VYPR

Thunderbird

by Mozilla Corporation

Source repositories

CVEs (1,864)

  • CVE-2020-12393HigMay 26, 2020
    risk 0.51cvss 7.8epss 0.01

    The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in command injection and…

  • CVE-2019-17009HigJan 8, 2020
    risk 0.51cvss 7.8epss 0.00

    When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to locate and exploit a vulnerability in file handling in the updater service. *Note: This attack requires local system access and only affects…

  • CVE-2018-12379HigOct 18, 2018
    risk 0.51cvss 7.8epss 0.00

    When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in…

  • CVE-2017-7814HigJun 11, 2018
    risk 0.51cvss 7.8epss 0.01

    File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious sites to lure users into downloading executables…

  • CVE-2017-7755HigJun 11, 2018
    risk 0.51cvss 7.8epss 0.01

    The Firefox installer on Windows can be made to load malicious DLL files stored in the same directory as the installer when it is run. This allows privileged execution if the installer is run with elevated privileges. Note: This attack only affects Windows operating systems.…

  • CVE-2025-3033HigApr 1, 2025
    risk 0.50cvss 7.7epss 0.00

    After selecting a malicious Windows `.url` shortcut from the local filesystem, an unexpected file could be uploaded. *This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability was fixed in Firefox 137 and Thunderbird 137.

  • CVE-2025-0241HigJan 7, 2025
    risk 0.50cvss 7.7epss 0.01

    When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6.

  • CVE-2016-9900HigJun 11, 2018
    risk 0.50cvss 7.5epss 0.10

    External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.

  • CVE-2016-9066HigJun 11, 2018
    risk 0.50cvss 7.5epss 0.12

    A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.

  • CVE-2026-12317HigJun 16, 2026
    risk 0.49cvss 7.5epss 0.00

    Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152 and Thunderbird 152.

  • CVE-2026-12314HigJun 16, 2026
    risk 0.49cvss 7.5epss 0.00

    Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.

  • CVE-2026-12312HigJun 16, 2026
    risk 0.49cvss 7.5epss 0.00

    Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.

  • CVE-2026-12310HigJun 16, 2026
    risk 0.49cvss 7.5epss 0.00

    Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.

  • CVE-2026-12305HigJun 16, 2026
    risk 0.49cvss 7.5epss 0.00

    Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.

  • CVE-2026-8968HigMay 19, 2026
    risk 0.49cvss 7.5epss 0.00

    Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

  • CVE-2026-8967HigMay 19, 2026
    risk 0.49cvss 7.5epss 0.00

    Information disclosure in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

  • CVE-2026-8966HigMay 19, 2026
    risk 0.49cvss 7.5epss 0.00

    Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

  • CVE-2026-8965HigMay 19, 2026
    risk 0.49cvss 7.5epss 0.00

    Information disclosure in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

  • CVE-2026-8964HigMay 19, 2026
    risk 0.49cvss 7.5epss 0.00

    Spoofing issue in the Popup Blocker component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

  • CVE-2026-8963HigMay 19, 2026
    risk 0.49cvss 7.5epss 0.00

    Spoofing issue in the Web Speech component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

Page 30 of 94