Vulnerabilities > Mozilla > Thunderbird > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-12-19 CVE-2023-50761 The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time.
network
low complexity
mozilla debian
4.3
2023-12-19 CVE-2023-50762 When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user.
network
low complexity
mozilla debian
4.3
2023-12-19 CVE-2023-6857 Race Condition vulnerability in multiple products
When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary.
network
high complexity
mozilla debian CWE-362
5.3
2023-12-19 CVE-2023-6860 The `VideoBridge` allowed any content process to use textures produced by remote decoders.
network
low complexity
mozilla debian
6.5
2023-11-21 CVE-2023-6204 Out-of-bounds Read vulnerability in multiple products
On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element.
network
low complexity
mozilla debian CWE-125
6.5
2023-11-21 CVE-2023-6205 Use After Free vulnerability in multiple products
It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash.
network
low complexity
mozilla debian CWE-416
6.5
2023-11-21 CVE-2023-6206 Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products
The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts.
network
low complexity
mozilla debian CWE-1021
5.4
2023-11-21 CVE-2023-6209 Path Traversal vulnerability in multiple products
Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host.
network
low complexity
mozilla debian CWE-22
6.5
2023-10-25 CVE-2023-5721 Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products
It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay.
network
low complexity
mozilla debian CWE-1021
4.3
2023-10-25 CVE-2023-5725 A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data.
network
low complexity
mozilla debian
4.3