VYPR

Thunderbird

by Mozilla Corporation

Source repositories

CVEs (1,864)

  • CVE-2023-32214HigJun 19, 2023
    risk 0.49cvss 7.5epss 0.01

    Protocol handlers `ms-cxh` and `ms-cxh-full` could have been leveraged to trigger a denial of service. *Note: This attack only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

  • CVE-2022-38476HigDec 22, 2022
    risk 0.49cvss 7.5epss 0.01

    A data race could occur in the PK11_ChangePW function, potentially leading to a use-after-free vulnerability. In Firefox, this lock protected the data when a user changed their master password. This vulnerability affects Firefox ESR < 102.2 and Thunderbird < 102.2.

  • CVE-2022-36319HigDec 22, 2022
    risk 0.49cvss 7.5epss 0.01

    When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12.

  • CVE-2022-26387HigDec 22, 2022
    risk 0.49cvss 7.5epss 0.01

    When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified and Firefox would not have noticed. This vulnerability affects Firefox < 98, Firefox ESR < 91.7,…

  • CVE-2022-22741HigDec 22, 2022
    risk 0.49cvss 7.5epss 0.01

    When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

  • CVE-2022-22737HigDec 22, 2022
    risk 0.49cvss 7.5epss 0.01

    Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

  • CVE-2021-38498HigNov 3, 2021
    risk 0.49cvss 7.5epss 0.01

    During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.

  • CVE-2021-29950HigJun 24, 2021
    risk 0.49cvss 7.5epss 0.01

    Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key import task. If the task runs into a failure, the secret key may remain in memory in its unprotected state. This vulnerability affects Thunderbird < 78.8.1.

  • CVE-2020-12398HigJul 9, 2020
    risk 0.49cvss 7.5epss 0.01

    If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection. This vulnerability affects Thunderbird < 68.9.0.

  • CVE-2020-6821HigApr 24, 2020
    risk 0.49cvss 7.5epss 0.01

    When reading from areas partially or fully outside the source resource with WebGL's copyTexSubImage method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive data disclosure. This…

  • CVE-2019-17011HigJan 8, 2020
    risk 0.49cvss 7.5epss 0.02

    Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.

  • CVE-2019-17010HigJan 8, 2020
    risk 0.49cvss 7.5epss 0.02

    Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox…

  • CVE-2019-11755HigSep 27, 2019
    risk 0.49cvss 7.5epss 0.01

    A crafted S/MIME message consisting of an inner encryption layer and an outer SignedData layer was shown as having a valid digital signature, although the signer might have had no access to the contents of the encrypted message, and might have stripped a different signature from…

  • CVE-2019-11729HigJul 23, 2019
    risk 0.49cvss 7.5epss 0.03

    Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

  • CVE-2019-11719HigJul 23, 2019
    risk 0.49cvss 7.5epss 0.02

    When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox <…

  • CVE-2019-11694HigJul 23, 2019
    risk 0.49cvss 7.5epss 0.02

    A vulnerability exists in the Windows sandbox where an uninitialized value in memory can be leaked to a renderer from a broker when making a call to access an otherwise unavailable file. This results in the potential leaking of information stored at that memory location. *Note:…

  • CVE-2018-18513HigApr 26, 2019
    risk 0.49cvss 7.5epss 0.01

    A crash can occur when processing a crafted S/MIME message or an XPI package containing a crafted signature. This can be used as a denial-of-service (DOS) attack because Thunderbird reopens the last seen message on restart, triggering the crash again. This vulnerability affects…

  • CVE-2018-12393HigFeb 28, 2019
    risk 0.49cvss 7.5epss 0.04

    A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. *Note: 64-bit…

  • CVE-2018-5184HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.02

    Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.

  • CVE-2018-5174HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.02

    In the Windows 10 April 2018 Update, Windows Defender SmartScreen honors the "SEE_MASK_FLAG_NO_UI" flag associated with downloaded files and will not show any UI. Files that are unknown and potentially dangerous will be allowed to run because SmartScreen will not prompt the user…

Page 34 of 94