VYPR

Thunderbird

by Mozilla Corporation

Source repositories

CVEs (1,864)

  • CVE-2017-7830MedJun 11, 2018
    risk 0.42cvss 6.5epss 0.02

    The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.

  • CVE-2017-5407MedJun 11, 2018
    risk 0.42cvss 6.5epss 0.03

    Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and…

  • CVE-2016-10196HigMar 15, 2017
    risk 0.42cvss 7.5epss 0.05

    Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument.

  • CVE-2016-1523MedFeb 13, 2016
    risk 0.42cvss 6.5epss 0.02

    The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows remote attackers to cause a denial of service (missing initialization, NULL…

  • CVE-2026-6762MedApr 21, 2026
    risk 0.41cvss 6.3epss 0.00

    Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

  • CVE-2026-6757MedApr 21, 2026
    risk 0.41cvss 6.3epss 0.00

    Invalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

  • CVE-2025-3522MedApr 15, 2025
    risk 0.41cvss 6.3epss 0.00

    Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an email is opened, Thunderbird accesses the specified URL to determine file size, and navigates to it when the user clicks the attachment. Because the…

  • CVE-2025-2830MedApr 15, 2025
    risk 0.41cvss 6.3epss 0.00

    By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a new message. This vulnerability could allow attackers to disclose sensitive…

  • CVE-2025-13013MedNov 11, 2025
    risk 0.40cvss 6.1epss 0.00

    Mitigation bypass in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5.

  • CVE-2025-11712MedOct 14, 2025
    risk 0.40cvss 6.1epss 0.00

    A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This could have contributed to an XSS on a site that unsafely serves files without a content-type header.…

  • CVE-2025-10536MedSep 16, 2025
    risk 0.40cvss 6.2epss 0.00

    Information disclosure in the Networking: Cache component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.

  • CVE-2025-6430MedJun 24, 2025
    risk 0.40cvss 6.1epss 0.00

    When a file download is specified via the `Content-Disposition` header, that directive would be ignored if the file was included via a `<embed>` or `<object>` tag, potentially making a website vulnerable to a cross-site scripting attack. This vulnerability was fixed…

  • CVE-2022-45418MedDec 22, 2022
    risk 0.40cvss 6.1epss 0.01

    If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.

  • CVE-2022-45411MedDec 22, 2022
    risk 0.40cvss 6.1epss 0.01

    Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript (such as cookies protected by HTTPOnly). To mitigate this attack, browsers placed limits on…

  • CVE-2022-40956MedDec 22, 2022
    risk 0.40cvss 6.1epss 0.01

    When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.

  • CVE-2022-29912MedDec 22, 2022
    risk 0.40cvss 6.1epss 0.01

    Requests initiated through reader mode did not properly omit cookies with a SameSite attribute. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.

  • CVE-2022-29911MedDec 22, 2022
    risk 0.40cvss 6.1epss 0.01

    An improper implementation of the new iframe sandbox keyword allow-top-navigation-by-user-activation could lead to script execution without allow-scripts being present. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.

  • CVE-2021-43543MedDec 8, 2021
    risk 0.40cvss 6.1epss 0.01

    Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.

  • CVE-2020-26978MedJan 7, 2021
    risk 0.40cvss 6.1epss 0.01

    Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.

  • CVE-2020-26958MedDec 9, 2020
    risk 0.40cvss 6.1epss 0.01

    Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox <…

Page 46 of 94