Vulnerabilities > Mozilla > Thunderbird > High

DATE CVE VULNERABILITY TITLE RISK
2023-06-02 CVE-2023-25737 Unspecified vulnerability in Mozilla Firefox ESR
An invalid downcast from <code>nsTextNode</code> to <code>SVGElement</code> could have lead to undefined behavior.
network
low complexity
mozilla
8.8
2023-06-02 CVE-2023-25739 Use After Free vulnerability in Mozilla Firefox ESR
Module load requests that failed were not being checked as to whether or not they were cancelled causing a use-after-free in <code>ScriptLoadContext</code>.
network
low complexity
mozilla CWE-416
8.8
2023-06-02 CVE-2023-25746 Out-of-bounds Write vulnerability in Mozilla Firefox ESR
Memory safety bugs present in Firefox ESR 102.7.
network
low complexity
mozilla CWE-787
8.8
2023-06-02 CVE-2023-28162 Incorrect Type Conversion or Cast vulnerability in Mozilla Firefox
While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type.
network
low complexity
mozilla CWE-704
8.8
2023-06-02 CVE-2023-28176 Out-of-bounds Write vulnerability in Mozilla Firefox
Memory safety bugs present in Firefox 110 and Firefox ESR 102.8.
network
low complexity
mozilla CWE-787
8.8
2023-06-02 CVE-2023-29536 Use After Free vulnerability in Mozilla products
An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash.
network
low complexity
mozilla CWE-416
8.8
2023-06-02 CVE-2023-29539 NULL Pointer Dereference vulnerability in Mozilla products
When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character.
network
low complexity
mozilla CWE-476
8.8
2023-06-02 CVE-2023-29541 Improper Encoding or Escaping of Output vulnerability in Mozilla products
Firefox did not properly handle downloads of files ending in <code>.desktop</code>, which can be interpreted to run attacker-controlled commands.
network
low complexity
mozilla CWE-116
8.8
2023-06-02 CVE-2023-29550 Unspecified vulnerability in Mozilla products
Memory safety bugs present in Firefox 111 and Firefox ESR 102.9.
network
low complexity
mozilla
8.8
2023-06-02 CVE-2023-32207 Authentication Bypass by Spoofing vulnerability in Mozilla Firefox
A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions.
network
low complexity
mozilla CWE-290
8.8