Vulnerabilities > Mozilla > Thunderbird > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-24 | CVE-2021-23993 | Improper Verification of Cryptographic Signature vulnerability in Mozilla Thunderbird An attacker may perform a DoS attack to prevent a user from sending encrypted email to a correspondent. | 6.5 |
| 2021-06-24 | CVE-2021-23998 | Insufficient Verification of Data Authenticity vulnerability in Mozilla Thunderbird Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. | 6.5 |
| 2021-06-24 | CVE-2021-29945 | Incorrect Calculation vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. | 6.5 |
| 2021-06-24 | CVE-2021-29951 | Improper Privilege Management vulnerability in Mozilla Firefox The Mozilla Maintenance Service granted SERVICE_START access to BUILTIN|Users which, in a domain network, grants normal remote users access to start or stop the service. | 6.5 |
| 2021-06-24 | CVE-2021-29956 | Cleartext Storage of Sensitive Information vulnerability in Mozilla Thunderbird OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were stored unencrypted on the user's local disk. | 4.3 |
| 2021-06-24 | CVE-2021-29957 | Unspecified vulnerability in Mozilla Thunderbird If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the message are protected. | 4.3 |
| 2021-03-31 | CVE-2021-23984 | Authentication Bypass by Spoofing vulnerability in Mozilla Firefox A malicious extension could have opened a popup window lacking an address bar. | 6.5 |
| 2021-03-31 | CVE-2021-23982 | Inadequate Encryption Strength vulnerability in Mozilla Firefox Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRTC connections. | 6.5 |
| 2021-02-26 | CVE-2021-23953 | Unspecified vulnerability in Mozilla Firefox If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. | 4.3 |
| 2021-02-26 | CVE-2021-23973 | Information Exposure Through an Error Message vulnerability in multiple products When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. | 6.5 |