Vulnerabilities > Mozilla > Thunderbird > High

DATE CVE VULNERABILITY TITLE RISK
2021-01-07 CVE-2020-26973 Unspecified vulnerability in Mozilla Firefox ESR
Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed.
network
low complexity
mozilla
8.8
2021-01-07 CVE-2020-26971 Out-of-bounds Write vulnerability in Mozilla Firefox ESR
Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers.
network
low complexity
mozilla CWE-787
8.8
2020-12-09 CVE-2020-26970 Out-of-bounds Write vulnerability in Mozilla Thunderbird
When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte.
network
low complexity
mozilla CWE-787
8.8
2020-12-09 CVE-2020-26968 Out-of-bounds Write vulnerability in Mozilla Firefox
Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4.
network
low complexity
mozilla CWE-787
8.8
2020-12-09 CVE-2020-26960 Use After Free vulnerability in Mozilla Firefox
If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash.
network
low complexity
mozilla CWE-416
8.8
2020-12-09 CVE-2020-26959 Use After Free vulnerability in Mozilla Firefox
During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash.
network
low complexity
mozilla CWE-416
8.8
2020-12-09 CVE-2020-26950 Use After Free vulnerability in Mozilla Firefox ESR
In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition.
network
low complexity
mozilla CWE-416
8.8
2020-10-01 CVE-2020-15670 Reachable Assertion vulnerability in Mozilla Firefox and Firefox ESR
Mozilla developers reported memory safety bugs present in Firefox for Android 79.
network
low complexity
mozilla CWE-617
8.8
2020-10-01 CVE-2020-15669 Use After Free vulnerability in Mozilla Firefox ESR
When aborting an operation, such as a fetch, an abort signal may be deleted while alerting the objects to be notified.
network
low complexity
mozilla CWE-416
8.8
2020-10-01 CVE-2020-15663 Uncontrolled Search Path Element vulnerability in Mozilla Firefox
If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with system privileges.
network
low complexity
mozilla CWE-427
8.8