23602 | Improper Check for Unusual or Exceptional Conditions vulnerability in Mozilla Firefox A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. | 6.5 |
| 2023-06-02 | CVE-2023-23603 | Unspecified vulnerability in Mozilla Firefox Regular expressions used to filter out forbidden properties and values from style directives in calls to <code>console.log</code> weren't accounting for external URLs. | 6.5 |
| 2023-06-02 | CVE-2023-23605 | Out-of-bounds Write vulnerability in Mozilla Firefox Memory safety bugs present in Firefox 108 and Firefox ESR 102.6. | 8.8 |
| 2023-06-02 | CVE-2023-25728 | Unspecified vulnerability in Mozilla Firefox ESR The <code>Content-Security-Policy-Report-Only</code> header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. | 6.5 |
| 2023-06-02 | CVE-2023-25729 | Unspecified vulnerability in Mozilla Firefox ESR Permission prompts for opening external schemes were only shown for <code>ContentPrincipals</code> resulting in extensions being able to open them without user interaction via <code>ExpandedPrincipals</code>. | 8.8 |