Mozilla

Thunderbird

1542 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2024-4768

Exploit
  • EPSS 0.71%
  • Published 14.05.2024 18:15:14
  • Last modified 01.04.2025 18:00:09

A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

5.9

CVE-2024-4769

  • EPSS 0.69%
  • Published 14.05.2024 18:15:14
  • Last modified 01.04.2025 17:46:33

When importing resources using Web Workers, error messages would distinguish the difference between `application/javascript` responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affect...

8.8

CVE-2024-4770

Exploit
  • EPSS 0.43%
  • Published 14.05.2024 18:15:14
  • Last modified 01.04.2025 17:46:09

When saving a page to PDF, certain font styles could have led to a potential use-after-free crash. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

4.3

CVE-2024-4767

Exploit
  • EPSS 0.56%
  • Published 14.05.2024 18:15:13
  • Last modified 01.04.2025 17:47:50

If the `browser.privatebrowsing.autostart` preference is enabled, IndexedDB files were not properly deleted when the window was closed. This preference is disabled by default in Firefox. This vulnerability affects Firefox < 126, Firefox ESR < 115.11,...

8.8

CVE-2024-4367

  • EPSS 37.17%
  • Published 14.05.2024 18:15:12
  • Last modified 24.04.2025 19:15:46

A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

3.7

CVE-2024-3302

  • EPSS 0.1%
  • Published 16.04.2024 16:15:08
  • Last modified 01.04.2025 13:39:33

There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 1...

7.5

CVE-2024-3852

  • EPSS 1.02%
  • Published 16.04.2024 16:15:08
  • Last modified 01.04.2025 13:39:19

GetBoundName could return the wrong version of an object when JIT optimizations were applied. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.

8.8

CVE-2024-3854

  • EPSS 0.88%
  • Published 16.04.2024 16:15:08
  • Last modified 01.04.2025 14:11:53

In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.

7.8

CVE-2024-3857

  • EPSS 0.14%
  • Published 16.04.2024 16:15:08
  • Last modified 01.04.2025 14:16:11

The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free crashes during garbage collection. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.

5.9

CVE-2024-3859

  • EPSS 1.56%
  • Published 16.04.2024 16:15:08
  • Last modified 01.04.2025 14:22:25

On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could be triggered by a malformed OpenType font. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.