Vulnerabilities > Mozilla > Thunderbird
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-06-19 | CVE-2023-29545 | Unspecified vulnerability in Mozilla Thunderbird Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user. | 6.5 |
2023-06-19 | CVE-2023-34414 | Improper Certificate Validation vulnerability in Mozilla Firefox The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. | 3.1 |
2023-06-19 | CVE-2023-34416 | Out-of-bounds Write vulnerability in Mozilla Firefox Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. | 9.8 |
2023-06-19 | CVE-2023-29531 | Out-of-bounds Write vulnerability in Mozilla Firefox An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash. *This bug only affects Firefox and Thunderbird for macOS. | 9.8 |
2023-06-19 | CVE-2023-29532 | Unspecified vulnerability in Mozilla Firefox A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. | 5.5 |
2023-06-19 | CVE-2023-32214 | Unspecified vulnerability in Mozilla Firefox Protocol handlers `ms-cxh` and `ms-cxh-full` could have been leveraged to trigger a denial of service. *Note: This attack only affects Windows. | 7.5 |
2023-06-02 | CVE-2023-0430 | Improper Certificate Validation vulnerability in Mozilla Thunderbird Certificate OCSP revocation status was not checked when verifying S/Mime signatures. | 6.5 |
2023-06-02 | CVE-2023-0547 | Improper Certificate Validation vulnerability in Mozilla Thunderbird OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. | 6.5 |
2023-06-02 | CVE-2023-0616 | Resource Exhaustion vulnerability in Mozilla Thunderbird If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user's actions. | 6.5 |
2023-06-02 | CVE-2023-0767 | Unspecified vulnerability in Mozilla Firefox ESR An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. | 8.8 |