Vulnerabilities > Mozilla > Thunderbird > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-22 | CVE-2022-46872 | Unspecified vulnerability in Mozilla Firefox An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages.<br>*This bug only affects Thunderbird for Linux. | 8.6 |
| 2022-12-22 | CVE-2022-46874 | Unspecified vulnerability in Mozilla Firefox A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. | 8.8 |
| 2022-12-22 | CVE-2022-46878 | Out-of-bounds Write vulnerability in Mozilla Firefox Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 102.5. | 8.8 |
| 2022-12-22 | CVE-2022-46881 | Out-of-bounds Write vulnerability in Mozilla Firefox An optimization in WebGL was incorrect in some cases, and could have led to memory corruption and a potentially exploitable crash. *Note*: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. | 8.8 |
| 2021-12-08 | CVE-2021-38504 | Use After Free vulnerability in multiple products When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. | 8.8 |
| 2021-12-08 | CVE-2021-43537 | Incorrect Type Conversion or Cast vulnerability in multiple products An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash. | 8.8 |
| 2021-12-08 | CVE-2021-43539 | Use After Free vulnerability in multiple products Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. | 8.8 |
| 2021-11-03 | CVE-2021-38493 | Out-of-bounds Write vulnerability in Mozilla Firefox Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. | 8.8 |
| 2021-11-03 | CVE-2021-38495 | Out-of-bounds Write vulnerability in Mozilla Firefox ESR Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. | 8.8 |
| 2021-08-17 | CVE-2021-29980 | Missing Initialization of Resource vulnerability in Mozilla Thunderbird Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash. | 8.8 |