Filtered by vendor Mozilla Subscriptions
Filtered by product Thunderbird Subscriptions
Total 1397 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-11698 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2024-11-27 9.8 Critical
A flaw in handling fullscreen transitions may have inadvertently caused the application to become stuck in fullscreen mode when a modal dialog was opened during the transition. This issue left users unable to exit fullscreen mode using standard actions like pressing "Esc" or accessing right-click menus, resulting in a disrupted browsing experience until the browser is restarted. *This bug only affects the application when running on macOS. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
CVE-2024-11697 2 Mozilla, Redhat 9 Firefox, Firefox Esr, Thunderbird and 6 more 2024-11-27 8.8 High
When handling keypress events, an attacker may have been able to trick a user into bypassing the "Open Executable File?" confirmation dialog. This could have led to malicious code execution. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
CVE-2024-11693 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2024-11-27 9.8 Critical
The executable file warning was not presented when downloading .library-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
CVE-2024-11692 2 Mozilla, Redhat 9 Firefox, Firefox Esr, Thunderbird and 6 more 2024-11-27 4.3 Medium
An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
CVE-2024-11708 1 Mozilla 2 Firefox, Thunderbird 2024-11-27 6.5 Medium
Missing thread synchronization primitives could have led to a data race on members of the PlaybackParams structure. This vulnerability affects Firefox < 133 and Thunderbird < 133.
CVE-2024-9680 3 Debian, Mozilla, Redhat 10 Debian Linux, Firefox, Firefox Esr and 7 more 2024-11-26 9.8 Critical
An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0.
CVE-2024-1936 2 Mozilla, Redhat 6 Thunderbird, Enterprise Linux, Rhel Aus and 3 more 2024-11-26 7.5 High
The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the contaminated email message, the user might accidentally leak the confidential subject to a third-party. While this update fixes the bug and avoids future message contamination, it does not automatically repair existing contaminations. Users are advised to use the repair folder functionality, which is available from the context menu of email folders, which will erase incorrect subject assignments. This vulnerability affects Thunderbird < 115.8.1.
CVE-2023-32212 2 Mozilla, Redhat 8 Firefox, Firefox Esr, Thunderbird and 5 more 2024-11-25 4.3 Medium
An attacker could have positioned a <code>datalist</code> element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
CVE-2023-6205 3 Debian, Mozilla, Redhat 9 Debian Linux, Firefox, Firefox Esr and 6 more 2024-11-25 6.5 Medium
It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
CVE-2023-6862 3 Debian, Mozilla, Redhat 8 Debian Linux, Firefox Esr, Thunderbird and 5 more 2024-11-25 8.8 High
A use-after-free was identified in the `nsDNSService::Init`. This issue appears to manifest rarely during start-up. This vulnerability affects Firefox ESR < 115.6 and Thunderbird < 115.6.
CVE-2023-37201 3 Debian, Mozilla, Redhat 9 Debian Linux, Firefox, Firefox Esr and 6 more 2024-11-21 8.8 High
An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.
CVE-2023-37202 3 Debian, Mozilla, Redhat 9 Debian Linux, Firefox, Firefox Esr and 6 more 2024-11-21 8.8 High
Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.
CVE-2024-6615 1 Mozilla 2 Firefox, Thunderbird 2024-11-21 8.8 High
Memory safety bugs present in Firefox 127 and Thunderbird 127. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 128 and Thunderbird < 128.
CVE-2024-6610 1 Mozilla 2 Firefox, Thunderbird 2024-11-21 6.3 Medium
Form validation popups could capture escape key presses. Therefore, spamming form validation messages could be used to prevent users from exiting full-screen mode. This vulnerability affects Firefox < 128 and Thunderbird < 128.
CVE-2024-6609 1 Mozilla 2 Firefox, Thunderbird 2024-11-21 8.8 High
When almost out-of-memory an elliptic curve key which was never allocated could have been freed again. This vulnerability affects Firefox < 128 and Thunderbird < 128.
CVE-2024-6608 1 Mozilla 2 Firefox, Thunderbird 2024-11-21 4.3 Medium
It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor outside of the viewport and the Firefox window. This vulnerability affects Firefox < 128 and Thunderbird < 128.
CVE-2024-5691 2 Mozilla, Redhat 8 Firefox, Firefox Esr, Thunderbird and 5 more 2024-11-21 4.7 Medium
By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.
CVE-2024-5690 3 Debian, Mozilla, Redhat 9 Debian Linux, Firefox, Firefox Esr and 6 more 2024-11-21 4.3 Medium
By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.
CVE-2024-4367 2 Mozilla, Redhat 8 Firefox, Firefox Esr, Thunderbird and 5 more 2024-11-21 7.5 High
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
CVE-2024-1546 2 Mozilla, Redhat 8 Firefox, Firefox Esr, Thunderbird and 5 more 2024-11-21 7.5 High
When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.