Vulnerabilities > Mozilla > Thunderbird > 37.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-09 | CVE-2020-26959 | Use After Free vulnerability in Mozilla Firefox During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. | 6.8 |
| 2020-12-09 | CVE-2020-26958 | Cross-site Scripting vulnerability in Mozilla Firefox Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. | 4.3 |
| 2020-12-09 | CVE-2020-26956 | Cross-site Scripting vulnerability in Mozilla Firefox In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. | 4.3 |
| 2020-12-09 | CVE-2020-26953 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. | 4.3 |
| 2020-12-09 | CVE-2020-26951 | Cross-site Scripting vulnerability in Mozilla Firefox A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. | 4.3 |
| 2020-12-09 | CVE-2020-26950 | Use After Free vulnerability in Mozilla Firefox In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. | 9.3 |
| 2020-10-22 | CVE-2020-15683 | Use After Free vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. | 7.5 |
| 2020-10-08 | CVE-2020-15646 | Insufficiently Protected Credentials vulnerability in Mozilla Thunderbird If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker. | 4.3 |
| 2020-10-01 | CVE-2020-15670 | Release of Invalid Pointer or Reference vulnerability in Mozilla Firefox and Firefox ESR Mozilla developers reported memory safety bugs present in Firefox for Android 79. | 6.8 |
| 2020-10-01 | CVE-2020-15669 | Use After Free vulnerability in Mozilla Firefox ESR When aborting an operation, such as a fetch, an abort signal may be deleted while alerting the objects to be notified. | 6.8 |