Mozilla

Thunderbird

1584 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2020-12405

Exploit
  • EPSS 0.66%
  • Veröffentlicht 09.07.2020 15:15:10
  • Zuletzt bearbeitet 21.11.2024 04:59:39

When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.

8.8

CVE-2018-12371

Exploit
  • EPSS 0.5%
  • Veröffentlicht 09.07.2020 14:15:10
  • Zuletzt bearbeitet 25.11.2025 17:50:16

An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 16 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerabili...

5.5

CVE-2020-12392

  • EPSS 0.14%
  • Veröffentlicht 26.05.2020 18:15:11
  • Zuletzt bearbeitet 21.11.2024 04:59:37

The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resul...

9.8

CVE-2020-6831

  • EPSS 6.27%
  • Veröffentlicht 26.05.2020 18:15:11
  • Zuletzt bearbeitet 21.11.2024 05:36:15

A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.

8.1

CVE-2020-12387

  • EPSS 1%
  • Veröffentlicht 26.05.2020 18:15:10
  • Zuletzt bearbeitet 21.11.2024 04:59:37

A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.

7.8

CVE-2020-12393

  • EPSS 0.48%
  • Veröffentlicht 26.05.2020 17:15:10
  • Zuletzt bearbeitet 21.11.2024 04:59:37

The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted...

10

CVE-2020-12395

  • EPSS 1.28%
  • Veröffentlicht 26.05.2020 17:15:10
  • Zuletzt bearbeitet 21.11.2024 04:59:38

Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to...

4.3

CVE-2020-12397

  • EPSS 0.2%
  • Veröffentlicht 22.05.2020 19:15:15
  • Zuletzt bearbeitet 21.11.2024 04:59:38

By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. This vulnerability affects Thunderbird < 68.8.0.

8.1

CVE-2020-6819

Warnung Exploit
  • EPSS 0.33%
  • Veröffentlicht 24.04.2020 16:15:13
  • Zuletzt bearbeitet 04.11.2025 14:34:52

Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Fire...

8.1

CVE-2020-6820

Warnung
  • EPSS 5%
  • Veröffentlicht 24.04.2020 16:15:13
  • Zuletzt bearbeitet 04.11.2025 14:34:43

Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR ...