Mozilla

Thunderbird

1542 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2025-8043

Exploit
  • EPSS 0.08%
  • Veröffentlicht 22.07.2025 20:49:28
  • Zuletzt bearbeitet 28.07.2025 14:05:27

Focus incorrectly truncated URLs towards the beginning instead of around the origin. This vulnerability affects Firefox < 141 and Thunderbird < 141.

6.5

CVE-2025-8033

  • EPSS 0.05%
  • Veröffentlicht 22.07.2025 20:49:27
  • Zuletzt bearbeitet 28.07.2025 18:42:05

The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. This vulnerability affects Firefox < 141, Firefox ESR < 115.26, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 1...

8.8

CVE-2025-8034

  • EPSS 0.06%
  • Veröffentlicht 22.07.2025 20:49:27
  • Zuletzt bearbeitet 30.07.2025 17:15:28

Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with ...

8.1

CVE-2025-8039

  • EPSS 0.05%
  • Veröffentlicht 22.07.2025 20:49:27
  • Zuletzt bearbeitet 28.07.2025 13:56:57

In some cases search terms persisted in the URL bar even after navigating away from the search page. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.

9.8

CVE-2025-8031

  • EPSS 0.15%
  • Veröffentlicht 22.07.2025 20:49:26
  • Zuletzt bearbeitet 15.08.2025 14:25:03

The `username:password` part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunde...

8.1

CVE-2025-8032

  • EPSS 0.07%
  • Veröffentlicht 22.07.2025 20:49:26
  • Zuletzt bearbeitet 28.07.2025 18:40:44

XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.

9.8

CVE-2025-8038

  • EPSS 0.03%
  • Veröffentlicht 22.07.2025 20:49:26
  • Zuletzt bearbeitet 29.09.2025 23:03:01

Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.

8.1

CVE-2025-8030

  • EPSS 0.05%
  • Veröffentlicht 22.07.2025 20:49:25
  • Zuletzt bearbeitet 28.07.2025 18:38:03

Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user into executing unexpected code. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13...

8.1

CVE-2025-8036

  • EPSS 0.05%
  • Veröffentlicht 22.07.2025 20:49:25
  • Zuletzt bearbeitet 29.09.2025 23:02:08

Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.

9.1

CVE-2025-8037

  • EPSS 0.02%
  • Veröffentlicht 22.07.2025 20:49:25
  • Zuletzt bearbeitet 28.07.2025 18:51:21

Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the `Secure` attribute. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, T...