Filtered by vendor Mozilla
Subscriptions
Filtered by product Thunderbird
Subscriptions
Total
1350 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-7526 | 2 Mozilla, Redhat | 9 Firefox, Firefox Esr, Thunderbird and 6 more | 2024-09-17 | 7.5 High |
| ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. | ||||
| CVE-2002-2437 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2024-09-17 | N/A |
| The JavaScript implementation in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method. | ||||
| CVE-2009-4629 | 1 Mozilla | 2 Seamonkey, Thunderbird | 2024-09-17 | N/A |
| Mozilla Necko, as used in Thunderbird 3.0.1, SeaMonkey, and other applications, performs DNS prefetching even when the app type is APP_TYPE_MAIL or APP_TYPE_EDITOR, which makes it easier for remote attackers to determine the network location of the application's user by logging DNS requests, as demonstrated by DNS requests triggered by reading text/plain e-mail messages in Thunderbird. | ||||
| CVE-2009-4630 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2024-09-17 | N/A |
| Mozilla Necko, as used in Firefox, SeaMonkey, and other applications, performs DNS prefetching of domain names contained in links within local HTML documents, which makes it easier for remote attackers to determine the network location of the application's user by logging DNS requests. NOTE: the vendor disputes the significance of this issue, stating "I don't think we necessarily need to worry about that case." | ||||
| CVE-2005-2602 | 1 Mozilla | 2 Firefox, Thunderbird | 2024-09-16 | N/A |
| Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote attackers to obfuscate URIs via a long URI, which causes the address bar to go blank and could facilitate phishing attacks. | ||||
| CVE-2011-3671 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2024-09-16 | N/A |
| Use-after-free vulnerability in the nsHTMLSelectElement function in nsHTMLSelectElement.cpp in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allows remote attackers to execute arbitrary code via vectors involving removal of the parent node of an element. | ||||
| CVE-2024-6610 | 1 Mozilla | 2 Firefox, Thunderbird | 2024-09-12 | 4.3 Medium |
| Form validation popups could capture escape key presses. Therefore, spamming form validation messages could be used to prevent users from exiting full-screen mode. This vulnerability affects Firefox < 128 and Thunderbird < 128. | ||||
| CVE-2024-6609 | 1 Mozilla | 2 Firefox, Thunderbird | 2024-09-12 | 8.8 High |
| When almost out-of-memory an elliptic curve key which was never allocated could have been freed again. This vulnerability affects Firefox < 128 and Thunderbird < 128. | ||||
| CVE-2024-6608 | 1 Mozilla | 2 Firefox, Thunderbird | 2024-09-12 | 4.3 Medium |
| It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor outside of the viewport and the Firefox window. This vulnerability affects Firefox < 128 and Thunderbird < 128. | ||||
| CVE-2024-7652 | 2 Mozilla, Redhat | 8 Firefox, Firefox Esr, Thunderbird and 5 more | 2024-09-12 | 7.5 High |
| An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. | ||||
| CVE-2023-5728 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2024-09-11 | 7.5 High |
| During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. | ||||
| CVE-2023-5724 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2024-09-11 | 7.5 High |
| Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. | ||||
| CVE-2023-5721 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2024-09-11 | 4.3 Medium |
| It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. | ||||
| CVE-2023-5725 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2024-09-11 | 4.3 Medium |
| A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. | ||||
| CVE-2023-5726 | 2 Apple, Mozilla | 4 Macos, Firefox, Firefox Esr and 1 more | 2024-09-11 | 4.3 Medium |
| A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. *Note: This issue only affected macOS operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. | ||||
| CVE-2023-5727 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2024-09-11 | 6.5 Medium |
| The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. | ||||
| CVE-2023-5730 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2024-09-11 | 9.8 Critical |
| Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. | ||||
| CVE-2023-5732 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2024-09-11 | 6.5 Medium |
| An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. This vulnerability affects Firefox < 117, Firefox ESR < 115.4, and Thunderbird < 115.4.1. | ||||
| CVE-2024-8394 | 2 Mozilla, Redhat | 6 Thunderbird, Enterprise Linux, Rhel Aus and 3 more | 2024-09-11 | 6.5 Medium |
| When aborting the verification of an OTR chat session, an attacker could have caused a use-after-free bug leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 128.2. | ||||
| CVE-2024-8387 | 2 Mozilla, Redhat | 8 Firefox, Firefox Esr, Thunderbird and 5 more | 2024-09-06 | 9.8 Critical |
| Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2. | ||||