Vulnerabilities > Mozilla > Thunderbird > 37.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-17 | CVE-2021-29984 | Out-of-bounds Write vulnerability in Mozilla Thunderbird Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. | 8.8 |
| 2021-08-17 | CVE-2021-29985 | Use After Free vulnerability in Mozilla Thunderbird A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash. | 8.8 |
| 2021-08-17 | CVE-2021-29986 | Race Condition vulnerability in Mozilla Thunderbird A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. | 8.1 |
| 2021-08-17 | CVE-2021-29987 | Improper Restriction of Excessive Authentication Attempts vulnerability in Mozilla Firefox After requesting multiple permissions, and closing the first permission panel, subsequent permission panels will be displayed in a different position but still record a click in the default location, making it possible to trick a user into accepting a permission they did not want to. | 4.3 |
| 2021-08-17 | CVE-2021-29988 | Out-of-bounds Write vulnerability in Mozilla Thunderbird Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. | 8.8 |
| 2021-08-17 | CVE-2021-29989 | Out-of-bounds Write vulnerability in Mozilla Thunderbird Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. | 8.8 |
| 2021-08-05 | CVE-2021-29969 | Files or Directories Accessible to External Parties vulnerability in Mozilla Thunderbird If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. | 5.9 |
| 2021-08-05 | CVE-2021-29970 | Use After Free vulnerability in Mozilla Firefox A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. | 8.8 |
| 2021-08-05 | CVE-2021-29976 | Out-of-bounds Write vulnerability in Mozilla Firefox Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. | 8.8 |
| 2021-06-24 | CVE-2021-23991 | Unspecified vulnerability in Mozilla Thunderbird If a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has extended the validity period of her key, but Alice's updated key has not yet been imported, an attacker may send an email containing a crafted version of Alice's key with an invalid subkey, Thunderbird might subsequently attempt to use the invalid subkey, and will fail to send encrypted email to Alice. | 4.0 |