Mozilla

Thunderbird

1567 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2023-5732

  • EPSS 0.29%
  • Veröffentlicht 25.10.2023 18:17:44
  • Zuletzt bearbeitet 21.11.2024 08:42:22

An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. This vulnerability affects Firefox < 117, Firefox ESR < 115.4, and Thunderbird < 115.4.1.

4.3

CVE-2023-5721

  • EPSS 0.28%
  • Veröffentlicht 25.10.2023 18:17:43
  • Zuletzt bearbeitet 21.11.2024 08:42:21

It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.

8.8

CVE-2023-5217

Warnung Exploit
  • EPSS 4.84%
  • Veröffentlicht 28.09.2023 16:15:10
  • Zuletzt bearbeitet 24.10.2025 14:07:24

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

9.8

CVE-2023-5168

  • EPSS 0.26%
  • Veröffentlicht 27.09.2023 15:19:42
  • Zuletzt bearbeitet 01.05.2025 21:15:51

A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. *This bug only affects Firefox on Windows. Other operating s...

6.5

CVE-2023-5169

  • EPSS 0.32%
  • Veröffentlicht 27.09.2023 15:19:42
  • Zuletzt bearbeitet 21.11.2024 08:41:13

A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vulnerability affects Firefox < 118, Firefox ESR < 115...

6.5

CVE-2023-5171

  • EPSS 0.32%
  • Veröffentlicht 27.09.2023 15:19:42
  • Zuletzt bearbeitet 21.11.2024 08:41:13

During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and...

9.8

CVE-2023-5174

  • EPSS 0.28%
  • Veröffentlicht 27.09.2023 15:19:42
  • Zuletzt bearbeitet 05.05.2025 15:15:53

If Windows failed to duplicate a handle during process creation, the sandbox code may have inadvertently freed a pointer twice, resulting in a use-after-free and a potentially exploitable crash. *This bug only affects Firefox on Windows when run in n...

9.8

CVE-2023-5176

  • EPSS 0.67%
  • Veröffentlicht 27.09.2023 15:19:42
  • Zuletzt bearbeitet 01.05.2025 18:15:52

Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vu...

8.8

CVE-2023-4863

Warnung Exploit
  • EPSS 94.08%
  • Veröffentlicht 12.09.2023 15:15:24
  • Zuletzt bearbeitet 24.10.2025 14:07:28

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

6.5

CVE-2023-4574

  • EPSS 0.15%
  • Veröffentlicht 11.09.2023 09:15:09
  • Zuletzt bearbeitet 21.11.2024 08:35:27

When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use...