Mozilla

Thunderbird

1786 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.31%
  • Veröffentlicht 22.07.2025 20:49:25
  • Zuletzt bearbeitet 13.04.2026 15:17:09

Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user into executing unexpected code. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and...

  • EPSS 0.42%
  • Veröffentlicht 22.07.2025 20:49:25
  • Zuletzt bearbeitet 13.04.2026 15:17:10

Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1.

  • EPSS 0.22%
  • Veröffentlicht 22.07.2025 20:49:25
  • Zuletzt bearbeitet 13.04.2026 15:17:10

Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the `Secure` attribute. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, ...

  • EPSS 0.35%
  • Veröffentlicht 22.07.2025 20:49:24
  • Zuletzt bearbeitet 13.04.2026 15:17:08

On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1...

  • EPSS 0.47%
  • Veröffentlicht 22.07.2025 20:49:24
  • Zuletzt bearbeitet 13.04.2026 15:17:08

On arm64, a WASM `br_table` instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulnerability was fixed in Firefox 141, Firefox ESR 115....

  • EPSS 0.31%
  • Veröffentlicht 22.07.2025 20:49:24
  • Zuletzt bearbeitet 13.04.2026 15:17:08

Thunderbird executed `javascript:` URLs when used in `object` and `embed` tags. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.

  • EPSS 0.37%
  • Veröffentlicht 24.06.2025 12:28:04
  • Zuletzt bearbeitet 13.04.2026 15:17:08

If a user saved a response from the Network tab in Devtools using the Save As context menu option, that file may not have been saved with the `.download` file extension. This could have led to the user inadvertently running a malicious executable. Th...

  • EPSS 2.86%
  • Veröffentlicht 24.06.2025 12:28:04
  • Zuletzt bearbeitet 13.04.2026 15:17:08

Memory safety bugs present in Firefox 139 and Thunderbird 139. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed ...

  • EPSS 0.25%
  • Veröffentlicht 24.06.2025 12:27:59
  • Zuletzt bearbeitet 13.04.2026 15:17:06

An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability was fixed in ...

Medienbericht
  • EPSS 0.47%
  • Veröffentlicht 11.06.2025 12:07:50
  • Zuletzt bearbeitet 13.04.2026 15:17:05

A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. This behavior can be abused to fill the disk with garb...