VYPR

Thunderbird

by Mozilla Corporation

Source repositories

CVEs (1,864)

  • CVE-2025-9181MedAug 19, 2025
    risk 0.42cvss 6.5epss 0.00

    Uninitialized memory in the JavaScript Engine component. This vulnerability was fixed in Firefox 142, Firefox ESR 128.14, Firefox ESR 140.2, Thunderbird 142, Thunderbird 128.14, and Thunderbird 140.2.

  • CVE-2025-8033MedJul 22, 2025
    risk 0.42cvss 6.5epss 0.00

    The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and…

  • CVE-2025-8027MedJul 22, 2025
    risk 0.42cvss 6.5epss 0.00

    On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141,…

  • CVE-2025-6429MedJun 24, 2025
    risk 0.42cvss 6.5epss 0.00

    Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an `embed` tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability was fixed in…

  • CVE-2025-5986MedJun 11, 2025
    risk 0.42cvss 6.5epss 0.00

    A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. This behavior can be abused to fill the disk with garbage data (e.g. using…

  • CVE-2025-5271MedMay 27, 2025
    risk 0.42cvss 6.5epss 0.00

    Previewing a response in Devtools ignored CSP headers, which could have allowed content injection attacks. This vulnerability was fixed in Firefox 139 and Thunderbird 139.

  • CVE-2025-3932MedMay 14, 2025
    risk 0.42cvss 6.5epss 0.00

    It was possible to craft an email that showed a tracking link as an attachment. If the user attempted to open the attachment, Thunderbird automatically accessed the link. The configuration to block remote content did not prevent that. Thunderbird has been fixed to no longer…

  • CVE-2025-4092MedApr 29, 2025
    risk 0.42cvss 6.5epss 0.00

    Memory safety bugs present in Firefox 137 and Thunderbird 137. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 138 and…

  • CVE-2025-4088MedApr 29, 2025
    risk 0.42cvss 6.5epss 0.00

    A security vulnerability in Thunderbird allowed malicious sites to use redirects to send credentialed requests to arbitrary endpoints on any site that had invoked the Storage Access API. This enabled potential Cross-Site Request Forgery attacks across origins. This vulnerability…

  • CVE-2025-4086MedApr 29, 2025
    risk 0.42cvss 6.5epss 0.00

    A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. *This bug only affects Thunderbird for Android. Other versions of Thunderbird are unaffected.*. This vulnerability was…

  • CVE-2025-3523MedApr 15, 2025
    risk 0.42cvss 6.4epss 0.00

    When an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL header, only the last link is shown when hovering over any attachment. Although the correct link is used on click, the misleading hover text could trick users into…

  • CVE-2025-3031MedApr 1, 2025
    risk 0.42cvss 6.5epss 0.00

    An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function. This vulnerability was fixed in Firefox 137 and Thunderbird 137.

  • CVE-2025-3028MedApr 1, 2025
    risk 0.42cvss 6.5epss 0.01

    JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. This vulnerability was fixed in Firefox 137, Firefox ESR 115.22, Firefox ESR 128.9, Thunderbird 137, and Thunderbird 128.9.

  • CVE-2025-1938MedMar 4, 2025
    risk 0.42cvss 6.5epss 0.00

    Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability…

  • CVE-2025-1934MedMar 4, 2025
    risk 0.42cvss 6.5epss 0.00

    It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage collection when the engine was not expecting it. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.

  • CVE-2025-1013MedFeb 4, 2025
    risk 0.42cvss 6.5epss 0.00

    A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have resulted in a potential privacy leak. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.

  • CVE-2025-0510MedFeb 4, 2025
    risk 0.42cvss 6.5epss 0.00

    Thunderbird displayed an incorrect sender address if the From field of an email used the invalid group name syntax that is described in CVE-2024-49040. This vulnerability was fixed in Thunderbird 128.7 and Thunderbird 135.

  • CVE-2025-0242MedJan 7, 2025
    risk 0.42cvss 6.5epss 0.13

    Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to…

  • CVE-2024-0753MedJan 23, 2024
    risk 0.42cvss 6.5epss 0.01

    In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.

  • CVE-2024-0747MedJan 23, 2024
    risk 0.42cvss 6.5epss 0.01

    When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.

Page 39 of 94