Mozilla

Thunderbird

1786 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.29%
  • Veröffentlicht 09.12.2025 13:37:55
  • Zuletzt bearbeitet 13.04.2026 15:16:45

Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.

  • EPSS 0.52%
  • Veröffentlicht 09.12.2025 13:37:53
  • Zuletzt bearbeitet 13.04.2026 15:16:44

Use-after-free in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.

  • EPSS 0.34%
  • Veröffentlicht 14.10.2025 12:27:37
  • Zuletzt bearbeitet 13.04.2026 15:16:41

Memory safety bug present in Firefox 143 and Thunderbird 143. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 144 and T...

  • EPSS 0.31%
  • Veröffentlicht 14.10.2025 12:27:36
  • Zuletzt bearbeitet 13.04.2026 15:16:40

Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arb...

  • EPSS 0.22%
  • Veröffentlicht 14.10.2025 12:27:36
  • Zuletzt bearbeitet 13.04.2026 15:16:40

Links in a sandboxed iframe could open an external app on Android without the required "allow-" permission. This vulnerability was fixed in Firefox 144 and Thunderbird 144.

  • EPSS 0.33%
  • Veröffentlicht 14.10.2025 12:27:36
  • Zuletzt bearbeitet 13.04.2026 15:16:41

Starting in Thunderbird 143, the use of the native messaging API by web extensions on Windows could lead to crashes caused by use-after-free memory corruption. This vulnerability was fixed in Firefox 144 and Thunderbird 144.

  • EPSS 0.48%
  • Veröffentlicht 14.10.2025 12:27:35
  • Zuletzt bearbeitet 13.04.2026 15:16:39

Use-after-free in MediaTrackGraphImpl::GetInstance(). This vulnerability was fixed in Firefox 144, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.

  • EPSS 0.26%
  • Veröffentlicht 14.10.2025 12:27:35
  • Zuletzt bearbeitet 13.04.2026 15:16:39

A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This could have contributed to an XSS on a site that unsafely serves files w...

  • EPSS 0.33%
  • Veröffentlicht 14.10.2025 12:27:35
  • Zuletzt bearbeitet 13.04.2026 15:16:40

Insufficient escaping in the “Copy as cURL” feature could have been used to trick a user into executing unexpected code on Windows. This did not affect the application when running on other operating systems. This vulnerability was fixed in Firefox 1...

  • EPSS 0.39%
  • Veröffentlicht 14.10.2025 12:27:34
  • Zuletzt bearbeitet 13.04.2026 15:16:39

A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thu...