Mozilla

Thunderbird

1542 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2024-9397

  • EPSS 0.19%
  • Veröffentlicht 01.10.2024 16:15:10
  • Zuletzt bearbeitet 18.03.2025 16:15:26

A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.

5.3

CVE-2024-9398

  • EPSS 1.04%
  • Veröffentlicht 01.10.2024 16:15:10
  • Zuletzt bearbeitet 18.03.2025 20:15:25

By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed. This vulnerability affects Firefox < 131, Firefox ESR < 128....

7.5

CVE-2024-9399

  • EPSS 0.86%
  • Veröffentlicht 01.10.2024 16:15:10
  • Zuletzt bearbeitet 14.03.2025 16:15:39

A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < ...

7.5

CVE-2024-7652

  • EPSS 0.29%
  • Veröffentlicht 06.09.2024 19:15:12
  • Zuletzt bearbeitet 04.04.2025 14:38:20

An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbir...

6.5

CVE-2024-8394

  • EPSS 0.2%
  • Veröffentlicht 06.09.2024 17:15:18
  • Zuletzt bearbeitet 19.03.2025 18:15:23

When aborting the verification of an OTR chat session, an attacker could have caused a use-after-free bug leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 128.2.

9.8

CVE-2024-8387

  • EPSS 0.92%
  • Veröffentlicht 03.09.2024 13:15:05
  • Zuletzt bearbeitet 06.09.2024 17:15:18

Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vu...

9.6

CVE-2024-7519

  • EPSS 0.25%
  • Veröffentlicht 06.08.2024 13:15:57
  • Zuletzt bearbeitet 12.08.2024 16:04:20

Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, T...

8.8

CVE-2024-7520

  • EPSS 0.32%
  • Veröffentlicht 06.08.2024 13:15:57
  • Zuletzt bearbeitet 24.03.2025 17:15:19

A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.

8.8

CVE-2024-7521

  • EPSS 0.18%
  • Veröffentlicht 06.08.2024 13:15:57
  • Zuletzt bearbeitet 12.08.2024 16:05:10

Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.

8.8

CVE-2024-7522

  • EPSS 0.18%
  • Veröffentlicht 06.08.2024 13:15:57
  • Zuletzt bearbeitet 12.08.2024 16:06:05

Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.