Mozilla

Thunderbird

1660 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
10

CVE-2021-4140

Exploit
  • EPSS 0.06%
  • Veröffentlicht 22.12.2022 20:15:12
  • Zuletzt bearbeitet 16.04.2025 16:15:19

It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

8.8

CVE-2022-0566

  • EPSS 0.25%
  • Veröffentlicht 22.12.2022 20:15:12
  • Zuletzt bearbeitet 16.04.2025 16:15:19

It may be possible for an attacker to craft an email message that causes Thunderbird to perform an out-of-bounds write of one byte when processing the message. This vulnerability affects Thunderbird < 91.6.1.

6.5

CVE-2022-1097

Exploit
  • EPSS 0.26%
  • Veröffentlicht 22.12.2022 20:15:12
  • Zuletzt bearbeitet 16.04.2025 16:15:19

<code>NSSToken</code> objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird < 91.8, Firefox...

6.5

CVE-2022-1196

Exploit
  • EPSS 0.2%
  • Veröffentlicht 22.12.2022 20:15:12
  • Zuletzt bearbeitet 16.04.2025 16:15:20

After a VR Process is destroyed, a reference to it may have been retained and used, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird < 91.8 and Firefox ESR < 91.8.

8.8

CVE-2020-15685

Exploit
  • EPSS 0.62%
  • Veröffentlicht 22.12.2022 20:15:11
  • Zuletzt bearbeitet 16.04.2025 15:15:45

During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. This vulnerability affects Thunderbird < 78.7.

6.5

CVE-2021-4126

  • EPSS 0.34%
  • Veröffentlicht 22.12.2022 20:15:11
  • Zuletzt bearbeitet 16.04.2025 16:15:18

When receiving an OpenPGP/MIME signed email message that contains an additional outer MIME message layer, for example a message footer added by a mailing list gateway, Thunderbird only considered the inner signed message for the signature validity. T...

9.8

CVE-2021-4127

Exploit
  • EPSS 0.7%
  • Veröffentlicht 22.12.2022 20:15:11
  • Zuletzt bearbeitet 16.04.2025 16:15:18

An out of date graphics library (Angle) likely contained vulnerabilities that could potentially be exploited. This vulnerability affects Thunderbird < 78.9 and Firefox ESR < 78.9.

6.5

CVE-2021-43545

  • EPSS 0.61%
  • Veröffentlicht 08.12.2021 22:15:10
  • Zuletzt bearbeitet 21.11.2024 06:29:24

Using the Location API in a loop could have caused severe application hangs and crashes. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.

4.3

CVE-2021-43546

  • EPSS 0.37%
  • Veröffentlicht 08.12.2021 22:15:10
  • Zuletzt bearbeitet 21.11.2024 06:29:24

It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.

4.3

CVE-2021-38508

  • EPSS 0.44%
  • Veröffentlicht 08.12.2021 22:15:09
  • Zuletzt bearbeitet 21.11.2024 06:17:16

By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the pe...