VYPR

Thunderbird

by Mozilla Corporation

Source repositories

CVEs (1,863)

  • CVE-2026-8974HigMay 19, 2026
    risk 0.57cvss 8.8epss 0.00

    Memory safety bugs present in Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151, Firefox…

  • CVE-2026-8973HigMay 19, 2026
    risk 0.57cvss 8.8epss 0.00

    Memory safety bugs present in Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

  • CVE-2026-8972HigMay 19, 2026
    risk 0.57cvss 8.8epss 0.00

    Privilege escalation in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

  • CVE-2026-8970HigMay 19, 2026
    risk 0.57cvss 8.8epss 0.00

    Privilege escalation in the Security component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

  • CVE-2026-8957HigMay 19, 2026
    risk 0.57cvss 8.8epss 0.00

    Privilege escalation in the Enterprise Policies component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

  • CVE-2026-8955HigMay 19, 2026
    risk 0.57cvss 8.8epss 0.00

    Privilege escalation in the DOM: Workers component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

  • CVE-2026-8952HigMay 19, 2026
    risk 0.57cvss 8.8epss 0.00

    Privilege escalation in the Application Update component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

  • CVE-2026-6769HigApr 21, 2026
    risk 0.57cvss 8.8epss 0.00

    Privilege escalation in the Debugger component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

  • CVE-2026-6761HigApr 21, 2026
    risk 0.57cvss 8.8epss 0.00

    Privilege escalation in the Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

  • CVE-2026-6750HigApr 21, 2026
    risk 0.57cvss 8.8epss 0.00

    Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

  • CVE-2026-4722HigMar 24, 2026
    risk 0.57cvss 8.8epss 0.00

    Privilege escalation in the IPC component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.

  • CVE-2026-2798HigFeb 24, 2026
    risk 0.57cvss 8.8epss 0.00

    Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.

  • CVE-2026-2769HigFeb 24, 2026
    risk 0.57cvss 8.8epss 0.00

    Use-after-free in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

  • CVE-2026-2447HigFeb 16, 2026
    risk 0.57cvss 8.8epss 0.01

    Heap buffer overflow in libvpx. This vulnerability was fixed in Firefox 147.0.4, Firefox ESR 140.7.1, Firefox ESR 115.32.1, Thunderbird 140.7.2, and Thunderbird 147.0.2.

  • CVE-2026-0882HigJan 13, 2026
    risk 0.57cvss 8.8epss 0.00

    Use-after-free in the IPC component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

  • CVE-2026-0880HigJan 13, 2026
    risk 0.57cvss 8.8epss 0.01

    Sandbox escape due to integer overflow in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

  • CVE-2025-14329HigDec 9, 2025
    risk 0.57cvss 8.8epss 0.00

    Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.

  • CVE-2025-14328HigDec 9, 2025
    risk 0.57cvss 8.8epss 0.00

    Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.

  • CVE-2025-14323HigDec 9, 2025
    risk 0.57cvss 8.8epss 0.00

    Privilege escalation in the DOM: Notifications component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.

  • CVE-2025-13020HigNov 11, 2025
    risk 0.57cvss 8.8epss 0.00

    Use-after-free in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5.

Page 13 of 94