Vulnerabilities > Mozilla > Thunderbird > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-06-02 CVE-2023-29548 Unspecified vulnerability in Mozilla products
A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result.
network
low complexity
mozilla
6.5
2023-06-02 CVE-2023-32205 Unspecified vulnerability in Mozilla Firefox
In multiple cases browser prompts could have been obscured by popups controlled by content.
network
low complexity
mozilla
4.3
2023-06-02 CVE-2023-32206 Out-of-bounds Read vulnerability in Mozilla Firefox
An out-of-bound read could have led to a crash in the RLBox Expat driver.
network
low complexity
mozilla CWE-125
6.5
2023-06-02 CVE-2023-32211 Unspecified vulnerability in Mozilla Firefox
A type checking bug would have led to invalid code being compiled.
network
low complexity
mozilla
6.5
2023-06-02 CVE-2023-32212 Unspecified vulnerability in Mozilla Firefox
An attacker could have positioned a <code>datalist</code> element to obscure the address bar.
network
low complexity
mozilla
4.3
2022-12-22 CVE-2021-4126 Unspecified vulnerability in Mozilla Thunderbird
When receiving an OpenPGP/MIME signed email message that contains an additional outer MIME message layer, for example a message footer added by a mailing list gateway, Thunderbird only considered the inner signed message for the signature validity.
network
low complexity
mozilla
6.5
2022-12-22 CVE-2022-1097 Use After Free vulnerability in Mozilla Firefox ESR
<code>NSSToken</code> objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash.
network
low complexity
mozilla CWE-416
6.5
2022-12-22 CVE-2022-1196 Use After Free vulnerability in Mozilla Firefox ESR
After a VR Process is destroyed, a reference to it may have been retained and used, leading to a use-after-free and potentially exploitable crash.
network
low complexity
mozilla CWE-416
6.5
2022-12-22 CVE-2022-1197 Improper Certificate Validation vulnerability in Mozilla Thunderbird
When importing a revoked key that specified key compromise as the revocation reason, Thunderbird did not update the existing copy of the key that was not yet revoked, and the existing key was kept as non-revoked.
network
low complexity
mozilla CWE-295
5.4
2022-12-22 CVE-2022-1520 Unspecified vulnerability in Mozilla Thunderbird
When viewing an email message A, which contains an attached message B, where B is encrypted or digitally signed or both, Thunderbird may show an incorrect encryption or signature status.
network
low complexity
mozilla
4.3