Vulnerabilities > Mozilla > Thunderbird > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-07-23 CVE-2019-9819 Type Confusion vulnerability in Mozilla Thunderbird
A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash.
network
low complexity
mozilla CWE-843
critical
9.8
2019-07-23 CVE-2019-9820 Use After Free vulnerability in Mozilla Firefox ESR
A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use.
network
low complexity
mozilla CWE-416
critical
9.8
2019-04-26 CVE-2018-18512 Use After Free vulnerability in Mozilla Thunderbird
A use-after-free vulnerability can occur while playing a sound notification in Thunderbird.
network
low complexity
mozilla CWE-416
critical
9.8
2019-04-26 CVE-2019-9788 Out-of-bounds Write vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5.
network
low complexity
mozilla redhat CWE-787
critical
9.8
2019-04-26 CVE-2019-9790 Use After Free vulnerability in Mozilla Thunderbird
A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use.
network
low complexity
mozilla CWE-416
critical
9.8
2019-04-26 CVE-2019-9791 Type Confusion vulnerability in multiple products
The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR).
network
low complexity
mozilla redhat CWE-843
critical
9.8
2019-04-26 CVE-2019-9792 Out-of-bounds Write vulnerability in multiple products
The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout.
network
low complexity
mozilla redhat CWE-787
critical
9.8
2019-04-26 CVE-2019-9794 Argument Injection or Modification vulnerability in Mozilla Firefox
A vulnerability was discovered where specific command line arguments are not properly discarded during Firefox invocation as a shell handler for URLs.
network
low complexity
mozilla CWE-88
critical
9.8
2019-04-26 CVE-2019-9795 Type Confusion vulnerability in Mozilla Firefox
A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash.
network
low complexity
mozilla CWE-843
critical
9.8
2019-04-26 CVE-2019-9796 Use After Free vulnerability in Mozilla Firefox
A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected.
network
low complexity
mozilla CWE-416
critical
9.8