Mozilla

Thunderbird

1542 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2022-1834

  • EPSS 0.12%
  • Veröffentlicht 22.12.2022 20:15:13
  • Zuletzt bearbeitet 16.04.2025 16:15:21

When displaying the sender of an email, and the sender name contained the Braille Pattern Blank space character multiple times, Thunderbird would have displayed all the spaces. This could have been used by an attacker to send an email message with th...

9.8

CVE-2021-4129

Exploit
  • EPSS 0.3%
  • Veröffentlicht 22.12.2022 20:15:12
  • Zuletzt bearbeitet 16.04.2025 16:15:18

Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Firefox 94. Some of these bugs showed evidence of memory corruption and ...

10

CVE-2021-4140

Exploit
  • EPSS 0.05%
  • Veröffentlicht 22.12.2022 20:15:12
  • Zuletzt bearbeitet 16.04.2025 16:15:19

It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

8.8

CVE-2022-0566

  • EPSS 0.15%
  • Veröffentlicht 22.12.2022 20:15:12
  • Zuletzt bearbeitet 16.04.2025 16:15:19

It may be possible for an attacker to craft an email message that causes Thunderbird to perform an out-of-bounds write of one byte when processing the message. This vulnerability affects Thunderbird < 91.6.1.

6.5

CVE-2022-1097

Exploit
  • EPSS 0.13%
  • Veröffentlicht 22.12.2022 20:15:12
  • Zuletzt bearbeitet 16.04.2025 16:15:19

<code>NSSToken</code> objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird < 91.8, Firefox...

6.5

CVE-2022-1196

Exploit
  • EPSS 0.13%
  • Veröffentlicht 22.12.2022 20:15:12
  • Zuletzt bearbeitet 16.04.2025 16:15:20

After a VR Process is destroyed, a reference to it may have been retained and used, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird < 91.8 and Firefox ESR < 91.8.

8.8

CVE-2020-15685

Exploit
  • EPSS 0.42%
  • Veröffentlicht 22.12.2022 20:15:11
  • Zuletzt bearbeitet 16.04.2025 15:15:45

During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. This vulnerability affects Thunderbird < 78.7.

6.5

CVE-2021-4126

  • EPSS 0.16%
  • Veröffentlicht 22.12.2022 20:15:11
  • Zuletzt bearbeitet 16.04.2025 16:15:18

When receiving an OpenPGP/MIME signed email message that contains an additional outer MIME message layer, for example a message footer added by a mailing list gateway, Thunderbird only considered the inner signed message for the signature validity. T...

9.8

CVE-2021-4127

Exploit
  • EPSS 0.24%
  • Veröffentlicht 22.12.2022 20:15:11
  • Zuletzt bearbeitet 16.04.2025 16:15:18

An out of date graphics library (Angle) likely contained vulnerabilities that could potentially be exploited. This vulnerability affects Thunderbird < 78.9 and Firefox ESR < 78.9.

6.5

CVE-2021-43545

  • EPSS 0.61%
  • Veröffentlicht 08.12.2021 22:15:10
  • Zuletzt bearbeitet 21.11.2024 06:29:24

Using the Location API in a loop could have caused severe application hangs and crashes. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.