Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
thunderbird esr vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2020-12387
A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Thunderbird
NA
CVE-2023-29545
Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user. *This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefo...
Mozilla Thunderbird
Mozilla Firefox Esr
Mozilla Firefox
NA
CVE-2023-25728
The <code>Content-Security-Policy-Report-Only</code> header could allow an malicious user to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firef...
Mozilla Firefox Esr
Mozilla Thunderbird
Mozilla Firefox
NA
CVE-2023-25729
Permission prompts for opening external schemes were only shown for <code>ContentPrincipals</code> resulting in extensions being able to open them without user interaction via <code>ExpandedPrincipals</code>. This could lead to further malicious actions su...
Mozilla Firefox Esr
Mozilla Thunderbird
Mozilla Firefox
NA
CVE-2023-25730
A background script invoking <code>requestFullscreen</code> and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 110, Thunderbird...
Mozilla Firefox Esr
Mozilla Thunderbird
Mozilla Firefox
NA
CVE-2023-25732
When encoding data from an <code>inputStream</code> in <code>xpcom</code> the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. This vulnerability affects Firefox < 110, Thunderbird < 1...
Mozilla Firefox Esr
Mozilla Thunderbird
Mozilla Firefox
NA
CVE-2023-25735
Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after unwrapping the proxy. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox E...
Mozilla Firefox Esr
Mozilla Thunderbird
Mozilla Firefox
NA
CVE-2023-25737
An invalid downcast from <code>nsTextNode</code> to <code>SVGElement</code> could have lead to undefined behavior. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
Mozilla Firefox Esr
Mozilla Thunderbird
Mozilla Firefox
NA
CVE-2023-25739
Module load requests that failed were not being checked as to whether or not they were cancelled causing a use-after-free in <code>ScriptLoadContext</code>. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
Mozilla Firefox Esr
Mozilla Thunderbird
Mozilla Firefox
NA
CVE-2023-25751
Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Thunderbird
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »