Vulnerabilities > Mozilla > Thunderbird

DATE CVE VULNERABILITY TITLE RISK
2023-06-02 CVE-2023-29550 Unspecified vulnerability in Mozilla products
Memory safety bugs present in Firefox 111 and Firefox ESR 102.9.
network
low complexity
mozilla
8.8
2023-06-02 CVE-2023-32205 Unspecified vulnerability in Mozilla Firefox
In multiple cases browser prompts could have been obscured by popups controlled by content.
network
low complexity
mozilla
4.3
2023-06-02 CVE-2023-32206 Out-of-bounds Read vulnerability in Mozilla Firefox
An out-of-bound read could have led to a crash in the RLBox Expat driver.
network
low complexity
mozilla CWE-125
6.5
2023-06-02 CVE-2023-32207 Authentication Bypass by Spoofing vulnerability in Mozilla Firefox
A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions.
network
low complexity
mozilla CWE-290
8.8
2023-06-02 CVE-2023-32211 Unspecified vulnerability in Mozilla Firefox
A type checking bug would have led to invalid code being compiled.
network
low complexity
mozilla
6.5
2023-06-02 CVE-2023-32212 Unspecified vulnerability in Mozilla Firefox
An attacker could have positioned a <code>datalist</code> element to obscure the address bar.
network
low complexity
mozilla
4.3
2023-06-02 CVE-2023-32213 Use of Uninitialized Resource vulnerability in Mozilla Firefox
When reading a file, an uninitialized value could have been used as read limit.
network
low complexity
mozilla CWE-908
8.8
2023-06-02 CVE-2023-32215 Out-of-bounds Write vulnerability in Mozilla Firefox
Memory safety bugs present in Firefox 112 and Firefox ESR 102.10.
network
low complexity
mozilla CWE-787
8.8
2023-02-16 CVE-2021-43529 Out-of-bounds Write vulnerability in Mozilla Thunderbird
Thunderbird versions prior to 91.3.0 are vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages.
network
low complexity
mozilla CWE-787
critical
9.8
2022-12-22 CVE-2020-15685 Command Injection vulnerability in Mozilla Thunderbird
During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session.
network
low complexity
mozilla CWE-77
8.8