Vulnerabilities > Mozilla > Thunderbird > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-01-23 CVE-2024-0741 Out-of-bounds Write vulnerability in multiple products
An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash.
network
low complexity
mozilla debian CWE-787
6.5
6.5
2024-01-23 CVE-2024-0742 It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load.
network
low complexity
mozilla debian
4.3
4.3
2024-01-23 CVE-2024-0746 A Linux user opening the print preview dialog could have caused the browser to crash.
network
low complexity
mozilla debian
6.5
6.5
2024-01-23 CVE-2024-0747 When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy.
network
low complexity
mozilla debian
6.5
6.5
2024-01-23 CVE-2024-0749 Origin Validation Error vulnerability in multiple products
A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar.
network
low complexity
mozilla debian CWE-346
4.3
4.3
2024-01-23 CVE-2024-0753 In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain.
network
low complexity
mozilla debian
6.5
6.5
2023-12-19 CVE-2023-50761 The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time.
network
low complexity
mozilla debian
4.3
4.3
2023-12-19 CVE-2023-50762 When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user.
network
low complexity
mozilla debian
4.3
4.3
2023-12-19 CVE-2023-6857 Race Condition vulnerability in multiple products
When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary.
network
high complexity
mozilla debian CWE-362
5.3
5.3
2023-12-19 CVE-2023-6860 The `VideoBridge` allowed any content process to use textures produced by remote decoders.
network
low complexity
mozilla debian
6.5
6.5