Vulnerabilities > Mozilla > Thunderbird
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-09 | CVE-2024-6608 | Unspecified vulnerability in Mozilla Firefox It was possible to move the cursor using pointerlock from an iframe. | 4.3 |
| 2024-07-09 | CVE-2024-6609 | Unspecified vulnerability in Mozilla Firefox When almost out-of-memory an elliptic curve key which was never allocated could have been freed again. | 8.8 |
| 2024-07-09 | CVE-2024-6610 | Unspecified vulnerability in Mozilla Firefox Form validation popups could capture escape key presses. | 4.3 |
| 2024-06-11 | CVE-2024-5690 | Information Exposure Through Discrepancy vulnerability in multiple products By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. | 4.3 |
| 2024-06-11 | CVE-2024-5691 | Unspecified vulnerability in Mozilla Firefox By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. | 4.7 |
| 2024-01-23 | CVE-2024-0741 | Out-of-bounds Write vulnerability in multiple products An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. | 6.5 |
| 2024-01-23 | CVE-2024-0742 | It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load. | 4.3 |
| 2024-01-23 | CVE-2024-0746 | A Linux user opening the print preview dialog could have caused the browser to crash. | 6.5 |
| 2024-01-23 | CVE-2024-0747 | When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. | 6.5 |
| 2024-01-23 | CVE-2024-0749 | Origin Validation Error vulnerability in multiple products A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar. | 4.3 |