Mozilla

Thunderbird

1584 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2023-29532

  • EPSS 0.08%
  • Veröffentlicht 19.06.2023 10:15:09
  • Zuletzt bearbeitet 11.12.2024 16:15:08

A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update file can be replaced after the signature check, before the use, because t...

7.5

CVE-2023-32214

  • EPSS 0.23%
  • Veröffentlicht 19.06.2023 10:15:09
  • Zuletzt bearbeitet 21.11.2024 08:02:54

Protocol handlers `ms-cxh` and `ms-cxh-full` could have been leveraged to trigger a denial of service. *Note: This attack only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox < 113, Firefox ESR < 102.11,...

4.3

CVE-2023-32205

  • EPSS 0.19%
  • Veröffentlicht 02.06.2023 17:15:13
  • Zuletzt bearbeitet 21.11.2024 08:02:53

In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.1...

6.5

CVE-2023-32206

  • EPSS 0.19%
  • Veröffentlicht 02.06.2023 17:15:13
  • Zuletzt bearbeitet 21.11.2024 08:02:54

An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

8.8

CVE-2023-32207

  • EPSS 0.25%
  • Veröffentlicht 02.06.2023 17:15:13
  • Zuletzt bearbeitet 31.01.2025 16:15:29

A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

6.5

CVE-2023-32211

  • EPSS 0.14%
  • Veröffentlicht 02.06.2023 17:15:13
  • Zuletzt bearbeitet 21.11.2024 08:02:54

A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

4.3

CVE-2023-32212

  • EPSS 0.19%
  • Veröffentlicht 02.06.2023 17:15:13
  • Zuletzt bearbeitet 27.05.2025 17:15:24

An attacker could have positioned a `datalist` element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

8.8

CVE-2023-32213

  • EPSS 0.23%
  • Veröffentlicht 02.06.2023 17:15:13
  • Zuletzt bearbeitet 21.11.2024 08:02:54

When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

8.8

CVE-2023-32215

  • EPSS 0.25%
  • Veröffentlicht 02.06.2023 17:15:13
  • Zuletzt bearbeitet 27.05.2025 17:15:24

Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs sh...

8.8

CVE-2023-28162

  • EPSS 0.12%
  • Veröffentlicht 02.06.2023 17:15:12
  • Zuletzt bearbeitet 09.01.2025 16:15:34

While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.