Vulnerabilities > Mozilla > Thunderbird > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-09-06 CVE-2024-8394 Use After Free vulnerability in Mozilla Thunderbird
When aborting the verification of an OTR chat session, an attacker could have caused a use-after-free bug leading to a potentially exploitable crash.
network
low complexity
mozilla CWE-416
6.5
2024-08-06 CVE-2024-7518 Unspecified vulnerability in Mozilla Firefox
Select options could obscure the fullscreen notification dialog.
network
low complexity
mozilla
6.5
2024-08-06 CVE-2024-7526 Use of Uninitialized Resource vulnerability in Mozilla Firefox
ANGLE failed to initialize parameters which lead to reading from uninitialized memory.
network
low complexity
mozilla CWE-908
6.5
2024-08-06 CVE-2024-7529 Unspecified vulnerability in Mozilla Firefox
The date picker could partially obscure security prompts.
network
low complexity
mozilla
6.5
2024-07-09 CVE-2024-6608 Unspecified vulnerability in Mozilla Firefox
It was possible to move the cursor using pointerlock from an iframe.
network
low complexity
mozilla
4.3
2024-07-09 CVE-2024-6610 Unspecified vulnerability in Mozilla Firefox
Form validation popups could capture escape key presses.
network
low complexity
mozilla
4.3
2024-06-11 CVE-2024-5690 Information Exposure Through Discrepancy vulnerability in multiple products
By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system.
network
low complexity
mozilla debian CWE-203
4.3
2024-06-11 CVE-2024-5691 Unspecified vulnerability in Mozilla Firefox
By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window.
network
low complexity
mozilla
4.7
2024-02-20 CVE-2024-1547 Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown).
network
low complexity
mozilla debian
6.5
2024-02-20 CVE-2024-1550 Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products
A malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant.
network
low complexity
mozilla debian CWE-1021
6.1