Vulnerabilities > Mozilla > Thunderbird > High

DATE CVE VULNERABILITY TITLE RISK
2023-06-02 CVE-2023-32213 Use of Uninitialized Resource vulnerability in Mozilla Firefox
When reading a file, an uninitialized value could have been used as read limit.
network
low complexity
mozilla CWE-908
8.8
2023-06-02 CVE-2023-32215 Out-of-bounds Write vulnerability in Mozilla Firefox
Memory safety bugs present in Firefox 112 and Firefox ESR 102.10.
network
low complexity
mozilla CWE-787
8.8
2022-12-22 CVE-2020-15685 Command Injection vulnerability in Mozilla Thunderbird
During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session.
network
low complexity
mozilla CWE-77
8.8
2022-12-22 CVE-2022-0566 Out-of-bounds Write vulnerability in Mozilla Thunderbird
It may be possible for an attacker to craft an email message that causes Thunderbird to perform an out-of-bounds write of one byte when processing the message.
network
low complexity
mozilla CWE-787
8.8
2022-12-22 CVE-2022-1529 Unspecified vulnerability in Mozilla Thunderbird
An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process.
network
low complexity
mozilla
8.8
2022-12-22 CVE-2022-1802 Unspecified vulnerability in Mozilla Thunderbird
If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context.
network
low complexity
mozilla
8.8
2022-12-22 CVE-2022-22737 Race Condition vulnerability in Mozilla Firefox
Constructing audio sinks could have lead to a race condition when playing audio files and closing windows.
network
high complexity
mozilla CWE-362
7.5
2022-12-22 CVE-2022-22738 Out-of-bounds Write vulnerability in Mozilla Firefox
Applying a CSS filter effect could have accessed out of bounds memory.
network
low complexity
mozilla CWE-787
8.8
2022-12-22 CVE-2022-22740 Use After Free vulnerability in Mozilla Firefox
Certain network request objects were freed too early when releasing a network request handle.
network
low complexity
mozilla CWE-416
8.8
2022-12-22 CVE-2022-22741 Unspecified vulnerability in Mozilla Firefox
When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode.
network
low complexity
mozilla
7.5