Vulnerabilities > Mozilla > Thunderbird > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-19 | CVE-2023-50761 | The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. | 4.3 |
| 2023-12-19 | CVE-2023-50762 | When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. | 4.3 |
| 2023-12-19 | CVE-2023-6857 | Race Condition vulnerability in multiple products When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary. | 5.3 |
| 2023-12-19 | CVE-2023-6860 | The `VideoBridge` allowed any content process to use textures produced by remote decoders. | 6.5 |
| 2023-11-21 | CVE-2023-6204 | Out-of-bounds Read vulnerability in multiple products On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. | 6.5 |
| 2023-11-21 | CVE-2023-6205 | Use After Free vulnerability in multiple products It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. | 6.5 |
| 2023-11-21 | CVE-2023-6206 | Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. | 5.4 |
| 2023-11-21 | CVE-2023-6209 | Path Traversal vulnerability in multiple products Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. | 6.5 |
| 2023-10-25 | CVE-2023-5721 | Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. | 4.3 |
| 2023-10-25 | CVE-2023-5725 | A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data. | 4.3 |