Mozilla

Thunderbird

1542 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2024-7525

  • EPSS 0.1%
  • Veröffentlicht 06.08.2024 13:15:57
  • Zuletzt bearbeitet 12.08.2024 16:07:19

It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 12...

6.5

CVE-2024-7526

  • EPSS 0.2%
  • Veröffentlicht 06.08.2024 13:15:57
  • Zuletzt bearbeitet 17.09.2024 19:15:28

ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128....

8.8

CVE-2024-7527

  • EPSS 0.16%
  • Veröffentlicht 06.08.2024 13:15:57
  • Zuletzt bearbeitet 18.03.2025 19:15:47

Unexpected marking work at the start of sweeping could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.

8.8

CVE-2024-7528

  • EPSS 0.18%
  • Veröffentlicht 06.08.2024 13:15:57
  • Zuletzt bearbeitet 12.08.2024 16:10:00

Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.

6.5

CVE-2024-7529

  • EPSS 0.11%
  • Veröffentlicht 06.08.2024 13:15:57
  • Zuletzt bearbeitet 12.08.2024 16:09:09

The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and ...

6.5

CVE-2024-7518

  • EPSS 0.29%
  • Veröffentlicht 06.08.2024 13:15:56
  • Zuletzt bearbeitet 29.10.2024 20:35:43

Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.

9.8

CVE-2024-6611

  • EPSS 0.44%
  • Veröffentlicht 09.07.2024 15:15:13
  • Zuletzt bearbeitet 04.04.2025 14:42:22

A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox < 128 and Thunderbird < 128.

5.3

CVE-2024-6612

  • EPSS 0.2%
  • Veröffentlicht 09.07.2024 15:15:13
  • Zuletzt bearbeitet 04.04.2025 14:42:13

CSP violations generated links in the console tab of the developer tools, pointing to the violating resource. This caused a DNS prefetch which leaked that a CSP violation happened. This vulnerability affects Firefox < 128 and Thunderbird < 128.

5.5

CVE-2024-6613

  • EPSS 0.07%
  • Veröffentlicht 09.07.2024 15:15:13
  • Zuletzt bearbeitet 04.04.2025 14:42:07

The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox < 128 and Thunderbird < 128.

4.3

CVE-2024-6614

  • EPSS 0.2%
  • Veröffentlicht 09.07.2024 15:15:13
  • Zuletzt bearbeitet 04.04.2025 14:42:01

The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox < 128 and Thunderbird < 128.