Vulnerabilities > Mozilla > Thunderbird

DATE CVE VULNERABILITY TITLE RISK
2023-12-19 CVE-2023-6857 Race Condition vulnerability in multiple products
When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary.
network
high complexity
mozilla debian CWE-362
5.3
2023-12-19 CVE-2023-6858 Out-of-bounds Write vulnerability in multiple products
Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handling.
network
low complexity
mozilla debian CWE-787
8.8
2023-12-19 CVE-2023-6859 Use After Free vulnerability in multiple products
A use-after-free condition affected TLS socket creation when under memory pressure.
network
low complexity
mozilla debian CWE-416
8.8
2023-12-19 CVE-2023-6860 The `VideoBridge` allowed any content process to use textures produced by remote decoders.
network
low complexity
mozilla debian
6.5
2023-12-19 CVE-2023-6861 Out-of-bounds Write vulnerability in multiple products
The `nsWindow::PickerOpen(void)` method was susceptible to a heap buffer overflow when running in headless mode.
network
low complexity
mozilla debian CWE-787
8.8
2023-12-19 CVE-2023-6862 Use After Free vulnerability in multiple products
A use-after-free was identified in the `nsDNSService::Init`.
network
low complexity
mozilla debian CWE-416
8.8
2023-12-19 CVE-2023-6863 The `ShutdownObserver()` was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual destructor.
network
low complexity
mozilla debian
8.8
2023-12-19 CVE-2023-6864 Out-of-bounds Write vulnerability in multiple products
Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5.
network
low complexity
mozilla debian CWE-787
8.8
2023-11-21 CVE-2023-6204 Out-of-bounds Read vulnerability in multiple products
On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element.
network
low complexity
mozilla debian CWE-125
6.5
2023-11-21 CVE-2023-6205 Use After Free vulnerability in multiple products
It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash.
network
low complexity
mozilla debian CWE-416
6.5