Vulnerabilities > Mozilla > Thunderbird

DATE CVE VULNERABILITY TITLE RISK
2023-09-11 CVE-2023-4574 Use After Free vulnerability in Mozilla Thunderbird
When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished.
network
low complexity
mozilla CWE-416
6.5
2023-09-11 CVE-2023-4575 Use After Free vulnerability in Mozilla Thunderbird
When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished.
network
low complexity
mozilla CWE-416
6.5
2023-09-11 CVE-2023-4576 Integer Overflow or Wraparound vulnerability in Mozilla Firefox
On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` which resulted in a heap buffer overflow potentially leaking sensitive data that could have led to a sandbox escape. *This bug only affects Firefox on Windows.
network
low complexity
mozilla CWE-190
8.6
2023-09-11 CVE-2023-4577 Unspecified vulnerability in Mozilla Thunderbird
When `UpdateRegExpStatics` attempted to access `initialStringHeap` it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash.
network
low complexity
mozilla
6.5
2023-09-11 CVE-2023-4578 Allocation of Resources Without Limits or Throttling vulnerability in Mozilla Thunderbird
When calling `JS::CheckRegExpSyntax` a Syntax Error could have been set which would end in calling `convertToRuntimeErrorAndClear`.
network
low complexity
mozilla CWE-770
6.5
2023-09-11 CVE-2023-4580 Missing Encryption of Sensitive Data vulnerability in Mozilla Thunderbird
Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information.
network
low complexity
mozilla CWE-311
6.5
2023-09-11 CVE-2023-4581 Unspecified vulnerability in Mozilla Thunderbird
Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm.
network
low complexity
mozilla
4.3
2023-09-11 CVE-2023-4582 Classic Buffer Overflow vulnerability in Mozilla Firefox
Due to large allocation checks in Angle for glsl shaders being too lenient a buffer overflow could have occured when allocating too much private shader memory on mac OS.
network
low complexity
mozilla CWE-120
8.8
2023-09-11 CVE-2023-4583 Unspecified vulnerability in Mozilla Thunderbird
When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended.
network
low complexity
mozilla
7.5
2023-09-11 CVE-2023-4584 Out-of-bounds Write vulnerability in Mozilla Thunderbird
Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1.
network
low complexity
mozilla CWE-787
8.8