Vulnerabilities > Mozilla > Thunderbird > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-10-09 CVE-2024-9680 Use After Free vulnerability in multiple products
An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines.
network
low complexity
mozilla debian CWE-416
critical
9.8
2024-09-03 CVE-2024-8387 Out-of-bounds Write vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird
Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1.
network
low complexity
mozilla CWE-787
critical
9.8
2024-08-06 CVE-2024-7519 Out-of-bounds Write vulnerability in Mozilla Firefox
Insufficient checks when processing graphics shared memory could have led to memory corruption.
network
low complexity
mozilla CWE-787
critical
9.6
2023-10-25 CVE-2023-5730 Out-of-bounds Write vulnerability in multiple products
Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3.
network
low complexity
mozilla debian CWE-787
critical
9.8
2023-09-27 CVE-2023-5176 Out-of-bounds Write vulnerability in multiple products
Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2.
network
low complexity
mozilla debian CWE-787
critical
9.8
2023-09-27 CVE-2023-5174 Use After Free vulnerability in Mozilla Firefox
If Windows failed to duplicate a handle during process creation, the sandbox code may have inadvertently freed a pointer twice, resulting in a use-after-free and a potentially exploitable crash. *This bug only affects Firefox on Windows when run in non-standard configurations (such as using `runas`).
network
low complexity
mozilla CWE-416
critical
9.8
2023-09-27 CVE-2023-5168 Out-of-bounds Write vulnerability in Mozilla Firefox
A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. *This bug only affects Firefox on Windows.
network
low complexity
mozilla CWE-787
critical
9.8
2023-06-19 CVE-2023-34416 Out-of-bounds Write vulnerability in Mozilla Firefox
Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12.
network
low complexity
mozilla CWE-787
critical
9.8
2023-06-19 CVE-2023-29542 Unspecified vulnerability in Mozilla Firefox
A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download.
network
low complexity
mozilla
critical
9.8
2023-06-19 CVE-2023-29531 Out-of-bounds Write vulnerability in Mozilla Firefox
An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash. *This bug only affects Firefox and Thunderbird for macOS.
network
low complexity
mozilla CWE-787
critical
9.8