Vulnerabilities > Mozilla > Thunderbird > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-21 | CVE-2023-6206 | Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. | 5.4 |
| 2023-11-21 | CVE-2023-6209 | Path Traversal vulnerability in multiple products Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. | 6.5 |
| 2023-10-25 | CVE-2023-5721 | Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. | 4.3 |
| 2023-10-25 | CVE-2023-5725 | A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data. | 4.3 |
| 2023-10-25 | CVE-2023-5726 | Unspecified vulnerability in Mozilla Firefox A website could have obscured the full screen notification by using the file open dialog. | 4.3 |
| 2023-10-25 | CVE-2023-5727 | Unspecified vulnerability in Mozilla Firefox The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer. | 6.5 |
| 2023-10-25 | CVE-2023-5732 | An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. | 6.5 |
| 2023-09-27 | CVE-2023-5169 | Out-of-bounds Write vulnerability in multiple products A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. | 6.5 |
| 2023-09-27 | CVE-2023-5171 | Use After Free vulnerability in multiple products During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. | 6.5 |
| 2023-09-11 | CVE-2023-4574 | Use After Free vulnerability in Mozilla Thunderbird When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. | 6.5 |