Mozilla Thunderbird Email client
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Mozilla Thunderbird.
Recent Mozilla Thunderbird Security Advisories
Advisory | Title | Published |
---|---|---|
mfsa2024-61 | Security Vulnerabilities fixed in Thunderbird 128.4.3 mfsa2024-61 | November 12, 2024 |
mfsa2024-62 | Security Vulnerabilities fixed in Thunderbird 132.0.1 mfsa2024-62 | November 12, 2024 |
mfsa2024-59 | Security Vulnerabilities fixed in Thunderbird 132 mfsa2024-59 | October 29, 2024 |
mfsa2024-58 | Security Vulnerabilities fixed in Thunderbird 128.4 mfsa2024-58 | October 29, 2024 |
mfsa2024-52 | Security Vulnerability fixed in Thunderbird 131.0.1, Thunderbird 128.3.1, Thunderbird 115.16.0 mfsa2024-52 | October 10, 2024 |
mfsa2024-49 | Security Vulnerabilities fixed in Thunderbird 128.3 mfsa2024-49 | October 1, 2024 |
mfsa2024-50 | Security Vulnerabilities fixed in Thunderbird 131 mfsa2024-50 | October 1, 2024 |
mfsa2024-44 | Security Vulnerabilities fixed in Thunderbird 115.15 mfsa2024-44 | September 3, 2024 |
mfsa2024-43 | Security Vulnerabilities fixed in Thunderbird 128.2 mfsa2024-43 | September 3, 2024 |
mfsa2024-37 | Security Vulnerabilities fixed in Thunderbird 128.1 mfsa2024-37 | August 6, 2024 |
By the Year
In 2024 there have been 44 vulnerabilities in Mozilla Thunderbird with an average score of 7.0 out of ten. Last year Thunderbird had 91 security vulnerabilities published. Right now, Thunderbird is on track to have less security vulnerabilities in 2024 than it did last year. Last year, the average CVE base score was greater by 0.34
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 44 | 7.04 |
2023 | 91 | 7.38 |
2022 | 104 | 7.59 |
2021 | 73 | 7.23 |
2020 | 76 | 7.61 |
2019 | 58 | 8.35 |
2018 | 76 | 8.55 |
It may take a day or so for new Thunderbird vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Mozilla Thunderbird Security Vulnerabilities
Thunderbird OpenPGP Remote Content Plaintext Disclosure Vulnerability
CVE-2024-11159
- November 13, 2024
Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird < 128.4.3 and Thunderbird < 132.0.1.
The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`
CVE-2024-10460
5.3 - Medium
- October 29, 2024
The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash
CVE-2024-10459
7.5 - High
- October 29, 2024
An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.
Dangling pointer
A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements
CVE-2024-10458
7.5 - High
- October 29, 2024
A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.
Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially exploitable crash
CVE-2024-10468
5.3 - Medium
- October 29, 2024
Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132 and Thunderbird < 132.
Race Condition
Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3
CVE-2024-10467
8.8 - High
- October 29, 2024
Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
Memory Corruption
By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive
CVE-2024-10466
7.5 - High
- October 29, 2024
By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
A clipboard "paste" button could persist across tabs which allowed a spoofing attack
CVE-2024-10465
6.5 - Medium
- October 29, 2024
A clipboard "paste" button could persist across tabs which allowed a spoofing attack. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
Authentication Bypass by Spoofing
Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser
CVE-2024-10464
6.5 - Medium
- October 29, 2024
Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser. This was addressed by introducing rate-limiting to this API. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
Out-of-bounds Read
Video frames could have been leaked between origins in some situations
CVE-2024-10463
6.5 - Medium
- October 29, 2024
Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.
Side Channel Attack
Truncation of a long URL could have allowed origin spoofing in a permission prompt
CVE-2024-10462
6.5 - Medium
- October 29, 2024
Truncation of a long URL could have allowed origin spoofing in a permission prompt. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
Authentication Bypass by Spoofing
In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could
CVE-2024-10461
6.1 - Medium
- October 29, 2024
In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could allow XSS attacks. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
XSS
An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines
CVE-2024-9680
9.8 - Critical
- October 09, 2024
An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0.
Dangling pointer
A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition
CVE-2024-9399
7.5 - High
- October 01, 2024
A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin
CVE-2024-9393
7.5 - High
- October 01, 2024
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin. This could allow them to access cross-origin PDF content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin
CVE-2024-9394
7.5 - High
- October 01, 2024
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin. This could allow them to access cross-origin JSON content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.
A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission
CVE-2024-9397
6.1 - Medium
- October 01, 2024
A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
Clickjacking
By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements
CVE-2024-9398
5.3 - Medium
- October 01, 2024
By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
When aborting the verification of an OTR chat session
CVE-2024-8394
6.5 - Medium
- September 06, 2024
When aborting the verification of an OTR chat session, an attacker could have caused a use-after-free bug leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 128.2.
Dangling pointer
Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1
CVE-2024-8387
9.8 - Critical
- September 03, 2024
Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2.
Memory Corruption
Select options could obscure the fullscreen notification dialog
CVE-2024-7518
6.5 - Medium
- August 06, 2024
Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.
Insufficient checks when processing graphics shared memory could have led to memory corruption
CVE-2024-7519
9.6 - Critical
- August 06, 2024
Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
Memory Corruption
A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution
CVE-2024-7520
8.8 - High
- August 06, 2024
A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.
Object Type Confusion
Incomplete WebAssembly exception handing could have led to a use-after-free
CVE-2024-7521
8.8 - High
- August 06, 2024
Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
Improper Handling of Exceptional Conditions
Editor code failed to check an attribute value
CVE-2024-7522
8.8 - High
- August 06, 2024
Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
Out-of-bounds Read
It was possible for a web extension with minimal permissions to create a `StreamFilter`
CVE-2024-7525
8.1 - High
- August 06, 2024
It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
Incorrect Default Permissions
ANGLE failed to initialize parameters which lead to reading from uninitialized memory
CVE-2024-7526
6.5 - Medium
- August 06, 2024
ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
Use of Uninitialized Resource
Unexpected marking work at the start of sweeping could have led to a use-after-free
CVE-2024-7527
8.8 - High
- August 06, 2024
Unexpected marking work at the start of sweeping could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
Dangling pointer
Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free
CVE-2024-7528
8.8 - High
- August 06, 2024
Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1.
Dangling pointer
The date picker could partially obscure security prompts
CVE-2024-7529
6.5 - Medium
- August 06, 2024
The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.
It was possible to move the cursor using pointerlock from an iframe
CVE-2024-6608
4.3 - Medium
- July 09, 2024
It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor outside of the viewport and the Firefox window. This vulnerability affects Firefox < 128 and Thunderbird < 128.
When almost out-of-memory an elliptic curve key which was never allocated could have been freed again
CVE-2024-6609
8.8 - High
- July 09, 2024
When almost out-of-memory an elliptic curve key which was never allocated could have been freed again. This vulnerability affects Firefox < 128 and Thunderbird < 128.
Form validation popups could capture escape key presses
CVE-2024-6610
4.3 - Medium
- July 09, 2024
Form validation popups could capture escape key presses. Therefore, spamming form validation messages could be used to prevent users from exiting full-screen mode. This vulnerability affects Firefox < 128 and Thunderbird < 128.
By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button
CVE-2024-5691
4.7 - Medium
- June 11, 2024
By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.
By monitoring the time certain operations take, an attacker could have guessed
CVE-2024-5690
4.3 - Medium
- June 11, 2024
By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.
Side Channel Attack
A Linux user opening the print preview dialog could have caused the browser to crash
CVE-2024-0746
6.5 - Medium
- January 23, 2024
A Linux user opening the print preview dialog could have caused the browser to crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
When a parent page loaded a child in an iframe with `unsafe-inline`
CVE-2024-0747
6.5 - Medium
- January 23, 2024
When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar
CVE-2024-0749
4.3 - Medium
- January 23, 2024
A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar. This vulnerability affects Firefox < 122 and Thunderbird < 115.7.
Origin Validation Error
A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions
CVE-2024-0750
8.8 - High
- January 23, 2024
A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
A malicious devtools extension could have been used to escalate privileges
CVE-2024-0751
8.8 - High
- January 23, 2024
A malicious devtools extension could have been used to escalate privileges. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
Improper Privilege Management
In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain
CVE-2024-0753
6.5 - Medium
- January 23, 2024
In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash
CVE-2024-0741
6.5 - Medium
- January 23, 2024
An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
Memory Corruption
Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6
CVE-2024-0755
8.8 - High
- January 23, 2024
Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load
CVE-2024-0742
4.3 - Medium
- January 23, 2024
It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time
CVE-2023-50761
4.3 - Medium
- December 19, 2023
The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despite a date or time mismatch. This could be used to give recipients the impression that a message was sent at a different date or time. This vulnerability affects Thunderbird < 115.6.
When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user
CVE-2023-50762
4.3 - Medium
- December 19, 2023
When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. This is because the text was interpreted as a MIME message and the first paragraph was always treated as an email header section. A digitally signed text from a different context, such as a signed GIT commit, could be used to spoof an email message. This vulnerability affects Thunderbird < 115.6.
The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver
CVE-2023-6856
8.8 - High
- December 19, 2023
The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
Memory Corruption
Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handling
CVE-2023-6858
8.8 - High
- December 19, 2023
Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handling. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
Memory Corruption
A use-after-free condition affected TLS socket creation when under memory pressure
CVE-2023-6859
8.8 - High
- December 19, 2023
A use-after-free condition affected TLS socket creation when under memory pressure. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
Dangling pointer
The `VideoBridge` allowed any content process to use textures produced by remote decoders
CVE-2023-6860
6.5 - Medium
- December 19, 2023
The `VideoBridge` allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
The `nsWindow::PickerOpen(void)` method was susceptible to a heap buffer overflow when running in headless mode
CVE-2023-6861
8.8 - High
- December 19, 2023
The `nsWindow::PickerOpen(void)` method was susceptible to a heap buffer overflow when running in headless mode. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
Memory Corruption
A use-after-free was identified in the `nsDNSService::Init`
CVE-2023-6862
8.8 - High
- December 19, 2023
A use-after-free was identified in the `nsDNSService::Init`. This issue appears to manifest rarely during start-up. This vulnerability affects Firefox ESR < 115.6 and Thunderbird < 115.6.
Dangling pointer
The `ShutdownObserver()` was susceptible to potentially undefined behavior due to its reliance on a dynamic type
CVE-2023-6863
8.8 - High
- December 19, 2023
The `ShutdownObserver()` was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual destructor. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5
CVE-2023-6864
8.8 - High
- December 19, 2023
Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
Memory Corruption
On some systemsdepending on the graphics settings and driversit was possible to force an out-of-bounds read and leak memory data into the images created on the
CVE-2023-6204
6.5 - Medium
- November 21, 2023
On some systemsdepending on the graphics settings and driversit was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
Out-of-bounds Read
It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash
CVE-2023-6205
6.5 - Medium
- November 21, 2023
It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
Dangling pointer
The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts
CVE-2023-6206
5.4 - Medium
- November 21, 2023
The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
Clickjacking
Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120
CVE-2023-6207
8.8 - High
- November 21, 2023
Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
Dangling pointer
When using X11
CVE-2023-6208
8.8 - High
- November 21, 2023
When using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary storage not unlike the clipboard. *This bug only affects Firefox on X11. Other systems are unaffected.* This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/
CVE-2023-6209
6.5 - Medium
- November 21, 2023
Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. This could contribute to security problems in web sites. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
Directory traversal
Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4
CVE-2023-6212
8.8 - High
- November 21, 2023
Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
Memory Corruption
An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited
CVE-2023-5732
6.5 - Medium
- October 25, 2023
An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. This vulnerability affects Firefox < 117, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3
CVE-2023-5730
9.8 - Critical
- October 25, 2023
Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
Memory Corruption
It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay
CVE-2023-5721
4.3 - Medium
- October 25, 2023
It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
Clickjacking
Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash
CVE-2023-5724
7.5 - High
- October 25, 2023
Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
A malicious installed WebExtension could open arbitrary URLs
CVE-2023-5725
4.3 - Medium
- October 25, 2023
A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
During garbage collection extra operations were performed on a object that should not be
CVE-2023-5728
7.5 - High
- October 25, 2023
During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1
CVE-2023-5217
8.8 - High
- September 28, 2023
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Memory Corruption
Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2
CVE-2023-5176
9.8 - Critical
- September 27, 2023
Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.
Memory Corruption
During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes
CVE-2023-5171
6.5 - Medium
- September 27, 2023
During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.
Dangling pointer
A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write
CVE-2023-5169
6.5 - Medium
- September 27, 2023
A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.
Memory Corruption
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2
CVE-2023-4863
8.8 - High
- September 12, 2023
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
Memory Corruption
When `UpdateRegExpStatics` attempted to access `initialStringHeap` it could already have been garbage collected prior to entering the function
CVE-2023-4577
6.5 - Medium
- September 11, 2023
When `UpdateRegExpStatics` attempted to access `initialStringHeap` it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.
When creating a callback over IPC for showing the File Picker window
CVE-2023-4575
6.5 - Medium
- September 11, 2023
When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.
Dangling pointer
When creating a callback over IPC for showing the Color Picker window
CVE-2023-4574
6.5 - Medium
- September 11, 2023
When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.
Dangling pointer
Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1
CVE-2023-4585
8.8 - High
- September 11, 2023
Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.
Memory Corruption
Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1
CVE-2023-4584
8.8 - High
- September 11, 2023
Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.
Memory Corruption
When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded
CVE-2023-4583
7.5 - High
- September 11, 2023
When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.
Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which
CVE-2023-4581
4.3 - Medium
- September 11, 2023
Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.
Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information
CVE-2023-4580
6.5 - Medium
- September 11, 2023
Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.
Missing Encryption of Sensitive Data
When calling `JS::CheckRegExpSyntax` a Syntax Error could have been set which would end in calling `convertToRuntimeErrorAndClear`
CVE-2023-4578
6.5 - Medium
- September 11, 2023
When calling `JS::CheckRegExpSyntax` a Syntax Error could have been set which would end in calling `convertToRuntimeErrorAndClear`. A path in the function could attempt to allocate memory when none is available which would have caused a newly created Out of Memory exception to be mishandled as a Syntax Error. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.
Allocation of Resources Without Limits or Throttling
On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` which resulted in a heap buffer overflow potentially leaking sensitive data
CVE-2023-4576
8.6 - High
- September 11, 2023
On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` which resulted in a heap buffer overflow potentially leaking sensitive data that could have led to a sandbox escape. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.
Integer Overflow or Wraparound
Due to large allocation checks in Angle for glsl shaders being too lenient a buffer overflow could have occured when allocating too much private shader memory on mac OS
CVE-2023-4582
8.8 - High
- September 11, 2023
Due to large allocation checks in Angle for glsl shaders being too lenient a buffer overflow could have occured when allocating too much private shader memory on mac OS. *This bug only affects Firefox on macOS. Other operating systems are unaffected.* This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.
Classic Buffer Overflow
When receiving rendering data over IPC `mStream` could have been destroyed when initialized
CVE-2023-4573
6.5 - Medium
- September 11, 2023
When receiving rendering data over IPC `mStream` could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.
Dangling pointer
Thunderbird allowed the Text Direction Override Unicode Character in filenames
CVE-2023-3417
7.5 - High
- July 24, 2023
Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document file, while in fact it was an executable file. Newer versions of Thunderbird will strip the character and show the correct file extension. This vulnerability affects Thunderbird < 115.0.1 and Thunderbird < 102.13.1.
During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash
CVE-2023-3600
8.8 - High
- July 12, 2023
During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. This vulnerability affects Firefox < 115.0.2, Firefox ESR < 115.0.2, and Thunderbird < 115.0.1.
Dangling pointer
Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12
CVE-2023-37211
8.8 - High
- July 05, 2023
Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.
Memory Corruption
Cross-compartment wrappers wrapping a scripted proxy could have caused objects
CVE-2023-37202
8.8 - High
- July 05, 2023
Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.
Dangling pointer
An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS
CVE-2023-37201
8.8 - High
- July 05, 2023
An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.
Dangling pointer
When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code
CVE-2023-37208
7.8 - High
- July 05, 2023
When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.
A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL
CVE-2023-37207
6.5 - Medium
- July 05, 2023
A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.
Reflection Injection
Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names
CVE-2023-29545
6.5 - Medium
- June 19, 2023
Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user. *This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10.
Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12
CVE-2023-34416
9.8 - Critical
- June 19, 2023
Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.12, Firefox < 114, and Thunderbird < 102.12.
Memory Corruption
The error page for sites with invalid TLS certificates was missing the
activation-delay Firefox uses to protect prompts and permission dialogs
from attacks
CVE-2023-34414
3.1 - Low
- June 19, 2023
The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in precise locations immediately before navigating to a site with a certificate error and made the renderer extremely busy at the same time, it could create a gap between when the error page was loaded and when the display actually refreshed. With the right timing the elicited clicks could land in that gap and activate the button that overrides the certificate error for that site. This vulnerability affects Firefox ESR < 102.12, Firefox < 114, and Thunderbird < 102.12.
Improper Certificate Validation
Module load requests
CVE-2023-25739
8.8 - High
- June 02, 2023
Module load requests that failed were not being checked as to whether or not they were cancelled causing a use-after-free in <code>ScriptLoadContext</code>. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
Dangling pointer
In multiple cases browser prompts could have been obscured by popups controlled by content
CVE-2023-32205
4.3 - Medium
- June 02, 2023
In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
Mozilla developers Randell Jesup
CVE-2023-29550
8.8 - High
- June 02, 2023
Mozilla developers Randell Jesup, Andrew Osmond, Sebastian Hengst, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.
A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result
CVE-2023-29548
6.5 - Medium
- June 02, 2023
A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.
Firefox did not properly handle downloads of files ending in <code>.desktop</code>
CVE-2023-29541
8.8 - High
- June 02, 2023
Firefox did not properly handle downloads of files ending in <code>.desktop</code>, which can be interpreted to run attacker-controlled commands. <br>*This bug only affects Firefox for Linux on certain Distributions. Other operating systems are unaffected, and Mozilla is unable to enumerate all affected Linux Distributions.*. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.
Output Sanitization
When handling the filename directive in the Content-Disposition header, the filename
CVE-2023-29539
8.8 - High
- June 02, 2023
When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.
NULL Pointer Dereference
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Mozilla Firefox or by Mozilla? Click the Watch button to subscribe.