Vulnerabilities > Mozilla > Thunderbird

DATE CVE VULNERABILITY TITLE RISK
2023-09-11 CVE-2023-4577 Unspecified vulnerability in Mozilla Thunderbird
When `UpdateRegExpStatics` attempted to access `initialStringHeap` it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash.
network
low complexity
mozilla
6.5
2023-09-11 CVE-2023-4578 Allocation of Resources Without Limits or Throttling vulnerability in Mozilla Thunderbird
When calling `JS::CheckRegExpSyntax` a Syntax Error could have been set which would end in calling `convertToRuntimeErrorAndClear`.
network
low complexity
mozilla CWE-770
6.5
2023-09-11 CVE-2023-4580 Missing Encryption of Sensitive Data vulnerability in Mozilla Thunderbird
Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information.
network
low complexity
mozilla CWE-311
6.5
2023-09-11 CVE-2023-4581 Unspecified vulnerability in Mozilla Thunderbird
Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm.
network
low complexity
mozilla
4.3
2023-09-11 CVE-2023-4582 Classic Buffer Overflow vulnerability in Mozilla Firefox
Due to large allocation checks in Angle for glsl shaders being too lenient a buffer overflow could have occured when allocating too much private shader memory on mac OS.
network
low complexity
mozilla CWE-120
8.8
2023-09-11 CVE-2023-4583 Unspecified vulnerability in Mozilla Thunderbird
When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended.
network
low complexity
mozilla
7.5
2023-09-11 CVE-2023-4584 Out-of-bounds Write vulnerability in Mozilla Thunderbird
Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1.
network
low complexity
mozilla CWE-787
8.8
2023-09-11 CVE-2023-4585 Out-of-bounds Write vulnerability in Mozilla Thunderbird
Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1.
network
low complexity
mozilla CWE-787
8.8
2023-09-11 CVE-2023-4573 Use After Free vulnerability in Mozilla Thunderbird
When receiving rendering data over IPC `mStream` could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash.
network
low complexity
mozilla CWE-416
6.5
2023-07-24 CVE-2023-3417 Thunderbird allowed the Text Direction Override Unicode Character in filenames.
network
low complexity
mozilla debian
7.5