Vulnerabilities > Mozilla > Thunderbird > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-06-02 CVE-2023-23599 Improper Encoding or Escaping of Output vulnerability in Mozilla Firefox
When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within.
network
low complexity
mozilla CWE-116
6.5
2023-06-02 CVE-2023-23601 Origin Validation Error vulnerability in Mozilla Firefox
Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks.
network
low complexity
mozilla CWE-346
6.5
2023-06-02 CVE-2023-23602 Improper Check for Unusual or Exceptional Conditions vulnerability in Mozilla Firefox
A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored.
network
low complexity
mozilla CWE-754
6.5
2023-06-02 CVE-2023-23603 Unspecified vulnerability in Mozilla Firefox
Regular expressions used to filter out forbidden properties and values from style directives in calls to <code>console.log</code> weren't accounting for external URLs.
network
low complexity
mozilla
6.5
2023-06-02 CVE-2023-25728 Unspecified vulnerability in Mozilla Firefox ESR
The <code>Content-Security-Policy-Report-Only</code> header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect.
network
low complexity
mozilla
6.5
2023-06-02 CVE-2023-25730 Unspecified vulnerability in Mozilla Firefox ESR
A background script invoking <code>requestFullscreen</code> and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks.
network
low complexity
mozilla
5.4
2023-06-02 CVE-2023-25738 Out-of-bounds Read vulnerability in Mozilla Firefox
Members of the <code>DEVMODEW</code> struct set by the printer device driver weren't being validated and could have resulted in invalid values which in turn would cause the browser to attempt out of bounds access to related variables.<br>*This bug only affects Firefox on Windows.
network
low complexity
mozilla CWE-125
6.5
2023-06-02 CVE-2023-25742 Unspecified vulnerability in Mozilla Firefox ESR
When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash.
network
low complexity
mozilla
6.5
2023-06-02 CVE-2023-25751 Unspecified vulnerability in Mozilla Firefox
Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly.
network
low complexity
mozilla
6.5
2023-06-02 CVE-2023-25752 Unspecified vulnerability in Mozilla Firefox
When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds.
network
low complexity
mozilla
6.5