Search for packages
| purl | pkg:deb/ubuntu/thunderbird@1:60.7.1%2Bbuild1-0ubuntu0.19.04.1 |
| Next non-vulnerable version | 1:78.14.0+build1-0ubuntu0.20.04.1 |
| Latest non-vulnerable version | 1:78.14.0+build1-0ubuntu0.20.04.1 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-18tm-g12t-aaad
Aliases: CVE-2020-15673 |
Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3. |
Affected by 38 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-19zf-ejew-aaaa
Aliases: CVE-2021-23973 |
When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. |
Affected by 31 other vulnerabilities. |
|
VCID-1dg7-zfz2-aaar
Aliases: CVE-2020-6825 |
Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75. |
Affected by 103 other vulnerabilities. Affected by 103 other vulnerabilities. |
|
VCID-1gkb-wc83-aaad
Aliases: CVE-2021-30547 |
Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. |
Affected by 1 other vulnerability. |
|
VCID-1qw5-jy7v-aaaq
Aliases: CVE-2019-11715 |
Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. |
Affected by 150 other vulnerabilities. |
|
VCID-1ujj-evb7-aaas
Aliases: CVE-2020-15654 |
When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. |
Affected by 38 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-1zc8-s7vs-aaab
Aliases: CVE-2020-6805 |
When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. |
Affected by 103 other vulnerabilities. |
|
VCID-2b52-b4dy-aaae
Aliases: CVE-2020-12410 |
Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. |
Affected by 88 other vulnerabilities. Affected by 87 other vulnerabilities. |
|
VCID-2d3s-yvhn-aaaj
Aliases: CVE-2021-29945 |
The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. *Note: This issue only affected x86-32 platforms. Other platforms are unaffected.*. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. |
Affected by 11 other vulnerabilities. |
|
VCID-2pvx-sqzv-aaaa
Aliases: CVE-2020-26956 |
In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. |
Affected by 38 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-36kf-z8uk-aaab
Aliases: CVE-2019-11708 |
Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer. This vulnerability affects Firefox ESR < 60.7.2, Firefox < 67.0.4, and Thunderbird < 60.7.2. |
Affected by 160 other vulnerabilities. |
|
VCID-38x7-vzgt-aaab
Aliases: CVE-2020-16042 |
Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. |
Affected by 38 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-3cvj-hax2-aaam
Aliases: CVE-2020-12387 |
A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. |
Affected by 98 other vulnerabilities. Affected by 98 other vulnerabilities. |
|
VCID-3ewf-dckr-aaam
Aliases: CVE-2020-12399 |
NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. |
Affected by 88 other vulnerabilities. Affected by 87 other vulnerabilities. |
|
VCID-3qvm-xrkz-aaar
Aliases: CVE-2019-11742 |
A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a <canvas> element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1. |
Affected by 143 other vulnerabilities. |
|
VCID-3s3g-dquk-aaar
Aliases: CVE-2020-6794 |
If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Thunderbird 60. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Thunderbird < 68.5. |
Affected by 103 other vulnerabilities. |
|
VCID-47ec-jak8-aaab
Aliases: CVE-2020-6820 |
Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1. |
Affected by 103 other vulnerabilities. Affected by 103 other vulnerabilities. |
|
VCID-4bc8-eeb6-aaar
Aliases: CVE-2019-11729 |
Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. |
Affected by 150 other vulnerabilities. |
|
VCID-4d5s-zzcw-aaaj
Aliases: CVE-2021-29984 |
Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. |
Affected by 1 other vulnerability. |
|
VCID-4hms-r9gj-aaaq
Aliases: CVE-2020-6819 |
Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1. |
Affected by 103 other vulnerabilities. Affected by 103 other vulnerabilities. |
|
VCID-4vkk-25up-aaap
Aliases: CVE-2019-11739 |
Encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird < 68.1 and Thunderbird < 60.9. |
Affected by 143 other vulnerabilities. |
|
VCID-4wrn-uqht-aaan
Aliases: CVE-2017-12652 |
Improper Input Validation libpng does not properly check the length of chunks against the user limit. |
Affected by 130 other vulnerabilities. Affected by 141 other vulnerabilities. |
|
VCID-4x9u-r2c9-aaap
Aliases: CVE-2020-15683 |
Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.4, Firefox < 82, and Thunderbird < 78.4. |
Affected by 38 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-4xcu-27pb-aaaa
Aliases: CVE-2019-17005 |
The plain text serializer used a fixed-size array for the number of <ol> elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. |
Affected by 130 other vulnerabilities. Affected by 121 other vulnerabilities. |
|
VCID-4zas-8812-aaas
Aliases: CVE-2019-11764 |
Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firefox ESR 68.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. |
Affected by 135 other vulnerabilities. Affected by 121 other vulnerabilities. |
|
VCID-51y4-62zh-aaam
Aliases: CVE-2020-35113 |
Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. |
Affected by 38 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-523z-uvp3-aaam
Aliases: CVE-2021-23992 |
Thunderbird did not check if the user ID associated with an OpenPGP key has a valid self signature. An attacker may create a crafted version of an OpenPGP key, by either replacing the original user ID, or by adding another user ID. If Thunderbird imports and accepts the crafted key, the Thunderbird user may falsely conclude that the false user ID belongs to the correspondent. This vulnerability affects Thunderbird < 78.9.1. |
Affected by 11 other vulnerabilities. |
|
VCID-547k-v6zd-aaag
Aliases: CVE-2021-29949 |
When loading the shared library that provides the OTR protocol implementation, Thunderbird will initially attempt to open it using a filename that isn't distributed by Thunderbird. If a computer has already been infected with a malicious library of the alternative filename, and the malicious library has been copied to a directory that is contained in the search path for executable libraries, then Thunderbird will load the incorrect library. This vulnerability affects Thunderbird < 78.9.1. |
Affected by 11 other vulnerabilities. |
|
VCID-589s-qqgp-aaar
Aliases: CVE-2020-26961 |
When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. |
Affected by 38 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-5c7n-hh4p-aaag
Aliases: CVE-2020-6795 |
When processing a message that contains multiple S/MIME signatures, a bug in the MIME processing code caused a null pointer dereference, leading to an unexploitable crash. This vulnerability affects Thunderbird < 68.5. |
Affected by 103 other vulnerabilities. |
|
VCID-5mew-9cte-aaas
Aliases: CVE-2020-6800 |
Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts. This vulnerability affects Thunderbird < 68.5, Firefox < 73, and Firefox < ESR68.5. |
Affected by 103 other vulnerabilities. |
|
VCID-5nsh-d5x7-aaac
Aliases: CVE-2020-15677 |
By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open redirect) rather than the site the file was actually downloaded from. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3. |
Affected by 38 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-5sec-ufnk-aaan
Aliases: CVE-2020-6811 |
The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. |
Affected by 103 other vulnerabilities. |
|
VCID-5trw-wewb-aaak
Aliases: CVE-2020-12417 |
Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. *Note: this issue only affects Firefox on ARM64 platforms.* This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. |
Affected by 88 other vulnerabilities. Affected by 87 other vulnerabilities. |
|
VCID-5z6t-46r7-aaas
Aliases: CVE-2020-12415 |
When "%2F" was present in a manifest URL, Firefox's AppCache behavior may have become confused and allowed a manifest to be served from a subdirectory. This could cause the appcache to be used to service requests for the top level directory. This vulnerability affects Firefox < 78. |
Affected by 38 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-6gkn-bwdh-aaaj
Aliases: CVE-2021-23978 |
Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. |
Affected by 31 other vulnerabilities. |
|
VCID-6h36-r9kp-aaah
Aliases: CVE-2021-23993 |
An attacker may perform a DoS attack to prevent a user from sending encrypted email to a correspondent. If an attacker creates a crafted OpenPGP key with a subkey that has an invalid self signature, and the Thunderbird user imports the crafted key, then Thunderbird may try to use the invalid subkey, but the RNP library rejects it from being used, causing encryption to fail. This vulnerability affects Thunderbird < 78.9.1. |
Affected by 11 other vulnerabilities. |
|
VCID-6mes-5441-aaas
Aliases: CVE-2019-11760 |
A fixed-size stack buffer could overflow in nrappkit when doing WebRTC signaling. This resulted in a potentially exploitable crash in some instances. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. |
Affected by 135 other vulnerabilities. Affected by 121 other vulnerabilities. |
|
VCID-6rtk-4prh-aaag
Aliases: CVE-2021-29948 |
Signatures are written to disk before and read during verification, which might be subject to a race condition when a malicious local process or user is replacing the file. This vulnerability affects Thunderbird < 78.10. |
Affected by 11 other vulnerabilities. |
|
VCID-6sbr-5wh6-aaaj
Aliases: CVE-2021-23995 |
When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. |
Affected by 11 other vulnerabilities. |
|
VCID-6sh6-1njn-aaac
Aliases: CVE-2019-11746 |
A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1. |
Affected by 143 other vulnerabilities. |
|
VCID-6vac-dc3e-aaas
Aliases: CVE-2020-15669 |
When aborting an operation, such as a fetch, an abort signal may be deleted while alerting the objects to be notified. This results in a use-after-free and we presume that with enough effort it could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.12 and Thunderbird < 68.12. |
Affected by 36 other vulnerabilities. |
|
VCID-6yc2-ac91-aaaf
Aliases: CVE-2020-12418 |
Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. |
Affected by 88 other vulnerabilities. Affected by 87 other vulnerabilities. |
|
VCID-74zh-ufku-aaan
Aliases: CVE-2020-6798 |
If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer a cross-site scripting vulnerability as a result. In general, this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but is potentially a risk in browser or browser-like contexts. This vulnerability affects Thunderbird < 68.5, Firefox < 73, and Firefox < ESR68.5. |
Affected by 103 other vulnerabilities. |
|
VCID-7cpy-v3jb-aaak
Aliases: CVE-2020-15685 |
During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. This vulnerability affects Thunderbird < 78.7. |
Affected by 38 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-7czg-22gd-aaak
Aliases: CVE-2021-24002 |
When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. |
Affected by 11 other vulnerabilities. |
|
VCID-7k21-adjy-aaap
Aliases: CVE-2021-29967 |
Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11. |
Affected by 11 other vulnerabilities. |
|
VCID-7pvj-4ud9-aaaf
Aliases: CVE-2020-26960 |
If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. |
Affected by 38 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-7pxp-zs62-aaae
Aliases: CVE-2021-29988 |
Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. |
Affected by 1 other vulnerability. |
|
VCID-82qf-skr6-aaah
Aliases: CVE-2020-12419 |
When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. |
Affected by 88 other vulnerabilities. Affected by 87 other vulnerabilities. |
|
VCID-831f-qtke-aaaa
Aliases: CVE-2021-23999 |
If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. |
Affected by 11 other vulnerabilities. |
|
VCID-88cj-hqax-aaad
Aliases: CVE-2020-12425 |
Due to confusion processing a hyphen character in Date.parse(), a one-byte out of bounds read could have occurred, leading to potential information disclosure. This vulnerability affects Firefox < 78. |
Affected by 38 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-8btd-mrd4-aaaj
Aliases: CVE-2020-12395 |
Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. |
Affected by 98 other vulnerabilities. Affected by 98 other vulnerabilities. |
|
VCID-8z8f-ambj-aaas
Aliases: CVE-2019-17024 |
Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. |
Affected by 130 other vulnerabilities. Affected by 138 other vulnerabilities. Affected by 121 other vulnerabilities. |
|
VCID-91ed-mhev-aaaa
Aliases: CVE-2020-26965 |
Some websites have a feature "Show Password" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed password. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. |
Affected by 38 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-98a6-5rvx-aaas
Aliases: CVE-2019-17016 |
When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. |
Affected by 130 other vulnerabilities. Affected by 138 other vulnerabilities. Affected by 121 other vulnerabilities. |
|
VCID-9a4a-hev9-aaah
Aliases: CVE-2020-12416 |
A VideoStreamEncoder may have been freed in a race condition with VideoBroadcaster::AddOrUpdateSink, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 78. |
Affected by 38 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-9e28-p8t5-aaak
Aliases: CVE-2020-26950 |
In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox < 82.0.3, Firefox ESR < 78.4.1, and Thunderbird < 78.4.2. |
Affected by 38 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-9kp8-dukp-aaap
Aliases: CVE-2021-23982 |
Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRTC connections. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9. |
Affected by 11 other vulnerabilities. |
|
VCID-9qzp-9anb-aaab
Aliases: CVE-2019-11730 |
A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and they may uploaded to a server. It was demonstrated that in combination with a popular Android messaging app, if a malicious HTML attachment is sent to a user and they opened that attachment in Firefox, due to that app's predictable pattern for locally-saved file names, it is possible to read attachments the victim received from other correspondents. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. |
Affected by 150 other vulnerabilities. |
|
VCID-9rme-xpz4-aaar
Aliases: CVE-2020-6812 |
The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a special case that renames devices containing the substring 'AirPods' to simply 'AirPods'. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. |
Affected by 103 other vulnerabilities. |
|
VCID-aayt-9841-aaah
Aliases: CVE-2019-11713 |
A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. |
Affected by 150 other vulnerabilities. |
|
VCID-abqn-q22n-aaag
Aliases: CVE-2021-23991 |
If a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has extended the validity period of her key, but Alice's updated key has not yet been imported, an attacker may send an email containing a crafted version of Alice's key with an invalid subkey, Thunderbird might subsequently attempt to use the invalid subkey, and will fail to send encrypted email to Alice. This vulnerability affects Thunderbird < 78.9.1. |
Affected by 11 other vulnerabilities. |
|
VCID-adsx-hpqd-aaac
Aliases: CVE-2019-17010 |
Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. |
Affected by 130 other vulnerabilities. Affected by 121 other vulnerabilities. |
|
VCID-ajhw-h67b-aaaq
Aliases: CVE-2021-29946 |
Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. |
Affected by 11 other vulnerabilities. |
|
VCID-avp2-tvrb-aaah
Aliases: CVE-2019-17022 |
When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the node's innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability. Two WYSIWYG editors were identified with this behavior, more may exist. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. |
Affected by 130 other vulnerabilities. Affected by 138 other vulnerabilities. Affected by 121 other vulnerabilities. |
|
VCID-ax5f-3a8e-aaad
Aliases: CVE-2021-23984 |
A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9. |
Affected by 11 other vulnerabilities. |
|
VCID-b39d-4f7j-aaaf
Aliases: CVE-2020-26951 |
A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. |
Affected by 38 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-b8gg-bqs6-aaar
Aliases: CVE-2021-23964 |
Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. |
Affected by 38 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-bcg2-n3qr-aaaq
Aliases: CVE-2019-11762 |
If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. |
Affected by 135 other vulnerabilities. Affected by 121 other vulnerabilities. |
|
VCID-bzdy-ke8u-aaac
Aliases: CVE-2020-15659 |
Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1. |
Affected by 38 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-c5g6-we4w-aaab
Aliases: CVE-2020-15655 |
A redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to potential disclosure of cross-origin information. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. |
Affected by 38 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-c83h-99tb-aaab
Aliases: CVE-2020-15678 |
When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClippedCompositionBounds did not follow iterator invalidation rules. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3. |
Affected by 86 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-c9ct-p91r-aaaf
Aliases: CVE-2019-17011 |
Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. |
Affected by 130 other vulnerabilities. Affected by 121 other vulnerabilities. |
|
VCID-cpn7-emuh-aaae
Aliases: CVE-2020-6514 |
Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream. |
Affected by 38 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-d11z-q6pp-aaah
Aliases: CVE-2021-29985 |
A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. |
Affected by 1 other vulnerability. |
|
VCID-dapf-1sew-aaaq
Aliases: CVE-2021-29976 |
Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90. |
Affected by 1 other vulnerability. |
|
VCID-dfby-28fx-aaac
Aliases: CVE-2019-11744 |
Some HTML elements, such as <title> and <textarea>, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if a site does not filter user input as strictly for these elements as it does for other elements. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1. |
Affected by 143 other vulnerabilities. |
|
VCID-dt55-8ys9-aaac
Aliases: CVE-2019-20503 |
usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init. |
Affected by 103 other vulnerabilities. |
|
VCID-dtgr-6wma-aaae
Aliases: CVE-2020-12405 |
When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. |
Affected by 88 other vulnerabilities. Affected by 87 other vulnerabilities. |
|
VCID-e566-np3g-aaaa
Aliases: CVE-2020-6792 |
When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents. This vulnerability affects Thunderbird < 68.5. |
Affected by 103 other vulnerabilities. |
|
VCID-e56e-1t6d-aaaa
Aliases: CVE-2019-11727 |
A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox < 68. |
Affected by 130 other vulnerabilities. Affected by 141 other vulnerabilities. Affected by 121 other vulnerabilities. |
|
VCID-e82t-cusu-aaab
Aliases: CVE-2020-26976 |
When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the (insecure) framing. This vulnerability affects Firefox < 84. |
Affected by 38 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-eyzj-zjqb-aaam
Aliases: CVE-2020-26953 |
It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. |
Affected by 38 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-fp39-wa4d-aaaq
Aliases: CVE-2019-11717 |
A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. |
Affected by 150 other vulnerabilities. |
|
VCID-g433-dtws-aaaj
Aliases: CVE-2021-29950 |
Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key import task. If the task runs into a failure, the secret key may remain in memory in its unprotected state. This vulnerability affects Thunderbird < 78.8.1. |
Affected by 31 other vulnerabilities. |
|
VCID-g7bm-8d6t-aaae
Aliases: CVE-2021-29956 |
OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were stored unencrypted on the user's local disk. The master password protection was inactive for those keys. Version 78.10.2 will restore the protection mechanism for newly imported keys, and will automatically protect keys that had been imported using affected Thunderbird versions. This vulnerability affects Thunderbird < 78.10.2. |
Affected by 11 other vulnerabilities. |
|
VCID-gcj9-dta3-aaah
Aliases: CVE-2020-26978 |
Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. |
Affected by 38 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-gs4m-md5m-aaan
Aliases: CVE-2020-26974 |
When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. |
Affected by 38 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-h6nu-7za9-aaag
Aliases: CVE-2019-11763 |
Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could have led to XSS in a web application under certain conditions. It could have also led to HTML entities being masked from filters - enabling the use of entities to mask the actual characters of interest from filters. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. |
Affected by 135 other vulnerabilities. Affected by 121 other vulnerabilities. |
|
VCID-hc8x-cusp-aaam
Aliases: CVE-2021-29989 |
Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.13, Firefox ESR < 78.13, and Firefox < 91. |
Affected by 1 other vulnerability. |
|
VCID-he22-dw9a-aaag
Aliases: CVE-2020-35111 |
When an extension with the proxy permission registered to receive <all_urls>, the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have inadvertently leaked their IP address. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. |
Affected by 38 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-hfzc-6tnp-aaae
Aliases: CVE-2019-11757 |
When following the value's prototype chain, it was possible to retain a reference to a locale, delete it, and subsequently reference it. This resulted in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. |
Affected by 135 other vulnerabilities. Affected by 121 other vulnerabilities. |
|
VCID-hmeb-2gjt-aaag
Aliases: CVE-2020-15969 |
Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
Affected by 38 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-hmyw-2x88-aaaj
Aliases: CVE-2020-16044 |
Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet. |
Affected by 38 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-j1gt-ebpu-aaaa
Aliases: CVE-2020-12426 |
Mozilla developers and community members reported memory safety bugs present in Firefox 77. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 78. |
Affected by 38 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-jg29-824e-aaah
Aliases: CVE-2019-11712 |
POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery (CSRF) attacks. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. |
Affected by 150 other vulnerabilities. |
|
VCID-jnbc-rb8g-aaaq
Aliases: CVE-2019-15903 |
In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read. |
Affected by 135 other vulnerabilities. Affected by 121 other vulnerabilities. |
|
VCID-jnux-8yzh-aaab
Aliases: CVE-2019-11761 |
By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing defense in depth mechanisms. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. |
Affected by 135 other vulnerabilities. Affected by 121 other vulnerabilities. |
|
VCID-k2ak-4fcc-aaan
Aliases: CVE-2019-9811 |
As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. |
Affected by 150 other vulnerabilities. |
|
VCID-kb9w-bzwr-aaag
Aliases: CVE-2021-23953 |
If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. |
Affected by 38 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-kcxt-88yq-aaad
Aliases: CVE-2020-26958 |
Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. |
Affected by 38 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-kvrc-hr7g-aaam
Aliases: CVE-2020-26971 |
Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. |
Affected by 38 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-met3-dhk3-aaae
Aliases: CVE-2020-6463 |
Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
Affected by 38 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-mfz6-t932-aaap
Aliases: CVE-2020-12398 |
If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection. This vulnerability affects Thunderbird < 68.9.0. |
Affected by 88 other vulnerabilities. Affected by 87 other vulnerabilities. |
|
VCID-mr21-vp39-aaae
Aliases: CVE-2020-15653 |
An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed popups and hosted arbitrary content. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. |
Affected by 38 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-mwmq-pzu3-aaas
Aliases: CVE-2020-12424 |
When constructing a permission prompt for WebRTC, a URI was supplied from the content process. This URI was untrusted, and could have been the URI of an origin that was previously granted permission; bypassing the prompt. This vulnerability affects Firefox < 78. |
Affected by 38 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-mwy7-qhqx-aaaf
Aliases: CVE-2019-11740 |
Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1. |
Affected by 143 other vulnerabilities. |
|
VCID-n35k-ra7d-aaas
Aliases: CVE-2021-23994 |
A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. |
Affected by 11 other vulnerabilities. |
|
VCID-nxjj-8d8n-aaab
Aliases: CVE-2019-17008 |
When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. |
Affected by 130 other vulnerabilities. Affected by 121 other vulnerabilities. |
|
VCID-p935-2hns-aaah
Aliases: CVE-2021-29970 |
A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. *This bug could only be triggered when accessibility was enabled.*. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90. |
Affected by 1 other vulnerability. |
|
VCID-ppu7-gcfq-aaaj
Aliases: CVE-2020-12420 |
When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. |
Affected by 88 other vulnerabilities. Affected by 87 other vulnerabilities. |
|
VCID-pr2f-zxef-aaar
Aliases: CVE-2020-6793 |
When processing an email message with an ill-formed envelope, Thunderbird could read data from a random memory location. This vulnerability affects Thunderbird < 68.5. |
Affected by 103 other vulnerabilities. |
|
VCID-pred-sx6g-aaad
Aliases: CVE-2020-12421 |
When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by an administrator.) This could have caused add-ons to become out-of-date silently without notification to the user. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. |
Affected by 88 other vulnerabilities. Affected by 87 other vulnerabilities. |
|
VCID-pshr-5rcz-aaas
Aliases: CVE-2020-26968 |
Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. |
Affected by 38 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-px5r-sy12-aaaj
Aliases: CVE-2019-17012 |
Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. |
Affected by 130 other vulnerabilities. Affected by 121 other vulnerabilities. |
|
VCID-q22a-7dhv-aaar
Aliases: CVE-2020-26959 |
During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. |
Affected by 38 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-q63r-6826-aaaj
Aliases: CVE-2021-23960 |
Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. |
Affected by 38 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-qjaf-segr-aaak
Aliases: CVE-2021-23987 |
Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9. |
Affected by 11 other vulnerabilities. |
|
VCID-r7du-vrqu-aaak
Aliases: CVE-2021-23954 |
Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. |
Affected by 38 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-raqx-48k4-aaas
Aliases: CVE-2019-11752 |
It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. This results in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1. |
Affected by 143 other vulnerabilities. |
|
VCID-re8g-wf24-aaar
Aliases: CVE-2020-12406 |
Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. |
Affected by 88 other vulnerabilities. Affected by 87 other vulnerabilities. |
|
VCID-re8h-cyhw-aaae
Aliases: CVE-2019-11745 |
When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. |
Affected by 130 other vulnerabilities. Affected by 121 other vulnerabilities. |
|
VCID-rj58-m29v-aaan
Aliases: CVE-2020-26973 |
Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. |
Affected by 38 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-rwyv-m93a-aaak
Aliases: CVE-2020-15664 |
By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious extension being installed. This vulnerability affects Firefox < 80, Thunderbird < 78.2, Thunderbird < 68.12, Firefox ESR < 68.12, Firefox ESR < 78.2, and Firefox for Android < 80. |
Affected by 38 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-s65w-d57a-aaap
Aliases: CVE-2020-12392 |
The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in the disclosure of local files. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. |
Affected by 98 other vulnerabilities. Affected by 98 other vulnerabilities. |
|
VCID-sa3w-w7kc-aaan
Aliases: CVE-2020-6806 |
By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. |
Affected by 103 other vulnerabilities. |
|
VCID-smzz-aj3e-aaap
Aliases: CVE-2020-6814 |
Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. |
Affected by 103 other vulnerabilities. |
|
VCID-spqx-m1br-aaaq
Aliases: CVE-2021-29969 |
If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for example the attacker could have tricked Thunderbird to show folders that didn't exist on the IMAP server. This vulnerability affects Thunderbird < 78.12. |
Affected by 1 other vulnerability. |
|
VCID-sz3p-eqs5-aaab
Aliases: CVE-2021-23968 |
If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. |
Affected by 31 other vulnerabilities. |
|
VCID-t8tw-9efw-aaar
Aliases: CVE-2020-15656 |
JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate severity. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. |
Affected by 38 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-tcc2-u44z-aaar
Aliases: CVE-2020-15676 |
Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3. |
Affected by 38 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-tmsb-49j8-aaaq
Aliases: CVE-2020-15652 |
By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1. |
Affected by 38 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-tsga-yqnd-aaar
Aliases: CVE-2019-17017 |
Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. |
Affected by 130 other vulnerabilities. Affected by 138 other vulnerabilities. Affected by 121 other vulnerabilities. |
|
VCID-twsd-eaj7-aaah
Aliases: CVE-2020-15658 |
The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown in the dialog. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. |
Affected by 38 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-tyq3-9fh9-aaar
Aliases: CVE-2021-23961 |
Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 85. |
Affected by 11 other vulnerabilities. |
|
VCID-unzb-tv4d-aaaf
Aliases: CVE-2019-11759 |
An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack. This could be used by an attacker to execute arbitrary code or more likely lead to a crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. |
Affected by 135 other vulnerabilities. Affected by 121 other vulnerabilities. |
|
VCID-uwbt-ejee-aaan
Aliases: CVE-2021-29986 |
A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. *Note: This issue only affected Linux operating systems. Other operating systems are unaffected.* This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. |
Affected by 1 other vulnerability. |
|
VCID-uzfw-svvm-aaaq
Aliases: CVE-2020-12422 |
In non-standard configurations, a JPEG image created by JavaScript could have caused an internal variable to overflow, resulting in an out of bounds write, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 78. |
Affected by 38 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-vhe2-uxqw-aaas
Aliases: CVE-2021-29980 |
Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. |
Affected by 1 other vulnerability. |
|
VCID-vhre-u1bm-aaaf
Aliases: CVE-2019-11743 |
Navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specification in some instances for the unload event, which restricts access to detailed timing attributes to only be same-origin. This resulted in potential cross-origin information exposure of history through timing side-channel attacks. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1. |
Affected by 143 other vulnerabilities. |
|
VCID-vhvv-xjnk-aaac
Aliases: CVE-2021-23998 |
Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. |
Affected by 11 other vulnerabilities. |
|
VCID-vy3f-cnyu-aaae
Aliases: CVE-2019-17026 |
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1. |
Affected by 130 other vulnerabilities. Affected by 138 other vulnerabilities. Affected by 121 other vulnerabilities. |
|
VCID-vzcf-ep4j-aaar
Aliases: CVE-2020-15648 |
Using object or embed tags, it was possible to frame other websites, even if they disallowed framing using the X-Frame-Options header. This vulnerability affects Thunderbird < 78 and Firefox < 78.0.2. |
Affected by 38 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-w2jk-f4u6-aaaj
Aliases: CVE-2021-29957 |
If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the message are protected. This vulnerability affects Thunderbird < 78.10.2. |
Affected by 11 other vulnerabilities. |
|
VCID-wqkj-9w9m-aaac
Aliases: CVE-2020-6822 |
On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in <code>GMPDecodeData</code>. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75. |
Affected by 103 other vulnerabilities. Affected by 103 other vulnerabilities. |
|
VCID-wv46-3gkh-aaam
Aliases: CVE-2021-38493 |
Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14, and Firefox < 92. |
Affected by 0 other vulnerabilities. |
|
VCID-wypr-856t-aaah
Aliases: CVE-2021-23981 |
A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9. |
Affected by 11 other vulnerabilities. |
|
VCID-x1ua-dn9s-aaab
Aliases: CVE-2020-6831 |
A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. |
Affected by 98 other vulnerabilities. Affected by 98 other vulnerabilities. |
|
VCID-x1um-ng6a-aaar
Aliases: CVE-2019-11755 |
A crafted S/MIME message consisting of an inner encryption layer and an outer SignedData layer was shown as having a valid digital signature, although the signer might have had no access to the contents of the encrypted message, and might have stripped a different signature from the encrypted message. Previous versions had only suppressed showing a digital signature for messages with an outer multipart/signed layer. This vulnerability affects Thunderbird < 68.1.1. |
Affected by 142 other vulnerabilities. Affected by 142 other vulnerabilities. Affected by 121 other vulnerabilities. |
|
VCID-x82t-na3c-aaaa
Aliases: CVE-2020-12397 |
By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. This vulnerability affects Thunderbird < 68.8.0. |
Affected by 98 other vulnerabilities. Affected by 98 other vulnerabilities. |
|
VCID-x9sv-99w5-aaam
Aliases: CVE-2019-11709 |
Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. |
Affected by 150 other vulnerabilities. |
|
VCID-xqa1-kztd-aaah
Aliases: CVE-2021-23969 |
As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage." Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination's origin. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. |
Affected by 31 other vulnerabilities. |
|
VCID-y1t9-w1k3-aaaj
Aliases: CVE-2019-11719 |
When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. |
Affected by 150 other vulnerabilities. |
|
VCID-y2bh-deme-aaag
Aliases: CVE-2019-11707 |
A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2. |
Affected by 161 other vulnerabilities. |
|
VCID-ycpr-wtfb-aaaq
Aliases: CVE-2019-11711 |
When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different subdomains ever cooperatively use document.domain, then either page can abuse this to inject script into arbitrary pages on the other subdomain, even those that did not use document.domain to relax their origin security. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. |
Affected by 150 other vulnerabilities. |
|
VCID-yd5d-jx5e-aaae
Aliases: CVE-2020-16012 |
Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
Affected by 38 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-yq28-51ue-aaae
Aliases: CVE-2020-6821 |
When reading from areas partially or fully outside the source resource with WebGL's <code>copyTexSubImage</code> method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive data disclosure. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75. |
Affected by 103 other vulnerabilities. Affected by 103 other vulnerabilities. |
|
VCID-ywv1-b6gf-aaac
Aliases: CVE-2020-26970 |
When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable. This vulnerability affects Thunderbird < 78.5.1. |
Affected by 38 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-z1pv-9mjw-aaak
Aliases: CVE-2020-15646 |
If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker. This vulnerability affects Thunderbird < 68.10.0. |
Affected by 87 other vulnerabilities. |
|
VCID-zaeb-jrkr-aaar
Aliases: CVE-2020-6807 |
When a device was changed while a stream was about to be destroyed, the <code>stream-reinit</code> task may have been executed after the stream was destroyed, causing a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. |
Affected by 103 other vulnerabilities. |
|
VCID-zjna-bbmv-aaas
Aliases: CVE-2020-15670 |
Mozilla developers reported memory safety bugs present in Firefox for Android 79. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 80, Firefox ESR < 78.2, Thunderbird < 78.2, and Firefox for Android < 80. |
Affected by 38 other vulnerabilities. Affected by 36 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|