Vulnerabilities > Mozilla > Thunderbird

DATE CVE VULNERABILITY TITLE RISK
2024-10-29 CVE-2024-10467 Out-of-bounds Write vulnerability in Mozilla Thunderbird
Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3.
network
low complexity
mozilla CWE-787
8.8
2024-10-29 CVE-2024-10468 Race Condition vulnerability in Mozilla Firefox
Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially exploitable crash.
network
high complexity
mozilla CWE-362
5.3
2024-10-09 CVE-2024-9680 Use After Free vulnerability in multiple products
An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines.
network
low complexity
mozilla debian CWE-416
critical
9.8
2024-10-01 CVE-2024-9393 Unspecified vulnerability in Mozilla Firefox
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin.
network
low complexity
mozilla
7.5
2024-10-01 CVE-2024-9394 Unspecified vulnerability in Mozilla Firefox
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin.
network
low complexity
mozilla
7.5
2024-10-01 CVE-2024-9397 Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox
A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking.
network
low complexity
mozilla CWE-1021
6.1
2024-10-01 CVE-2024-9398 Unspecified vulnerability in Mozilla Firefox
By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed.
network
low complexity
mozilla
5.3
2024-10-01 CVE-2024-9399 Unspecified vulnerability in Mozilla Thunderbird
A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition.
network
low complexity
mozilla
7.5
2024-09-06 CVE-2024-8394 Use After Free vulnerability in Mozilla Thunderbird
When aborting the verification of an OTR chat session, an attacker could have caused a use-after-free bug leading to a potentially exploitable crash.
network
low complexity
mozilla CWE-416
6.5
2024-09-03 CVE-2024-8387 Out-of-bounds Write vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird
Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1.
network
low complexity
mozilla CWE-787
critical
9.8