Vulnerabilities > Mozilla > Thunderbird > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-11 | CVE-2023-4575 | Use After Free vulnerability in Mozilla Thunderbird When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. | 6.5 |
| 2023-09-11 | CVE-2023-4577 | Unspecified vulnerability in Mozilla Thunderbird When `UpdateRegExpStatics` attempted to access `initialStringHeap` it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash. | 6.5 |
| 2023-09-11 | CVE-2023-4578 | Allocation of Resources Without Limits or Throttling vulnerability in Mozilla Thunderbird When calling `JS::CheckRegExpSyntax` a Syntax Error could have been set which would end in calling `convertToRuntimeErrorAndClear`. | 6.5 |
| 2023-09-11 | CVE-2023-4580 | Missing Encryption of Sensitive Data vulnerability in Mozilla Thunderbird Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. | 6.5 |
| 2023-09-11 | CVE-2023-4581 | Unspecified vulnerability in Mozilla Thunderbird Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm. | 4.3 |
| 2023-09-11 | CVE-2023-4573 | Use After Free vulnerability in Mozilla Thunderbird When receiving rendering data over IPC `mStream` could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. | 6.5 |
| 2023-07-05 | CVE-2023-37207 | Unsafe Reflection vulnerability in multiple products A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. | 6.5 |
| 2023-06-19 | CVE-2023-29545 | Unspecified vulnerability in Mozilla Thunderbird Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user. | 6.5 |
| 2023-06-19 | CVE-2023-29532 | Unspecified vulnerability in Mozilla Firefox A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. | 5.5 |
| 2023-06-02 | CVE-2023-0430 | Improper Certificate Validation vulnerability in Mozilla Thunderbird Certificate OCSP revocation status was not checked when verifying S/Mime signatures. | 6.5 |