Search for packages
| purl | pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1 |
| Next non-vulnerable version | 1:140.9.0esr-1~deb12u1 |
| Latest non-vulnerable version | 1:140.9.0esr-1~deb12u1 |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-13he-qsr4-h3d4
Aliases: CVE-2026-4709 |
Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-15j8-br8z-juf3
Aliases: CVE-2026-3889 |
Spoofing issue in Thunderbird. This vulnerability affects Thunderbird < 149 and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-1fv1-edht-ufag
Aliases: CVE-2026-4715 |
Uninitialized memory in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-1hay-xe3q-gyb4
Aliases: CVE-2026-2789 |
Use-after-free in the Graphics: ImageLib component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Affected by 39 other vulnerabilities. |
|
VCID-1u8u-pnq3-t7ae
Aliases: CVE-2026-2757 |
Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Affected by 39 other vulnerabilities. |
|
VCID-1v2s-g46y-ybdc
Aliases: CVE-2026-2792 |
Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
Affected by 39 other vulnerabilities. |
|
VCID-23eu-22t2-cydd
Aliases: CVE-2026-4714 |
Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-26d3-ctnj-7kbh
Aliases: CVE-2026-4691 |
Use-after-free in the CSS Parsing and Computation component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-289s-f2w6-53g9
Aliases: CVE-2026-4716 |
Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-351y-4nek-u3aw
Aliases: CVE-2026-4698 |
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-3gmj-y8qd-ufej
Aliases: CVE-2026-2787 |
Use-after-free in the DOM: Window and Location component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Affected by 39 other vulnerabilities. |
|
VCID-3grf-hwk1-3fh8
Aliases: CVE-2026-4719 |
Incorrect boundary conditions in the Graphics: Text component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-3kd3-hwzv-efbn
Aliases: CVE-2026-4721 |
Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
Affected by 0 other vulnerabilities. |
|
VCID-3sg3-9yx7-fufa
Aliases: CVE-2026-2790 |
Same-origin policy bypass in the Networking: JAR component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Affected by 39 other vulnerabilities. |
|
VCID-3xgu-7evz-mffw
Aliases: CVE-2026-4705 |
Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-4q6w-tdk9-d3an
Aliases: CVE-2026-4720 |
Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
Affected by 0 other vulnerabilities. |
|
VCID-4xqc-36jb-63c2
Aliases: CVE-2026-2786 |
Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Affected by 39 other vulnerabilities. |
|
VCID-5ept-fu7g-8kes
Aliases: CVE-2026-2780 |
Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Affected by 39 other vulnerabilities. |
|
VCID-646f-ndeq-5bee
Aliases: CVE-2026-4687 |
Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-675n-7uzz-pqdj
Aliases: CVE-2026-4688 |
Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-6cx1-8t9m-u3av
Aliases: CVE-2026-0886 |
Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. |
Affected by 39 other vulnerabilities. |
|
VCID-6fsa-bnes-tkff
Aliases: CVE-2026-2765 |
Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Affected by 39 other vulnerabilities. |
|
VCID-6mur-mtfg-97gt
Aliases: CVE-2026-4371 |
A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird or leaking sensitive data. |
Affected by 0 other vulnerabilities. |
|
VCID-77y6-jskt-qucb
Aliases: CVE-2025-59375 |
libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing. |
Affected by 0 other vulnerabilities. |
|
VCID-7wmw-hpfw-vuaa
Aliases: CVE-2026-2761 |
Sandbox escape in the Graphics: WebRender component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Affected by 39 other vulnerabilities. |
|
VCID-8qyy-e4jt-rbc4
Aliases: CVE-2026-4695 |
Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-8u4y-zrhv-8fe9
Aliases: CVE-2026-0887 |
Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. |
Affected by 39 other vulnerabilities. |
|
VCID-8vka-qus2-tbhj
Aliases: CVE-2026-2447 |
Heap buffer overflow in libvpx. This vulnerability affects Firefox < 147.0.4, Firefox ESR < 140.7.1, Firefox ESR < 115.32.1, Thunderbird < 140.7.2, and Thunderbird < 147.0.2. |
Affected by 0 other vulnerabilities. |
|
VCID-8xek-k5y2-6bfp
Aliases: CVE-2026-4689 |
Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-8zy6-g8kn-hbdc
Aliases: CVE-2026-2775 |
Mitigation bypass in the DOM: HTML Parser component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Affected by 39 other vulnerabilities. |
|
VCID-9zxb-j4ep-n7g9
Aliases: CVE-2026-2791 |
Mitigation bypass in the Networking: Cache component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Affected by 39 other vulnerabilities. |
|
VCID-a98z-hwzc-wkcj
Aliases: CVE-2026-0882 |
Use-after-free in the IPC component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. |
Affected by 39 other vulnerabilities. |
|
VCID-azdd-vdn3-kffy
Aliases: CVE-2026-2758 |
Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Affected by 39 other vulnerabilities. |
|
VCID-b4bq-q3ga-3ff1
Aliases: CVE-2026-4707 |
Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-b5jm-57h2-2qcs
Aliases: CVE-2026-2764 |
JIT miscompilation, use-after-free in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Affected by 39 other vulnerabilities. |
|
VCID-b6sf-z5tm-4uau
Aliases: CVE-2026-4696 |
Use-after-free in the Layout: Text and Fonts component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-b8dx-232z-qbbc
Aliases: CVE-2026-2779 |
Incorrect boundary conditions in the Networking: JAR component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Affected by 39 other vulnerabilities. |
|
VCID-cpez-x3zd-p7bu
Aliases: CVE-2026-2785 |
Invalid pointer in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Affected by 39 other vulnerabilities. |
|
VCID-deth-9krh-kufj
Aliases: CVE-2026-0890 |
Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. |
Affected by 39 other vulnerabilities. |
|
VCID-dxwp-5jfs-nuew
Aliases: CVE-2026-2778 |
Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Affected by 39 other vulnerabilities. |
|
VCID-e2k8-m9sm-8uek
Aliases: CVE-2026-4699 |
Incorrect boundary conditions in the Layout: Text and Fonts component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-ft6u-geds-fua9
Aliases: CVE-2026-4702 |
JIT miscompilation in the JavaScript Engine component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-gcnq-avax-aqcv
Aliases: CVE-2026-2776 |
Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Affected by 39 other vulnerabilities. |
|
VCID-gkva-6cu9-7keg
Aliases: CVE-2026-4692 |
Sandbox escape in the Responsive Design Mode component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-h2gc-zk2a-1fg6
Aliases: CVE-2026-0884 |
Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. |
Affected by 39 other vulnerabilities. |
|
VCID-hsc9-up4x-nbgs
Aliases: CVE-2026-2762 |
Integer overflow in the JavaScript: Standard Library component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Affected by 39 other vulnerabilities. |
|
VCID-hshc-4xnc-gug4
Aliases: CVE-2026-4704 |
Denial-of-service in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-hstd-23qm-bqdg
Aliases: CVE-2026-4717 |
Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-j1hb-8jjy-tqgq
Aliases: CVE-2026-4693 |
Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-jybh-8px4-pqau
Aliases: CVE-2026-0885 |
Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. |
Affected by 39 other vulnerabilities. |
|
VCID-kk2m-2mxz-sbex
Aliases: CVE-2025-14327 |
Spoofing issue in the Downloads Panel component. This vulnerability affects Firefox < 146, Thunderbird < 146, Firefox ESR < 140.7, and Thunderbird < 140.7. |
Affected by 39 other vulnerabilities. |
|
VCID-kuwd-6tcg-fuha
Aliases: CVE-2026-4713 |
Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-m3mp-su9k-sfhs
Aliases: CVE-2026-2763 |
Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Affected by 39 other vulnerabilities. |
|
VCID-m6uv-91wz-xfdv
Aliases: CVE-2026-4700 |
Mitigation bypass in the Networking: HTTP component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-menq-g5ce-1yd8
Aliases: CVE-2026-2793 |
Memory safety bugs present in Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
Affected by 39 other vulnerabilities. |
|
VCID-mm6w-kpe8-4kg3
Aliases: CVE-2026-4684 |
Race condition, use-after-free in the Graphics: WebRender component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-mn6j-2wd1-ukfb
Aliases: CVE-2026-2774 |
Integer overflow in the Audio/Video component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Affected by 39 other vulnerabilities. |
|
VCID-ndd4-kd1y-z7ep
Aliases: CVE-2026-0878 |
Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. |
Affected by 39 other vulnerabilities. |
|
VCID-nhsr-4zux-2bck
Aliases: CVE-2026-2769 |
Use-after-free in the Storage: IndexedDB component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Affected by 39 other vulnerabilities. |
|
VCID-nkpq-9gd6-nuc4
Aliases: CVE-2026-0891 |
Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
Affected by 39 other vulnerabilities. |
|
VCID-ntqr-ptmu-yuen
Aliases: CVE-2026-2767 |
Use-after-free in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Affected by 39 other vulnerabilities. |
|
VCID-nvsz-9s3r-nbhq
Aliases: CVE-2026-4718 |
Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-p9zh-7wyj-hffm
Aliases: CVE-2026-2771 |
Undefined behavior in the DOM: Core & HTML component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Affected by 39 other vulnerabilities. |
|
VCID-pemg-ndu8-wbbc
Aliases: CVE-2026-0879 |
Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. |
Affected by 39 other vulnerabilities. |
|
VCID-q1pv-avug-juef
Aliases: CVE-2026-2777 |
Privilege escalation in the Messaging System component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Affected by 39 other vulnerabilities. |
|
VCID-qcxw-ds31-3ubd
Aliases: CVE-2026-0818 |
When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted contents were rendered in a context in which the CSS styles from the outer messages were active. If the user had additionally allowed loading of the remote content referenced by the outer email message, and the email was crafted by the sender using a combination of CSS rules and fonts and animations, then it was possible to extract the secret contents of the email. |
Affected by 39 other vulnerabilities. |
|
VCID-qkks-24cp-gqg2
Aliases: CVE-2026-4706 |
Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-qm8f-f8nr-qba9
Aliases: CVE-2026-0880 |
Sandbox escape due to integer overflow in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. |
Affected by 39 other vulnerabilities. |
|
VCID-qta2-8rnt-k7d1
Aliases: CVE-2026-2788 |
Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Affected by 39 other vulnerabilities. |
|
VCID-r7vt-w149-9bfn
Aliases: CVE-2026-2773 |
Incorrect boundary conditions in the Web Audio component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Affected by 39 other vulnerabilities. |
|
VCID-rp5h-ym8y-skbw
Aliases: CVE-2026-4701 |
Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-sgwe-9xfj-6kav
Aliases: CVE-2026-2783 |
Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Affected by 39 other vulnerabilities. |
|
VCID-ss9j-7jd7-nbf1
Aliases: CVE-2026-2770 |
Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Affected by 39 other vulnerabilities. |
|
VCID-t2c3-smqc-zkba
Aliases: CVE-2026-0877 |
Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. |
Affected by 39 other vulnerabilities. |
|
VCID-t4t3-5pt5-ayds
Aliases: CVE-2026-4685 |
Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-te1e-sjsk-bfd8
Aliases: CVE-2026-2768 |
Sandbox escape in the Storage: IndexedDB component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Affected by 39 other vulnerabilities. |
|
VCID-u3j3-fc4f-7ff7
Aliases: CVE-2026-4686 |
Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-ud33-vgxh-8khj
Aliases: CVE-2026-2766 |
Use-after-free in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Affected by 39 other vulnerabilities. |
|
VCID-vszp-vyxy-f7g7
Aliases: CVE-2026-2781 |
Integer overflow in the Libraries component in NSS. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Affected by 39 other vulnerabilities. |
|
VCID-w4u8-25rz-gqeq
Aliases: CVE-2026-2782 |
Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Affected by 39 other vulnerabilities. |
|
VCID-wagm-cq36-k7g3
Aliases: CVE-2026-2760 |
Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Affected by 39 other vulnerabilities. |
|
VCID-wmyy-2cg3-wyhc
Aliases: CVE-2026-4697 |
Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-wqw2-gjvu-6qbu
Aliases: CVE-2026-4690 |
Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-wvx2-pba2-sqha
Aliases: CVE-2026-4708 |
Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-wwdh-xmux-3qdq
Aliases: CVE-2026-2759 |
Incorrect boundary conditions in the Graphics: ImageLib component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Affected by 39 other vulnerabilities. |
|
VCID-wwkc-4c69-cbea
Aliases: CVE-2026-2784 |
Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Affected by 39 other vulnerabilities. |
|
VCID-xcbn-tkgg-4ben
Aliases: CVE-2026-2772 |
Use-after-free in the Audio/Video: Playback component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Affected by 39 other vulnerabilities. |
|
VCID-yjc2-2whn-uug5
Aliases: CVE-2026-4694 |
Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-ymak-rv52-h7a5
Aliases: CVE-2026-4710 |
Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. |
Affected by 0 other vulnerabilities. |
|
VCID-zdxh-fp2e-47dd
Aliases: CVE-2026-0883 |
Information disclosure in the Networking component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. |
Affected by 39 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-18my-61hh-n3gb | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution. |
CVE-2025-1934
|
| VCID-1jqj-tqfp-73f7 | JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. |
CVE-2025-14325
|
| VCID-1xcg-n9k4-tqc4 | A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. |
CVE-2025-1011
|
| VCID-1zf8-qjts-9fbc | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution. |
CVE-2024-11704
|
| VCID-2ejc-7bd5-qkbf | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution. |
CVE-2025-3028
|
| VCID-3qfb-sxha-v3cw | Same-origin policy bypass in the Layout component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3. |
CVE-2025-10529
|
| VCID-43nm-4qjy-vfgj | On arm64, a WASM br_table instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. |
CVE-2025-8028
|
| VCID-4bw1-v6ze-kbds | Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5. |
CVE-2025-13018
|
| VCID-4byg-5gy3-kkff | The username:password part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. |
CVE-2025-8031
|
| VCID-4g7u-xmdq-mkdn | Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. |
CVE-2025-14328
|
| VCID-4gsx-puz4-a3f1 | Use-after-free in MediaTrackGraphImpl::GetInstance() |
CVE-2025-11708
|
| VCID-4kd3-95cm-g3fc | Same-origin policy bypass in the DOM: Workers component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5. |
CVE-2025-13019
|
| VCID-4kmx-pfby-hfbn | Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. |
CVE-2024-11159
|
| VCID-4zjw-4gjw-pqh1 | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution. |
CVE-2025-0242
|
| VCID-59wd-mtjt-4ban | Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
CVE-2025-11714
|
| VCID-5j6z-g7gt-qyea | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution. |
CVE-2024-11694
|
| VCID-5kwn-x8e4-ukgq | Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5, Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
CVE-2025-14333
|
| VCID-66z1-8zeg-9qh1 | Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3. |
CVE-2025-10528
|
| VCID-6bbw-b3rx-a7hj | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-10462
|
| VCID-6jw1-pere-ruee | Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
CVE-2025-11715
|
| VCID-6szy-r2cd-9kfw | matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal ### Summary matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the client's homeserver. ### Details The Matrix specification demands homeservers to [perform validation](https://spec.matrix.org/v1.12/client-server-api/#security-considerations-5) of the `server-name` and `media-id` components of MXC URIs with the intent to prevent path traversal. However, it is not mentioned that a similar check must also be performed on the client to prevent *client-side* path traversal. matrix-js-sdk fails to perform this validation. ### Patches Fixed in matrix-js-sdk 34.11.1. ### Workarounds None. ### References - https://spec.matrix.org/v1.12/client-server-api/#security-considerations-5 - https://blog.doyensec.com/2024/07/02/cspt2csrf.html |
CVE-2024-50336
GHSA-xvg8-m4x3-w6xr |
| VCID-7eu3-hxbk-8fd7 | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution. |
CVE-2025-1935
|
| VCID-7q66-66b2-kucc | Script elements loading cross-origin resources generated load and error events which leaked information enabling XS-Leaks attacks. |
CVE-2025-5266
|
| VCID-7v6j-9uuc-qkc8 | An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. |
CVE-2025-4919
|
| VCID-84jf-84jx-3fgj | Privilege escalation in the DOM: Notifications component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. |
CVE-2025-14323
|
| VCID-8hm6-nz5h-yfcm | An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. |
CVE-2025-4918
|
| VCID-8k4z-rq29-mqg5 | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution. |
CVE-2024-11697
|
| VCID-8san-ze3j-dqdx | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution. |
CVE-2025-3030
|
| VCID-93au-w2zh-3yhg | Integer overflow in the SVG component. This vulnerability affects Firefox < 143, Firefox ESR < 115.28, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3. |
CVE-2025-10533
|
| VCID-95vw-esba-23a2 | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution. |
CVE-2025-1937
|
| VCID-962a-dwqf-3ycg | Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5. |
CVE-2025-13016
|
| VCID-98mt-7srw-qfh4 | A vulnerability has been discovered in libvpx, which could lead to execution of arbitrary code. |
CVE-2025-5283
|
| VCID-9rm3-u7dy-zuhu | Same-origin policy bypass in the Graphics: Canvas2D component. |
CVE-2025-9180
|
| VCID-a8vw-n16x-duee | Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. |
CVE-2025-5264
|
| VCID-aemu-emvp-hkfh | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-10460
|
| VCID-as4y-nhw6-akfx | A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption. |
CVE-2025-4087
|
| VCID-b3rg-quvp-2uha | A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape. |
CVE-2025-4083
|
| VCID-b5t3-yqha-xyeq | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2025-26696
|
| VCID-bjny-apx2-8ba1 | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution. |
CVE-2024-11695
|
| VCID-bwk4-hqx8-97dy | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-10459
|
| VCID-bzgb-mdsk-yua6 | An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. |
CVE-2025-1009
|
| VCID-c6rx-p235-9bdz | Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
CVE-2025-10537
|
| VCID-cypj-1jsu-cbh5 | Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
CVE-2025-1016
|
| VCID-db28-rbyf-1qf4 | Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. |
CVE-2025-14329
|
| VCID-dcjm-7xcr-ayew | Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
CVE-2025-5268
|
| VCID-ddwf-z514-hbbj | Information disclosure in the Networking: Cache component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3. |
CVE-2025-10536
|
| VCID-dgwm-n1zx-qkbq | Race condition in the Graphics component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5. |
CVE-2025-13012
|
| VCID-dh5k-q87q-4qfs | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution. |
CVE-2024-11696
|
| VCID-dp5j-4mzw-pqer | Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. |
CVE-2025-4093
|
| VCID-ds2y-kn7q-vuct | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-10464
|
| VCID-e7jk-vs8y-fyhr | Use-after-free in the WebRTC: Audio/Video component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5. |
CVE-2025-13020
|
| VCID-f1zm-g4es-vfbz | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution. |
CVE-2025-0239
|
| VCID-f2tn-1hq4-uffa | An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. |
CVE-2025-9179
|
| VCID-f5w8-j656-akf4 | Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
CVE-2025-1017
|
| VCID-ffd7-y29n-6fan | XSLT document loading did not correctly propagate the source document which bypassed its CSP. |
CVE-2025-8032
|
| VCID-g3n8-mvdt-cqdj | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution. |
CVE-2025-3029
|
| VCID-g5yf-hp8r-rkcs | A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. This behavior can be abused to fill the disk with garbage data (e.g. using /dev/urandom on Linux) or to leak Windows credentials via SMB links when the email is viewed in HTML mode. While user interaction is required to download the .pdf file, visual obfuscation can conceal the download trigger. Viewing the email in HTML mode is enough to load external content. |
CVE-2025-5986
|
| VCID-gph4-xa9p-73fr | Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
CVE-2025-4091
|
| VCID-grjt-j4at-pqbp | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution. |
CVE-2024-11692
|
| VCID-h9em-p9se-rucn | Use-after-free in the WebRTC: Signaling component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. |
CVE-2025-14321
|
| VCID-hccf-ueut-vugw | Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. |
CVE-2025-14322
|
| VCID-hfp7-jaxc-2khq | Uninitialized memory in the JavaScript Engine component. |
CVE-2025-9181
|
| VCID-hfx8-7x82-zqfk | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-10466
|
| VCID-hm7h-1na5-7bbx | The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For example, in the “Other” field of the Instant Messaging section. If another user imported the address book, clicking on the link could result in opening a web page inside Thunderbird, and that page could execute (unprivileged) JavaScript. |
CVE-2025-1015
|
| VCID-j5k8-ztxb-uffb | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution. |
CVE-2025-0238
|
| VCID-j6w1-yhc3-uqfw | An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. |
CVE-2025-6425
|
| VCID-jm7w-hqzq-tqde | Thunderbird executed javascript: URLs when used in object and embed tags. |
CVE-2025-8029
|
| VCID-jyns-kqp9-4ygh | By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a new message. This vulnerability could allow attackers to disclose sensitive information from the victim's system. This vulnerability is not limited to Linux; similar behavior has been observed on Windows as well. |
CVE-2025-2830
|
| VCID-kdwy-7p45-hbcs | Spoofing issue in Firefox. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5. |
CVE-2025-13015
|
| VCID-kkgh-a9hg-fud8 | A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process. |
CVE-2025-11710
|
| VCID-m93r-91y4-xyaz | An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. |
CVE-2025-1010
|
| VCID-mrb2-hz9y-4ufp | When a file download is specified via the Content-Disposition header, that directive would be ignored if the file was included via a <embed> or <object> tag, potentially making a website vulnerable to a cross-site scripting attack. |
CVE-2025-6430
|
| VCID-ms9h-982a-pkdu | Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed. |
CVE-2025-1014
|
| VCID-mw96-qtnz-gqdx | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-10465
|
| VCID-n2hq-1ck4-ayhp | Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. |
CVE-2025-5263
|
| VCID-n3rs-11fq-wqc4 | Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From address to be used. For example, if the From header contains an (invalid) value "Spoofed Name ", Thunderbird treats spoofed@example.com as the actual address. |
CVE-2025-3875
|
| VCID-n4hu-b1t6-xkay | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-10458
|
| VCID-n9jq-77ud-v7c9 | When an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL header, only the last link is shown when hovering over any attachment. Although the correct link is used on click, the misleading hover text could trick users into downloading content from untrusted sources. |
CVE-2025-3523
|
| VCID-pcgf-xtfq-6ugb | JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. |
CVE-2025-14330
|
| VCID-pcrz-f3nj-kybr | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution. |
CVE-2025-1938
|
| VCID-pj4h-ff45-e3ez | A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have resulted in a potential privacy leak. |
CVE-2025-1013
|
| VCID-pneu-6c1f-zkfa | Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment (message/rfc822) and setting its content type to application/pdf, Thunderbird may incorrectly render it as HTML when opened, allowing the embedded JavaScript to run without requiring a file download. This behavior relies on Thunderbird auto-saving the attachment to /tmp and linking to it via the file:/// protocol, potentially enabling JavaScript execution as part of the HTML. |
CVE-2025-3909
|
| VCID-psc3-4ssv-wyb5 | On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. |
CVE-2025-8027
|
| VCID-q9f4-zumy-wbfy | Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
CVE-2025-8034
|
| VCID-qeh2-jn2v-9ug7 | A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. |
CVE-2025-11709
|
| VCID-qgvy-hzsx-hkge | Use-after-free in the Audio/Video component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5. |
CVE-2025-13014
|
| VCID-qtcm-9z3v-dydn | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution. |
CVE-2025-0241
|
| VCID-qw3q-xg7s-wbd7 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2025-26695
|
| VCID-qz95-5z9e-7qb7 | The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. |
CVE-2025-8033
|
| VCID-r29z-4m4j-8kft | A use-after-free in FontFaceSet resulted in a potentially exploitable crash. |
CVE-2025-6424
|
| VCID-r7ss-g876-c7fg | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution. |
CVE-2025-0237
|
| VCID-rcg4-7hjg-v7du | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-10463
|
| VCID-rfve-tkv7-13dv | Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an email is opened, Thunderbird accesses the specified URL to determine file size, and navigates to it when the user clicks the attachment. Because the URL is not validated or sanitized, it can reference internal resources like chrome:// or SMB share file:// links, potentially leading to hashed Windows credential leakage and opening the door to more serious security issues. |
CVE-2025-3522
|
| VCID-rg63-avu7-2bdc | Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3. |
CVE-2025-10527
|
| VCID-rkj9-dd18-xka9 | A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page. |
CVE-2025-5267
|
| VCID-ruc1-kmaz-fkbb | Incorrect boundary conditions in the JavaScript: GC component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3. |
CVE-2025-10532
|
| VCID-s89g-7f5f-5qd2 | Thunderbird could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an embed tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. |
CVE-2025-6429
|
| VCID-sg2y-gfue-6qam | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-10461
|
| VCID-svy5-paub-2bhr | Thunderbird displayed an incorrect sender address if the From field of an email used the invalid group name syntax that is described in CVE-2024-49040. |
CVE-2025-0510
|
| VCID-t9cw-yjar-ckfd | A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This could have contributed to an XSS on a site that unsafely serves files without a content-type header. |
CVE-2025-11712
|
| VCID-tgpf-32kg-rqc2 | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution. |
CVE-2025-0240
|
| VCID-tgsj-hp8b-27f9 | There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. |
CVE-2025-11711
|
| VCID-tkzd-c11q-3qaf | Same-origin policy bypass in the Request Handling component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. |
CVE-2025-14331
|
| VCID-ukf2-qcjg-u7bg | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution. |
CVE-2025-0243
|
| VCID-ukut-zyjx-93gq | Mitigation bypass in the DOM: Core & HTML component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5. |
CVE-2025-13013
|
| VCID-upvn-56py-8ud7 | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution. |
CVE-2025-1933
|
| VCID-uy2g-rmuh-pkbe | It was possible to craft an email that showed a tracking link as an attachment. If the user attempted to open the attachment, Thunderbird automatically accessed the link. The configuration to block remote content did not prevent that. Thunderbird has been fixed to no longer allow access to web pages listed in the X-Mozilla-External-Attachment-URL header of an email. |
CVE-2025-3932
|
| VCID-vcnn-u8k9-8ubs | Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
CVE-2025-8035
|
| VCID-vdpy-f9d9-pfac | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-10467
|
| VCID-vz6w-wghm-nqaq | Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. |
CVE-2025-9185
|
| VCID-w6j3-6a6j-uqf1 | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution. |
CVE-2025-1931
|
| VCID-w7gj-shrq-3fcz | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution. |
CVE-2024-11699
|
| VCID-wz6r-xzm9-m7hp | Same-origin policy bypass in the DOM: Notifications component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5. |
CVE-2025-13017
|
| VCID-xghm-4ygw-tkb2 | JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. |
CVE-2025-14324
|
| VCID-y45y-r8h7-6yez | Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. |
CVE-2025-5269
|
| VCID-y7sk-dmau-4fam | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution. |
CVE-2025-1936
|
| VCID-yfwd-x224-3qe6 | Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user into executing unexpected code. |
CVE-2025-8030
|
| VCID-ymu8-mjph-f7a4 | A race during concurrent delazification could have led to a use-after-free. |
CVE-2025-1012
|
| VCID-z8cr-rten-qqg2 | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution. |
CVE-2025-1932
|
| VCID-zefw-etrb-z3fu | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution. |
CVE-2024-43097
|