Vulnerabilities > Mozilla > Thunderbird > 2.0.0.6

DATE CVE VULNERABILITY TITLE RISK
2023-12-19 CVE-2023-50761 The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time.
network
low complexity
mozilla debian
4.3
2023-12-19 CVE-2023-50762 When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user.
network
low complexity
mozilla debian
4.3
2023-12-19 CVE-2023-6856 Out-of-bounds Write vulnerability in multiple products
The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver.
network
low complexity
mozilla debian CWE-787
8.8
2023-12-19 CVE-2023-6857 Race Condition vulnerability in multiple products
When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary.
network
high complexity
mozilla debian CWE-362
5.3
2023-12-19 CVE-2023-6858 Out-of-bounds Write vulnerability in multiple products
Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handling.
network
low complexity
mozilla debian CWE-787
8.8
2023-12-19 CVE-2023-6859 Use After Free vulnerability in multiple products
A use-after-free condition affected TLS socket creation when under memory pressure.
network
low complexity
mozilla debian CWE-416
8.8
2023-12-19 CVE-2023-6860 The `VideoBridge` allowed any content process to use textures produced by remote decoders.
network
low complexity
mozilla debian
6.5
2023-12-19 CVE-2023-6861 Out-of-bounds Write vulnerability in multiple products
The `nsWindow::PickerOpen(void)` method was susceptible to a heap buffer overflow when running in headless mode.
network
low complexity
mozilla debian CWE-787
8.8
2023-12-19 CVE-2023-6862 Use After Free vulnerability in multiple products
A use-after-free was identified in the `nsDNSService::Init`.
network
low complexity
mozilla debian CWE-416
8.8
2023-12-19 CVE-2023-6863 The `ShutdownObserver()` was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual destructor.
network
low complexity
mozilla debian
8.8