Vulnerabilities > Mozilla > Thunderbird

DATE CVE VULNERABILITY TITLE RISK
2023-06-02 CVE-2023-28162 Incorrect Type Conversion or Cast vulnerability in Mozilla Firefox
While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type.
network
low complexity
mozilla CWE-704
8.8
2023-06-02 CVE-2023-28163 Unspecified vulnerability in Mozilla Firefox
When downloading files through the Save As dialog on Windows with suggested filenames containing environment variable names, Windows would have resolved those in the context of the current user.
network
low complexity
mozilla
6.5
2023-06-02 CVE-2023-28164 Unspecified vulnerability in Mozilla Firefox
Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks.
network
low complexity
mozilla
6.5
2023-06-02 CVE-2023-28176 Out-of-bounds Write vulnerability in Mozilla Firefox
Memory safety bugs present in Firefox 110 and Firefox ESR 102.8.
network
low complexity
mozilla CWE-787
8.8
2023-06-02 CVE-2023-29533 Unspecified vulnerability in Mozilla products
A website could have obscured the fullscreen notification by using a combination of <code>window.open</code>, fullscreen requests, <code>window.name</code> assignments, and <code>setInterval</code> calls.
network
low complexity
mozilla
4.3
2023-06-02 CVE-2023-29535 Unspecified vulnerability in Mozilla products
Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced.
network
low complexity
mozilla
6.5
2023-06-02 CVE-2023-29536 Use After Free vulnerability in Mozilla products
An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash.
network
low complexity
mozilla CWE-416
8.8
2023-06-02 CVE-2023-29539 NULL Pointer Dereference vulnerability in Mozilla products
When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character.
network
low complexity
mozilla CWE-476
8.8
2023-06-02 CVE-2023-29541 Improper Encoding or Escaping of Output vulnerability in Mozilla products
Firefox did not properly handle downloads of files ending in <code>.desktop</code>, which can be interpreted to run attacker-controlled commands.
network
low complexity
mozilla CWE-116
8.8
2023-06-02 CVE-2023-29548 Unspecified vulnerability in Mozilla products
A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result.
network
low complexity
mozilla
6.5