Vulnerabilities > Mozilla > Thunderbird > 78.15
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-12-08 | CVE-2021-43545 | Excessive Iteration vulnerability in multiple products Using the Location API in a loop could have caused severe application hangs and crashes. | 6.5 |
2021-12-08 | CVE-2021-43546 | Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor. | 4.3 |
2021-11-03 | CVE-2021-29991 | HTTP Request Smuggling vulnerability in Mozilla Firefox Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. | 5.8 |
2021-11-03 | CVE-2021-38495 | Out-of-bounds Write vulnerability in Mozilla Firefox ESR Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. | 8.8 |
2021-11-03 | CVE-2021-38497 | Origin Validation Error vulnerability in Mozilla Firefox Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. | 4.3 |
2021-11-03 | CVE-2021-38498 | Use After Free vulnerability in Mozilla Firefox During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. | 5.0 |
2021-11-03 | CVE-2021-38501 | Unspecified vulnerability in Mozilla Firefox Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. network mozilla | 6.8 |
2021-11-03 | CVE-2021-38502 | Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. | 4.3 |
2021-09-06 | CVE-2021-40529 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP. | 5.9 |
2021-08-17 | CVE-2021-29981 | Unspecified vulnerability in Mozilla Firefox An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code that would lead to a potentially exploitable crash. network mozilla | 6.8 |