Vulnerabilities > Mozilla > Thunderbird > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-09-27 CVE-2023-5171 Use After Free vulnerability in multiple products
During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash.
network
low complexity
mozilla debian fedoraproject CWE-416
6.5
2023-09-11 CVE-2023-4574 Use After Free vulnerability in Mozilla Thunderbird
When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished.
network
low complexity
mozilla CWE-416
6.5
2023-09-11 CVE-2023-4575 Use After Free vulnerability in Mozilla Thunderbird
When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished.
network
low complexity
mozilla CWE-416
6.5
2023-09-11 CVE-2023-4577 Unspecified vulnerability in Mozilla Thunderbird
When `UpdateRegExpStatics` attempted to access `initialStringHeap` it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash.
network
low complexity
mozilla
6.5
2023-09-11 CVE-2023-4578 Allocation of Resources Without Limits or Throttling vulnerability in Mozilla Thunderbird
When calling `JS::CheckRegExpSyntax` a Syntax Error could have been set which would end in calling `convertToRuntimeErrorAndClear`.
network
low complexity
mozilla CWE-770
6.5
2023-09-11 CVE-2023-4580 Missing Encryption of Sensitive Data vulnerability in Mozilla Thunderbird
Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information.
network
low complexity
mozilla CWE-311
6.5
2023-09-11 CVE-2023-4581 Unspecified vulnerability in Mozilla Thunderbird
Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm.
network
low complexity
mozilla
4.3
2023-09-11 CVE-2023-4573 Use After Free vulnerability in Mozilla Thunderbird
When receiving rendering data over IPC `mStream` could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash.
network
low complexity
mozilla CWE-416
6.5
2023-07-05 CVE-2023-37207 Unsafe Reflection vulnerability in multiple products
A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL.
network
low complexity
mozilla debian CWE-470
6.5
2023-06-19 CVE-2023-29545 Unspecified vulnerability in Mozilla Thunderbird
Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user.
network
low complexity
mozilla
6.5