Vulnerabilities > Mozilla > Thunderbird > High

DATE CVE VULNERABILITY TITLE RISK
2023-07-05 CVE-2023-37201 Use After Free vulnerability in multiple products
An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS.
network
low complexity
mozilla debian CWE-416
8.8
2023-07-05 CVE-2023-37202 Use After Free vulnerability in multiple products
Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free.
network
low complexity
mozilla debian CWE-416
8.8
2023-07-05 CVE-2023-37208 When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code.
local
low complexity
mozilla debian
7.8
2023-06-19 CVE-2023-32214 Unspecified vulnerability in Mozilla Firefox
Protocol handlers `ms-cxh` and `ms-cxh-full` could have been leveraged to trigger a denial of service. *Note: This attack only affects Windows.
network
low complexity
mozilla
7.5
2023-06-02 CVE-2023-0767 Unspecified vulnerability in Mozilla Firefox ESR
An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled.
network
low complexity
mozilla
8.8
2023-06-02 CVE-2023-23605 Out-of-bounds Write vulnerability in Mozilla Firefox
Memory safety bugs present in Firefox 108 and Firefox ESR 102.6.
network
low complexity
mozilla CWE-787
8.8
2023-06-02 CVE-2023-25729 Unspecified vulnerability in Mozilla Firefox ESR
Permission prompts for opening external schemes were only shown for <code>ContentPrincipals</code> resulting in extensions being able to open them without user interaction via <code>ExpandedPrincipals</code>.
network
low complexity
mozilla
8.8
2023-06-02 CVE-2023-25732 Out-of-bounds Write vulnerability in Mozilla Firefox ESR
When encoding data from an <code>inputStream</code> in <code>xpcom</code> the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write.
network
low complexity
mozilla CWE-787
8.8
2023-06-02 CVE-2023-25734 Unspecified vulnerability in Mozilla Firefox
After downloading a Windows <code>.url</code> shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.
network
low complexity
mozilla
8.1
2023-06-02 CVE-2023-25735 Use After Free vulnerability in Mozilla Firefox ESR
Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after unwrapping the proxy.
network
low complexity
mozilla CWE-416
8.8