Vulnerabilities > Mozilla > Thunderbird > High

DATE CVE VULNERABILITY TITLE RISK
2024-08-06 CVE-2024-7525 Incorrect Default Permissions vulnerability in Mozilla Firefox
It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site.
network
low complexity
mozilla CWE-276
8.1
2024-08-06 CVE-2024-7527 Use After Free vulnerability in Mozilla Firefox
Unexpected marking work at the start of sweeping could have led to a use-after-free.
network
low complexity
mozilla CWE-416
8.8
2024-08-06 CVE-2024-7528 Use After Free vulnerability in Mozilla Firefox
Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free.
network
low complexity
mozilla CWE-416
8.8
2024-07-09 CVE-2024-6609 Unspecified vulnerability in Mozilla Firefox
When almost out-of-memory an elliptic curve key which was never allocated could have been freed again.
network
low complexity
mozilla
8.8
2024-02-20 CVE-2024-1552 Incorrect Conversion between Numeric Types vulnerability in multiple products
Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior.*Note:* This issue only affects 32-bit ARM devices.
network
low complexity
mozilla debian CWE-681
7.5
2024-01-23 CVE-2024-0750 A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions.
network
low complexity
mozilla debian
8.8
2024-01-23 CVE-2024-0751 Improper Privilege Management vulnerability in multiple products
A malicious devtools extension could have been used to escalate privileges.
network
low complexity
mozilla debian CWE-269
8.8
2024-01-23 CVE-2024-0755 Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6.
network
low complexity
mozilla debian
8.8
2023-12-19 CVE-2023-6856 Out-of-bounds Write vulnerability in multiple products
The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver.
network
low complexity
mozilla debian CWE-787
8.8
2023-12-19 CVE-2023-6858 Out-of-bounds Write vulnerability in multiple products
Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handling.
network
low complexity
mozilla debian CWE-787
8.8