VYPR

Thunderbird

by Mozilla Corporation

Source repositories

CVEs (1,863)

  • CVE-2025-0247CriJan 7, 2025
    risk 0.65cvss 9.8epss 0.09

    Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 134 and…

  • CVE-2013-6671CriDec 11, 2013
    risk 0.65cvss 9.8epss 0.11

    The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements.

  • CVE-2013-5618CriDec 11, 2013
    risk 0.65cvss 9.8epss 0.10

    Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute…

  • CVE-2026-8956CriMay 19, 2026
    risk 0.64cvss 9.8epss 0.01

    Integer overflow in the Networking: JAR component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

  • CVE-2026-8094CriMay 7, 2026
    risk 0.64cvss 9.8epss 0.00

    Other issue in the WebRTC component. This vulnerability was fixed in Firefox ESR 140.10.2 and Thunderbird 140.10.2.

  • CVE-2026-8091CriMay 7, 2026
    risk 0.64cvss 9.8epss 0.00

    Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, Thunderbird 140.10.1, and Firefox ESR 115.35.2.

  • CVE-2026-6771CriApr 21, 2026
    risk 0.64cvss 9.8epss 0.00

    Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

  • CVE-2026-6768CriApr 21, 2026
    risk 0.64cvss 9.8epss 0.00

    Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

  • CVE-2026-6760CriApr 21, 2026
    risk 0.64cvss 9.8epss 0.00

    Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

  • CVE-2026-6748CriApr 21, 2026
    risk 0.64cvss 9.8epss 0.00

    Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

  • CVE-2026-5735CriApr 7, 2026
    risk 0.64cvss 9.8epss 0.00

    Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149.0.2…

  • CVE-2026-5734CriApr 7, 2026
    risk 0.64cvss 9.8epss 0.00

    Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This…

  • CVE-2026-5731CriApr 7, 2026
    risk 0.64cvss 9.8epss 0.00

    Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to…

  • CVE-2026-4729CriMar 24, 2026
    risk 0.64cvss 9.8epss 0.00

    Memory safety bugs present in Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149 and…

  • CVE-2026-4723CriMar 24, 2026
    risk 0.64cvss 9.8epss 0.00

    Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.

  • CVE-2026-4721CriMar 24, 2026
    risk 0.64cvss 9.8epss 0.00

    Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary…

  • CVE-2026-4720CriMar 24, 2026
    risk 0.64cvss 9.8epss 0.00

    Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This…

  • CVE-2026-4717CriMar 24, 2026
    risk 0.64cvss 9.8epss 0.00

    Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

  • CVE-2026-4711CriMar 24, 2026
    risk 0.64cvss 9.8epss 0.00

    Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

  • CVE-2026-4710CriMar 24, 2026
    risk 0.64cvss 9.8epss 0.00

    Incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Page 2 of 94