from 0, < 1:60.7.2-1
from 0, < 1:115.16.0esr-1~deb11u1
CRITICAL9.6⚠ KEVMozilla Firefox Use-After-Free Vulnerability
from 0, < 1:91.6.2-1~deb11u1
HIGH8.8⚠ KEVElectron affected by libvpx's heap buffer overflow in vp8 encoding
from 0, < 1:115.3.1-1~deb11u1
HIGH8.8⚠ KEVlibwebp: OOB write in BuildHuffmanTable
from 0, < 1:102.15.1-1~deb11u1
HIGH8.8⚠ KEVlibwebp: OOB write in BuildHuffmanTable
from 0, < 1:102.15.1-1~deb11u1
HIGH8.8⚠ KEVlibwebp: OOB write in BuildHuffmanTable
from 0, < 1:102.15.1-1~deb10u1
HIGH8.8⚠ KEVthunderbird - security update
from 0, < 1:91.6.2-1~deb9u1
HIGH8.8⚠ KEVthunderbird - security update
from 0, < 1:91.6.2-1~deb10u1
HIGH8.8⚠ KEVthunderbird - security update
from 0, < 1:91.6.2-1~deb11u1
HIGH8.8⚠ KEVfirefox-esr - security update
from 0, < 1:68.4.1-1
HIGH8.8⚠ KEVthunderbird - security update
from 0, < 1:60.7.2-1
HIGH8.8⚠ KEVthunderbird - security update
from 0, < 1:60.7.2-1~deb9u1
HIGH8.8⚠ KEVthunderbird - security update
from 0, < 1:60.7.2-1~deb8u1
HIGH8.1⚠ KEVMozilla Firefox And Thunderbird Use-After-Free Vulnerability
from 0, < 1:68.7.0-1
HIGH8.1⚠ KEVthunderbird - security update
from 0, < 1:68.7.0-1~deb9u1
HIGH8.1⚠ KEVthunderbird - security update
from 0, < 1:68.7.0-1
HIGH8.1⚠ KEVthunderbird - security update
from 0, < 1:68.7.0-1~deb8u1
CRITICAL10.0Sandbox escape in the Responsive Design Mode component.
from 0, < 1:140.9.0esr-1~deb11u1
CRITICAL10.0Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component.
from 0, < 1:140.9.0esr-1~deb11u1
CRITICAL10.0Sandbox escape due to use-after-free in the Disability Access APIs component.
from 0, < 1:140.9.0esr-1~deb11u1
CRITICAL10.0Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component.
from 0, < 1:140.8.0esr-1~deb11u1
CRITICAL10.0Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software.
from 0, < 1:140.8.0esr-1~deb11u1
CRITICAL10.0Sandbox escape in the Storage: IndexedDB component.
from 0, < 1:140.8.0esr-1~deb11u1
CRITICAL10.0Sandbox escape in the Graphics: WebRender component.
from 0, < 1:140.8.0esr-1~deb11u1
CRITICAL10.0Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component.
from 0, < 1:140.8.0esr-1~deb11u1
CRITICAL10.0thunderbird - security update
from 0, < 1:91.5.0-2~deb11u1
CRITICAL10.0thunderbird - security update
from 0, < 1:91.5.0-1~deb9u1
CRITICAL10.0thunderbird - security update
from 0, < 1:91.5.0-2~deb10u1
CRITICAL10.0firefox-esr - security update
from 0, < 1:91.4.1-1~deb11u1
CRITICAL10.0An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC end…
from 0, < 1:60.5.0-1
CRITICAL9.8Integer overflow in the Networking: JAR component.
from 0, < 1:140.11.0esr-1~deb11u1
CRITICAL9.8Sandbox escape in the Profile Backup component.
from 0, < 1:140.11.0esr-1~deb11u1
CRITICAL9.8Other issue in the WebRTC component.
from 0, < 1:140.10.2esr-1~deb11u1
CRITICAL9.8Incorrect boundary conditions in the Audio/Video: Playback component.
from 0, < 1:140.10.1esr-1~deb11u1
CRITICAL9.8Mitigation bypass in the DOM: Security component.
from 0, < 1:140.10.0esr-1~deb11u1
CRITICAL9.8Uninitialized memory in the Audio/Video: Web Codecs component.
from 0, < 1:140.10.0esr-1~deb11u1
CRITICAL9.8Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1.
from 0, < 1:140.9.1esr-1~deb11u1
CRITICAL9.8Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1.
from 0, < 1:140.9.1esr-1~deb11u1
CRITICAL9.8Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148.
from 0, < 1:140.9.0esr-1~deb11u1
CRITICAL9.8Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148.
from 0, < 1:140.9.0esr-1~deb11u1
CRITICAL9.8Privilege escalation in the Netmonitor component.
from 0, < 1:140.9.0esr-1~deb11u1
CRITICAL9.8Use-after-free in the Widget: Cocoa component.
from 0
CRITICAL9.8Incorrect boundary conditions in the Audio/Video component.
from 0, < 1:140.9.0esr-1~deb11u1
CRITICAL9.8Undefined behavior in the WebRTC: Signaling component.
from 0, < 1:140.9.0esr-1~deb11u1
CRITICAL9.8JIT miscompilation in the JavaScript Engine component.
from 0, < 1:140.9.0esr-1~deb11u1
CRITICAL9.8Use-after-free in the JavaScript Engine component.
from 0, < 1:140.9.0esr-1~deb11u1
CRITICAL9.8Mitigation bypass in the Networking: HTTP component.
from 0, < 1:140.9.0esr-1~deb11u1
CRITICAL9.8JIT miscompilation in the JavaScript Engine: JIT component.
from 0, < 1:140.9.0esr-1~deb11u1
CRITICAL9.8Use-after-free in the Layout: Text and Fonts component.
from 0, < 1:140.9.0esr-1~deb11u1
CRITICAL9.8Use-after-free in the CSS Parsing and Computation component.
from 0, < 1:140.9.0esr-1~deb11u1
CRITICAL9.8Memory safety bugs present in Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147.
from 0, < 1:140.8.0esr-1~deb11u1
CRITICAL9.8Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147.
from 0, < 1:140.8.0esr-1~deb11u1
CRITICAL9.8Mitigation bypass in the Networking: Cache component.
from 0, < 1:140.8.0esr-1~deb11u1
CRITICAL9.8Same-origin policy bypass in the Networking: JAR component.
from 0, < 1:140.8.0esr-1~deb11u1
CRITICAL9.8Use-after-free in the Graphics: ImageLib component.
from 0, < 1:140.8.0esr-1~deb11u1
CRITICAL9.8Incorrect boundary conditions in the Audio/Video: GMP component.
from 0, < 1:140.8.0esr-1~deb11u1
CRITICAL9.8Use-after-free in the DOM: Window and Location component.
from 0, < 1:140.8.0esr-1~deb11u1
CRITICAL9.8Use-after-free in the JavaScript Engine component.
from 0, < 1:140.8.0esr-1~deb11u1
CRITICAL9.8Invalid pointer in the JavaScript Engine component.
from 0, < 1:140.8.0esr-1~deb11u1
CRITICAL9.8Mitigation bypass in the DOM: Security component.
from 0, < 1:140.8.0esr-1~deb11u1
CRITICAL9.8Privilege escalation in the Netmonitor component.
from 0, < 1:140.8.0esr-1~deb11u1
CRITICAL9.8nss - security update
from 0, < 1:140.8.0esr-1~deb11u1
CRITICAL9.8Privilege escalation in the Netmonitor component.
from 0, < 1:140.8.0esr-1~deb11u1
CRITICAL9.8Incorrect boundary conditions in the Networking: JAR component.
from 0, < 1:140.8.0esr-1~deb11u1
CRITICAL9.8Privilege escalation in the Messaging System component.
from 0, < 1:140.8.0esr-1~deb11u1
CRITICAL9.8Mitigation bypass in the DOM: HTML Parser component.
from 0, < 1:140.8.0esr-1~deb11u1
CRITICAL9.8Integer overflow in the Audio/Video component.
from 0, < 1:140.8.0esr-1~deb11u1
CRITICAL9.8Incorrect boundary conditions in the Web Audio component.
from 0, < 1:140.8.0esr-1~deb11u1
CRITICAL9.8Use-after-free in the Audio/Video: Playback component.
from 0, < 1:140.8.0esr-1~deb11u1
CRITICAL9.8Undefined behavior in the DOM: Core & HTML component.
from 0, < 1:140.8.0esr-1~deb11u1
CRITICAL9.8Use-after-free in the DOM: Bindings (WebIDL) component.
from 0, < 1:140.8.0esr-1~deb11u1
CRITICAL9.8Use-after-free in the JavaScript: WebAssembly component.
from 0, < 1:140.8.0esr-1~deb11u1
CRITICAL9.8Use-after-free in the JavaScript Engine: JIT component.
from 0, < 1:140.8.0esr-1~deb11u1
CRITICAL9.8Use-after-free in the JavaScript Engine component.
from 0, < 1:140.8.0esr-1~deb11u1
CRITICAL9.8JIT miscompilation, use-after-free in the JavaScript Engine: JIT component.
from 0, < 1:140.8.0esr-1~deb11u1
CRITICAL9.8Use-after-free in the JavaScript Engine component.
from 0, < 1:140.8.0esr-1~deb11u1
CRITICAL9.8Integer overflow in the JavaScript: Standard Library component.
from 0, < 1:140.8.0esr-1~deb11u1
CRITICAL9.8Incorrect boundary conditions in the Graphics: ImageLib component.
from 0, < 1:140.8.0esr-1~deb11u1
CRITICAL9.8Use-after-free in the JavaScript: GC component.
from 0, < 1:140.8.0esr-1~deb11u1
CRITICAL9.8thunderbird - security update
from 0, < 1:140.8.0esr-1~deb11u1
CRITICAL9.8thunderbird - security update
from 0, < 1:140.8.0esr-1~deb12u1
CRITICAL9.8thunderbird - security update
from 0, < 1:140.8.0esr-1~deb11u1
CRITICAL9.8Use-after-free in the JavaScript Engine component.
from 0, < 1:140.7.0esr-1~deb11u1
CRITICAL9.8Sandbox escape due to incorrect boundary conditions in the Graphics component.
from 0, < 1:140.7.0esr-1~deb11u1
CRITICAL9.8JIT miscompilation in the JavaScript Engine: JIT component.
from 0, < 1:140.6.0esr-1~deb11u1
CRITICAL9.8JIT miscompilation in the JavaScript Engine: JIT component.
from 0, < 1:140.6.0esr-1~deb11u1
CRITICAL9.8thunderbird - security update
from 0, < 1:140.6.0esr-1~deb12u1
CRITICAL9.8thunderbird - security update
from 0, < 1:140.6.0esr-1~deb11u1
CRITICAL9.8thunderbird - security update
from 0, < 1:140.6.0esr-1~deb11u1
CRITICAL9.8A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to t…
from 0, < 1:140.4.0esr-1~deb11u1
CRITICAL9.8A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures.
from 0, < 1:140.4.0esr-1~deb11u1
CRITICAL9.8thunderbird - security update
from 0, < 1:140.4.0esr-1~deb11u1
CRITICAL9.8thunderbird - security update
from 0, < 1:140.4.0esr-1~deb11u1
CRITICAL9.8thunderbird - security update
from 0, < 1:140.4.0esr-1~deb12u1
CRITICAL9.8thunderbird - security update
from 0, < 1:128.14.0esr-1~deb11u1
CRITICAL9.8thunderbird - security update
from 0, < 1:128.14.0esr-1~deb11u1
CRITICAL9.8thunderbird - security update
from 0, < 1:128.14.0esr-1~deb12u1
CRITICAL9.8The `username:password` part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials.
from 0, < 1:128.13.0esr-1~deb11u1
CRITICAL9.8On arm64, a WASM `br_table` instruction with a lot of entries could lead to the label being too far from the instruction causing truncation…
from 0, < 1:128.13.0esr-1~deb11u1
CRITICAL9.8firefox-esr - security update
from 0, < 1:128.12.0esr-1~deb11u1
CRITICAL9.8thunderbird - security update
from 0, < 1:128.11.0esr-1~deb11u1
CRITICAL9.8thunderbird - security update
from 0, < 1:128.11.0esr-1~deb11u1
CRITICAL9.8thunderbird - security update
from 0, < 1:128.11.0esr-1~deb12u1
CRITICAL9.8Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6.
from 0, < 1:128.7.0esr-1~deb11u1
CRITICAL9.8Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.…
from 0, < 1:128.7.0esr-1~deb11u1
CRITICAL9.8An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash.
from 0, < 1:128.7.0esr-1~deb11u1
CRITICAL9.8thunderbird - security update
from 0, < 1:128.7.0esr-1~deb11u1
CRITICAL9.8thunderbird - security update
from 0, < 1:128.7.0esr-1~deb12u1
CRITICAL9.8thunderbird - security update
from 0, < 1:128.7.0esr-1~deb11u1
CRITICAL9.8Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2.
from 0, < 1:128.3.0esr-1
CRITICAL9.8Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird 128.2.
from 0, < 1:115.16.0esr-1~deb11u1
CRITICAL9.8thunderbird - security update
from 0, < 1:115.16.0esr-1~deb11u1
CRITICAL9.8thunderbird - security update
from 0, < 1:115.16.0esr-1~deb12u1
CRITICAL9.8thunderbird - security update
from 0, < 1:115.16.0esr-1~deb11u1
CRITICAL9.8Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1.
from 0, < 1:128.2.0esr-1
CRITICAL9.8A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability.
from 0, < 1:128.2.0esr-1
CRITICAL9.8The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two p…
from 0, < 1:115.15.0-1~deb11u1
CRITICAL9.8thunderbird - security update
from 0, < 1:115.15.0-1~deb12u1
CRITICAL9.8thunderbird - security update
from 0, < 1:115.15.0-1~deb11u1
CRITICAL9.8thunderbird - security update
from 0, < 1:115.15.0-1~deb11u1
CRITICAL9.8A mismatch between allocator and deallocator could have led to memory corruption.
from 0, < 1:115.13.0-1~deb11u1
CRITICAL9.8Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3.
from 0, < 1:115.4.1-1~deb11u1
CRITICAL9.8Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2.
from 0, < 1:115.3.1-1~deb11u1
CRITICAL9.8Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0.
from 0, < 1:115.1.0-1
CRITICAL9.8Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13.
from 0, < 1:102.14.0-1~deb11u1
CRITICAL9.8Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12.
from 0, < 1:102.12.0-1~deb11u1
CRITICAL9.8Thunderbird versions prior to 91.3.0 are vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages.
from 0, < 1:91.4.1-1~deb11u1
CRITICAL9.8A use-after-free in WebGL extensions could have led to a potentially exploitable crash.
from 0, < 1:102.6.0-1~deb11u1
CRITICAL9.8If an out-of-memory condition occurred when creating a JavaScript global, a JavaScript realm may be deleted while references to it lived on…
from 0, < 1:102.5.0-1~deb11u1
CRITICAL9.8Session history navigations may have led to a use-after-free and potentially exploitable crash.
from 0, < 1:91.11.0-1~deb11u1
CRITICAL9.8Mozilla developers Andrew McCreight, Nicolas B.
from 0, < 1:91.10.0-1~deb11u1
CRITICAL9.8A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash.
from 0, < 1:91.10.0-1~deb11u1
CRITICAL9.8firefox-esr - security update
from 0, < 1:91.10.0-1~deb11u1
CRITICAL9.8Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in Firefo…
from 0, < 1:91.9.0-1~deb11u1
CRITICAL9.8Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano…
from 0, < 1:91.4.1-1~deb11u1
CRITICAL9.8An out of date graphics library (Angle) likely contained vulnerabilities that could potentially be exploited.
from 0, < 1:78.9.0-1
CRITICAL9.8The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow.
from 0, < 1:91.4.1-1~deb11u1
CRITICAL9.8thunderbird - security update
from 0, < 1:78.4.0-1~deb10u1
CRITICAL9.8thunderbird - security update
from 0, < 1:78.4.0-1
CRITICAL9.8thunderbird - security update
from 0, < 1:78.4.0-1~deb9u1
CRITICAL9.8A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC.
from 0, < 1:68.8.0-1
CRITICAL9.8Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7.
from 0, < 1:68.8.0-1
CRITICAL9.8Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR…
from 0, < 1:68.7.0-1
CRITICAL9.8Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5.
from 0, < 1:68.6.0-1
CRITICAL9.8A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use.
from 0, < 1:60.7.0-1
CRITICAL9.8A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable…
from 0, < 1:60.7.0-1
CRITICAL9.8Mozilla developers and community members reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6.
from 0, < 1:60.7.0-1
CRITICAL9.8A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exp…
from 0, < 1:60.8.0-1
CRITICAL9.8thunderbird - security update
from 0, < 1:60.8.0-1
CRITICAL9.8thunderbird - security update
from 0, < 1:60.8.0-1~deb9u1
CRITICAL9.8thunderbird - security update
from 0, < 1:60.8.0-1~deb8u1
CRITICAL9.8A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in icalrecur_add_bydayrules when processing certain email mes…
from 0, < 1:60.7.1-1
CRITICAL9.8A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in icalmemory_strdup_and_dequote when processing certain email…
from 0, < 1:60.7.1-1
CRITICAL9.8thunderbird - security update
from 0, < 1:60.7.1-1
CRITICAL9.8thunderbird - security update
from 0, < 1:60.7.1-1~deb8u1
CRITICAL9.8thunderbird - security update
from 0, < 1:60.7.1-1~deb9u1
CRITICAL9.8The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux.
from 0, < 1:60.7.0-1
CRITICAL9.8A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a pote…
from 0, < 1:60.7.0-1
CRITICAL9.8A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called…
from 0, < 1:60.7.0-1
CRITICAL9.8A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a…
from 0, < 1:60.6.1-1
CRITICAL9.8A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to trig…
from 0, < 1:60.6.1-1
CRITICAL9.8The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout.
from 0, < 1:60.6.1-1
CRITICAL9.8The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled throug…
from 0, < 1:60.6.1-1
CRITICAL9.8A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then…
from 0, < 1:60.6.1-1
CRITICAL9.8Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5.
from 0, < 1:60.6.1-1
CRITICAL9.8A use-after-free vulnerability can occur while playing a sound notification in Thunderbird.
from 0, < 1:60.5.0-1
CRITICAL9.8A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used inst…
from 0, < 1:60.4.0-1
CRITICAL9.8A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the us…
from 0, < 1:60.4.0-1
CRITICAL9.8A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options co…
from 0, < 1:60.4.0-1
CRITICAL9.8thunderbird - security update
from 0, < 1:60.4.0-1~deb9u1
CRITICAL9.8thunderbird - security update
from 0, < 1:60.4.0-1
CRITICAL9.8thunderbird - security update
from 0, < 1:60.4.0-1~deb8u1
CRITICAL9.8When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable…
from 0, < 1:60.3.0-1
CRITICAL9.8Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2.
from 0, < 1:60.3.0-1
CRITICAL9.8Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4.
from 0, < 1:60.5.0-1
CRITICAL9.8firefox-esr - security update
from 0, < 1:60.5.0-1
CRITICAL9.8Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8.
from 0, < 1:52.9.0-1
CRITICAL9.8Memory safety bugs present in Firefox 60 and Firefox ESR 60.
from 0, < 1:60.0-1
CRITICAL9.8A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring.
from 0, < 1:60.0-1
CRITICAL9.8A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload…
from 0, < 1:60.2.1-1
CRITICAL9.8A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is d…
from 0, < 1:60.2.1-1
CRITICAL9.8firefox-esr - security update
from 0, < 1:60.2.1-1
CRITICAL9.8Mozilla developers backported selected changes in the Skia library.
from 0, < 1:52.8.0-1
CRITICAL9.8An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possi…
from 0, < 1:52.8.0-1
CRITICAL9.8A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths.
from 0, < 1:52.8.0-1
CRITICAL9.8A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths.
from 0, < 1:52.8.0-1
CRITICAL9.8thunderbird - security update
from 0, < 1:52.8.0-1~deb7u1
CRITICAL9.8thunderbird - security update
from 0, < 1:52.8.0-1
CRITICAL9.8thunderbird - security update
from 0, < 1:52.8.0-1~deb8u1
CRITICAL9.8Memory safety bugs were reported in Firefox ESR 52.6.
from 0, < 1:52.7.0-1
CRITICAL9.8A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potenti…
from 0, < 1:52.6.0-1
CRITICAL9.8A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support.
from 0, < 1:52.6.0-1
CRITICAL9.8A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable c…
from 0, < 1:52.6.0-1
CRITICAL9.8A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been…
from 0, < 1:52.6.0-1
CRITICAL9.8A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content.
from 0, < 1:52.6.0-1
CRITICAL9.8A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by scrip…
from 0, < 1:52.6.0-1
CRITICAL9.8A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash.
from 0, < 1:52.6.0-1
CRITICAL9.8An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM.
from 0, < 1:52.6.0-1
CRITICAL9.8thunderbird - security update
from 0, < 1:52.6.0-1
CRITICAL9.8thunderbird - security update
from 0, < 1:52.6.0-1~deb7u1
CRITICAL9.8thunderbird - security update
from 0, < 1:52.6.0-1~deb8u1
CRITICAL9.8A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" object has been freed while still in us…
from 0, < 1:52.5.0-1
CRITICAL9.8thunderbird - security update
from 0, < 1:52.5.2-2~deb8u1
CRITICAL9.8thunderbird - security update
from 0, < 1:52.5.0-1
CRITICAL9.8thunderbird - security update
from 0, < 1:52.5.0-1~deb7u1
CRITICAL9.8thunderbird - security update
from 0, < 1:52.5.0-1~deb8u1
CRITICAL9.8A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content.
from 0, < 1:52.4.0-1
CRITICAL9.8A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been…
from 0, < 1:52.4.0-1
CRITICAL9.8A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within container…
from 0, < 1:52.4.0-1
CRITICAL9.8Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3.
from 0, < 1:52.4.0-1
CRITICAL9.8thunderbird - security update
from 0, < 1:52.4.0-1~deb7u1
CRITICAL9.8thunderbird - security update
from 0, < 1:52.4.0-1
CRITICAL9.8thunderbird - security update
from 0, < 1:52.4.0-1~deb8u1
CRITICAL9.6Sandbox escape due to use-after-free in the Disability Access APIs component.
from 0, < 1:140.11.0esr-1~deb11u1
CRITICAL9.6Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component.
from 0, < 1:140.10.1esr-1~deb11u1
CRITICAL9.6thunderbird - security update
from 0, < 1:115.14.0-1~deb11u1
CRITICAL9.6thunderbird - security update
from 0, < 1:115.14.0-1~deb11u1
CRITICAL9.6If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they we…
from 0, < 1:91.7.0-2~deb11u1
CRITICAL9.6If a document created a sandboxed iframe without <code>allow-scripts</code>, and subsequently appended an element to the iframe's document…
from 0, < 1:91.6.0-1~deb11u1
CRITICAL9.3Same-origin policy bypass in the Networking: HTTP component.
from 0, < 1:140.11.0esr-1~deb11u1
CRITICAL9.1Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component.
from 0, < 1:140.9.0esr-1~deb11u1
CRITICAL9.1Uninitialized memory in the Graphics: Canvas2D component.
from 0, < 1:140.9.0esr-1~deb11u1
CRITICAL9.1firefox-esr - security update
from 0, < 1:128.10.1esr-1~deb11u1
HIGH8.8Memory safety bugs present in Firefox ESR 115.35, Firefox ESR 140.10 and Firefox 150.
from 0, < 1:140.11.0esr-1~deb11u1
HIGH8.8Memory safety bugs present in Firefox ESR 140.10 and Firefox 150.
from 0, < 1:140.11.0esr-1~deb11u1
HIGH8.8Privilege escalation in the Security component.
from 0, < 1:140.11.0esr-1~deb11u1
HIGH8.8Privilege escalation in the Enterprise Policies component.
from 0, < 1:140.11.0esr-1~deb11u1
HIGH8.8Privilege escalation in the DOM: Workers component.
from 0, < 1:140.11.0esr-1~deb11u1
HIGH8.8Privilege escalation in the Debugger component.
from 0, < 1:140.10.0esr-1~deb11u1
HIGH8.8Privilege escalation in the Networking component.
from 0, < 1:140.10.0esr-1~deb11u1
HIGH8.8Privilege escalation in the Graphics: WebRender component.
from 0, < 1:140.10.0esr-1~deb11u1
HIGH8.8Incorrect boundary conditions, integer overflow in the Graphics: Text component.
from 0, < 1:140.9.1esr-1~deb11u1
HIGH8.8Use-after-free in the Storage: IndexedDB component.
from 0, < 1:140.8.0esr-1~deb11u1
HIGH8.8libvpx - security update
from 0, < 1:140.8.0esr-1
HIGH8.8Use-after-free in the IPC component.
from 0, < 1:140.7.0esr-1~deb11u1
HIGH8.8Sandbox escape due to integer overflow in the Graphics component.
from 0, < 1:140.7.0esr-1~deb11u1
HIGH8.8Privilege escalation in the Netmonitor component.
from 0, < 1:140.6.0esr-1~deb11u1
HIGH8.8Privilege escalation in the Netmonitor component.
from 0, < 1:140.6.0esr-1~deb11u1
HIGH8.8Privilege escalation in the DOM: Notifications component.
from 0, < 1:140.6.0esr-1~deb11u1
HIGH8.8Use-after-free in the WebRTC: Audio/Video component.
from 0, < 1:140.5.0esr-1~deb11u1
HIGH8.8Use-after-free in the Audio/Video component.
from 0, < 1:140.5.0esr-1~deb11u1
HIGH8.8Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143.
from 0, < 1:140.4.0esr-1~deb11u1
HIGH8.8Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143.
from 0, < 1:140.4.0esr-1~deb11u1
HIGH8.8Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142.
from 0, < 1:140.3.0esr-1~deb11u1
HIGH8.8Integer overflow in the SVG component.
from 0, < 1:140.3.0esr-1~deb11u1
HIGH8.8Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunder…
from 0, < 1:128.13.0esr-1~deb11u1
HIGH8.8Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Fir…
from 0, < 1:128.13.0esr-1~deb11u1
HIGH8.8An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes.
from 0, < 1:128.11.0esr-1~deb11u1
HIGH8.8Certificate length was not properly checked when added to a certificate store.
from 0, < 1:128.7.0esr-1~deb11u1
HIGH8.8A bug in WebAssembly code generation could have lead to a crash.
from 0, < 1:128.7.0esr-1~deb11u1
HIGH8.8An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash.
from 0, < 1:128.7.0esr-1~deb11u1
HIGH8.8Memory safety bugs present in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4.
from 0, < 1:128.5.0esr-1~deb11u1
HIGH8.8When handling keypress events, an attacker may have been able to trick a user into bypassing the "Open Executable File?" confirmation dialo…
from 0, < 1:128.5.0esr-1~deb11u1
HIGH8.8Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3.
from 0, < 1:128.4.0esr-1~deb11u1
HIGH8.8A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger an OOM at a specific moment during…
from 0, < 1:128.3.0esr-1
HIGH8.8It is currently unknown if this issue is exploitable but a condition may arise where the structured clone of certain objects could lead to…
from 0, < 1:128.3.0esr-1
HIGH8.8Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events.
from 0, < 1:115.15.0-1~deb11u1
HIGH8.8Unexpected marking work at the start of sweeping could have led to a use-after-free.
from 0, < 1:115.14.0-1~deb11u1
HIGH8.8Editor code failed to check an attribute value.
from 0, < 1:115.14.0-1~deb11u1
HIGH8.8Incomplete WebAssembly exception handing could have led to a use-after-free.
from 0, < 1:115.14.0-1~deb11u1
HIGH8.8Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10.
from 0, < 1:115.11.0-1~deb11u1
HIGH8.8When saving a page to PDF, certain font styles could have led to a potential use-after-free crash.
from 0, < 1:115.11.0-1~deb11u1
HIGH8.8PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF
from 0, < 1:115.11.0-1~deb10u1
HIGH8.8PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF
from 0, < 1:115.11.0-1~deb11u1
HIGH8.8PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF
from 0, < 1:115.11.0-1~deb11u1
HIGH8.8In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads.
from 0, < 1:115.10.1-1~deb11u1
HIGH8.8Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8.
from 0, < 1:115.9.0-1~deb11u1
HIGH8.8Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6.
from 0, < 1:115.7.0-1~deb11u1
HIGH8.8A malicious devtools extension could have been used to escalate privileges.
from 0, < 1:115.7.0-1~deb11u1
HIGH8.8A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions.
from 0, < 1:115.7.0-1~deb11u1
HIGH8.8Memory safety bugs present in Firefox 120.
from 0, < 1:115.6.0-1~deb11u1
HIGH8.8Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5.
from 0, < 1:115.6.0-1~deb11u1
HIGH8.8A use-after-free was identified in the `nsDNSService::Init`.
from 0, < 1:115.6.0-1~deb11u1
HIGH8.8The `nsWindow::PickerOpen(void)` method was susceptible to a heap buffer overflow when running in headless mode.
from 0, < 1:115.6.0-1~deb11u1
HIGH8.8A use-after-free condition affected TLS socket creation when under memory pressure.
from 0, < 1:115.6.0-1~deb11u1
HIGH8.8Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handling.
from 0, < 1:115.6.0-1~deb11u1
HIGH8.8firefox-esr - security update
from 0, < 1:115.6.0-1~deb11u1
HIGH8.8Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4.
from 0, < 1:115.5.0-1~deb11u1
HIGH8.8When using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary storage no…
from 0, < 1:115.5.0-1~deb11u1
HIGH8.8Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and…
from 0, < 1:115.5.0-1~deb11u1
HIGH8.8Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1.
from 0, < 1:115.2.0-1
HIGH8.8Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1.
from 0, < 1:102.15.0-1~deb11u1
HIGH8.8A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions.
from 0, < 1:102.14.0-1~deb11u1
HIGH8.8Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12.
from 0, < 1:102.13.0-1~deb11u1
HIGH8.8Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment…
from 0, < 1:102.13.0-1~deb11u1
HIGH8.8thunderbird - security update
from 0, < 1:102.13.0-1~deb10u1
HIGH8.8thunderbird - security update
from 0, < 1:102.13.0-1~deb11u1
HIGH8.8thunderbird - security update
from 0, < 1:102.13.0-1~deb11u1
HIGH8.8Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozill…
from 0, < 1:102.11.0-1~deb11u1
HIGH8.8When reading a file, an uninitialized value could have been used as read limit.
from 0, < 1:102.11.0-1~deb11u1
HIGH8.8A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions.
from 0, < 1:102.11.0-1~deb11u1
HIGH8.8Memory safety bugs present in Firefox 111 and Firefox ESR 102.9.
from 0, < 1:102.10.0-1~deb11u1
HIGH8.8Firefox did not properly handle downloads of files ending in <code>.desktop</code>, which can be interpreted to run attacker-controlled com…
from 0, < 1:102.10.0-1~deb11u1
HIGH8.8When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL ch…
from 0, < 1:102.10.0-1~deb11u1
HIGH8.8An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an asserti…
from 0, < 1:102.10.0-1~deb11u1
HIGH8.8Memory safety bugs present in Firefox 110 and Firefox ESR 102.8.
from 0, < 1:102.9.0-1~deb11u1
HIGH8.8While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type.
from 0, < 1:102.9.0-1~deb11u1
HIGH8.8Memory safety bugs present in Firefox ESR 102.7.
from 0, < 1:102.8.0-1~deb11u1
HIGH8.8Mmemory safety bugs present in Firefox 109 and Firefox ESR 102.7.
from 0, < 1:102.8.0-1~deb11u1
HIGH8.8Module load requests that failed were not being checked as to whether or not they were cancelled causing a use-after-free in <code>ScriptLo…
from 0, < 1:102.8.0-1~deb11u1
HIGH8.8An invalid downcast from <code>nsTextNode</code> to <code>SVGElement</code> could have lead to undefined behavior.
from 0, < 1:102.8.0-1~deb11u1
HIGH8.8Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment…
from 0, < 1:102.8.0-1~deb11u1
HIGH8.8When encoding data from an <code>inputStream</code> in <code>xpcom</code> the size of the input being encoded was not correctly calculated…
from 0, < 1:102.8.0-1~deb11u1
HIGH8.8Permission prompts for opening external schemes were only shown for <code>ContentPrincipals</code> resulting in extensions being able to op…
from 0, < 1:102.8.0-1~deb11u1
HIGH8.8Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 108 and Firefox ESR 102.6.
from 0, < 1:102.8.0-1~deb11u1
HIGH8.8nss - security update
from 0, < 1:102.8.0-1~deb11u1
HIGH8.8An optimization in WebGL was incorrect in some cases, and could have led to memory corruption and a potentially exploitable crash.
from 0, < 1:102.6.0-1~deb11u1
HIGH8.8Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbi…
from 0, < 1:102.6.0-1~deb11u1
HIGH8.8A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place.
from 0, < 1:102.6.0-1~deb11u1
HIGH8.8thunderbird - security update
from 0, < 1:102.8.0-1~deb10u1
HIGH8.8thunderbird - security update
from 0, < 1:102.8.0-1~deb11u1
HIGH8.8thunderbird - security update
from 0, < 1:102.8.0-1~deb11u1
HIGH8.8Mozilla developers Andrew McCreight and Gabriele Svelto reported memory safety bugs present in Thunderbird 102.4.
from 0, < 1:102.5.0-1~deb11u1
HIGH8.8When resolving a symlink such as <code>file:///proc/self/fd/1</code>, an error message may be produced where the symlink was resolved to a…
from 0, < 1:102.5.0-1~deb11u1
HIGH8.8The garbage collector could have been aborted in several states and zones and <code>GCRuntime::finishCollection</code> may not have been ca…
from 0, < 1:102.5.0-1~deb11u1
HIGH8.8Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 105 and Firefox ESR 102.3.
from 0, < 1:102.4.0-1~deb11u1
HIGH8.8Certain types of allocations were missing annotations that, if the Garbage Collector was in a specific state, could have lead to memory cor…
from 0, < 1:102.4.0-1~deb11u1
HIGH8.8Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing Team reported memory safety bug…
from 0, < 1:102.3.0-1~deb11u1
HIGH8.8Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12.
from 0, < 1:91.13.0-1~deb11u1
HIGH8.8Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103 and Firefox ESR 102.1.
from 0, < 1:102.2.0-1
HIGH8.8A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access).
from 0, < 1:91.13.0-1~deb11u1
HIGH8.8The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10.
from 0, < 1:91.11.0-1~deb11u1
HIGH8.8In the <code>nsTArray_Impl::ReplaceElementsAt()</code> function, an integer overflow could have occurred when the number of elements to rep…
from 0, < 1:91.11.0-1~deb11u1
HIGH8.8An iframe that was not permitted to run scripts could do so if the user clicked on a <code>javascript:</code> link.
from 0, < 1:91.11.0-1~deb11u1
HIGH8.8A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption.
from 0, < 1:91.10.0-1~deb11u1
HIGH8.8On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploi…
from 0, < 1:91.10.0-1~deb11u1
HIGH8.8Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102.
from 0, < 1:102.1.0-1
HIGH8.8thunderbird - security update
from 0, < 1:91.11.0-1~deb10u1
HIGH8.8thunderbird - security update
from 0, < 1:91.11.0-1~deb11u1
HIGH8.8firefox-esr - security update
from 0, < 1:91.9.0-1~deb11u1
HIGH8.8Mozilla developers and community members Nika Layzell, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory safe…
from 0, < 1:91.8.0-1~deb11u1
HIGH8.8If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bo…
from 0, < 1:91.8.0-1~deb11u1
HIGH8.8thunderbird - security update
from 0, < 1:91.7.0-2~deb10u1
HIGH8.8thunderbird - security update
from 0, < 1:91.7.0-2~deb11u1
HIGH8.8thunderbird - security update
from 0, < 1:91.7.0-2~deb9u1
HIGH8.8Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96 and Firefox ESR 91.5.
from 0, < 1:91.6.0-1~deb11u1
HIGH8.8When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible.
from 0, < 1:91.6.0-1~deb11u1
HIGH8.8Web-accessible extension pages (pages with a moz-extension:// scheme) were not correctly enforcing the frame-ancestors directive when it wa…
from 0, < 1:91.6.0-1~deb11u1
HIGH8.8If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an ex…
from 0, < 1:91.6.0-1~deb11u1
HIGH8.8Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve…
from 0, < 1:91.5.0-2~deb11u1
HIGH8.8Certain network request objects were freed too early when releasing a network request handle.
from 0, < 1:91.5.0-2~deb11u1
HIGH8.8Applying a CSS filter effect could have accessed out of bounds memory.
from 0, < 1:91.5.0-2~deb11u1
HIGH8.8If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution…
from 0, < 1:91.10.0-1~deb11u1
HIGH8.8thunderbird - security update
from 0, < 1:91.10.0-1~deb9u1
HIGH8.8thunderbird - security update
from 0, < 1:91.10.0-1~deb11u1
HIGH8.8thunderbird - security update
from 0, < 1:91.10.0-1~deb10u1
HIGH8.8thunderbird - security update
from 0, < 1:91.6.1-1~deb9u1
HIGH8.8thunderbird - security update
from 0, < 1:91.6.1-1~deb10u1
HIGH8.8thunderbird - security update
from 0, < 1:91.6.1-1~deb11u1
HIGH8.8thunderbird - security update
from 0, < 1:78.7.0-1~deb10u1
HIGH8.8thunderbird - security update
from 0, < 1:78.7.0-1~deb9u1
HIGH8.8thunderbird - security update
from 0, < 1:78.7.0-1
HIGH8.8Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing…
from 0, < 1:91.4.1-1~deb11u1
HIGH8.8An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitab…
from 0, < 1:91.4.1-1~deb11u1
HIGH8.8A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a pot…
from 0, < 1:91.4.1-1~deb11u1
HIGH8.8Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2.
from 0, < 1:91.4.1-1~deb11u1
HIGH8.8When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to…
from 0, < 1:91.4.1-1~deb11u1
HIGH8.8Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1.
from 0, < 1:91.4.1-1~deb11u1
HIGH8.8thunderbird - security update
from 0, < 1:91.4.1-1~deb9u1
HIGH8.8thunderbird - security update
from 0, < 1:91.4.1-1~deb10u1
HIGH8.8thunderbird - security update
from 0, < 1:91.4.1-1~deb11u1
HIGH8.8thunderbird - security update
from 0, < 1:78.14.0-1~deb11u1
HIGH8.8thunderbird - security update
from 0, < 1:78.14.0-1~deb10u1
HIGH8.8thunderbird - security update
from 0, < 1:78.14.0-1~deb9u1
HIGH8.8Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12.
from 0, < 1:78.13.0-1~deb11u1
HIGH8.8Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a…
from 0, < 1:78.13.0-1~deb11u1
HIGH8.8A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash.
from 0, < 1:78.13.0-1~deb11u1
HIGH8.8Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collec…
from 0, < 1:78.13.0-1~deb11u1
HIGH8.8thunderbird - security update
from 0, < 1:78.13.0-1~deb11u1
HIGH8.8thunderbird - security update
from 0, < 1:78.13.0-1~deb9u1
HIGH8.8thunderbird - security update
from 0, < 1:78.13.0-1~deb11u1
HIGH8.8Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird.
from 0, < 1:78.12.0-1
HIGH8.8firefox-esr - security update
from 0, < 1:78.12.0-1
HIGH8.8firefox-esr - security update
from 0, < 1:78.11.0-1
HIGH8.8Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when use…
from 0, < 1:78.10.0-1
HIGH8.8When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and…
from 0, < 1:78.10.0-1
HIGH8.8If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional pr…
from 0, < 1:78.10.0-1
HIGH8.8When Responsive Design Mode was enabled, it used references to objects that were previously freed.
from 0, < 1:78.10.0-1
HIGH8.8A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write.
from 0, < 1:78.10.0-1
HIGH8.8Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory…
from 0, < 1:78.12.0-1
HIGH8.8Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8.
from 0, < 1:78.9.0-1
HIGH8.8Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7.
from 0, < 1:78.8.0-1
HIGH8.8Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6.
from 0, < 1:78.7.0-1
HIGH8.8Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash.
from 0, < 1:78.7.0-1
HIGH8.8Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corrupt…
from 0, < 1:78.7.0-1
HIGH8.8chromium - security update
from 0, < 1:78.6.1-1
HIGH8.8Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5.
from 0, < 1:78.6.0-1
HIGH8.8When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type.
from 0, < 1:78.6.0-1
HIGH8.8Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed.
from 0, < 1:78.6.0-1
HIGH8.8Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers.
from 0, < 1:78.6.0-1
HIGH8.8thunderbird - security update
from 0, < 1:78.5.1-1~deb9u1
HIGH8.8thunderbird - security update
from 0, < 1:78.5.1-1~deb10u1
HIGH8.8thunderbird - security update
from 0, < 1:78.5.1-1
HIGH8.8Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4.
from 0, < 1:78.5.0-1
HIGH8.8If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a pote…
from 0, < 1:78.5.0-1
HIGH8.8During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corr…
from 0, < 1:78.5.0-1
HIGH8.8thunderbird - security update
from 0, < 1:78.4.2-1
HIGH8.8thunderbird - security update
from 0, < 1:78.4.2-1~deb9u1
HIGH8.8thunderbird - security update
from 0, < 1:78.4.2-1~deb10u1
HIGH8.8Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a craf…
from 0, < 1:78.4.0-1
HIGH8.8When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free.
from 0, < 1:78.3.1-1
HIGH8.8thunderbird - security update
from 0, < 1:78.3.1-1
HIGH8.8thunderbird - security update
from 0, < 1:78.3.1-2~deb10u2
HIGH8.8thunderbird - security update
from 0, < 1:78.3.1-2~deb9u1
HIGH8.8When aborting an operation, such as a fetch, an abort signal may be deleted while alerting the objects to be notified.
from 0, < 1:68.12.0-1
HIGH8.8Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0.
from 0, < 1:68.11.0-1
HIGH8.8When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and…
from 0, < 1:68.10.0-1
HIGH8.8When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-fr…
from 0, < 1:68.10.0-1
HIGH8.8thunderbird - security update
from 0, < 1:68.10.0-1
HIGH8.8thunderbird - security update
from 0, < 1:68.10.0-1~deb9u1
HIGH8.8Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8.
from 0, < 1:68.9.0-1
HIGH8.8Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash.
from 0, < 1:68.9.0-1
HIGH8.8An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 16 GB of RAM.
from 0, < 1:60.0-1
HIGH8.8Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a craf…
from 0, < 1:68.11.0-1
HIGH8.8On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in <code>GMPDecodeData</code>.
from 0, < 1:68.7.0-1
HIGH8.8The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the we…
from 0, < 1:68.6.0-1
HIGH8.8When a device was changed while a stream was about to be destroyed, the <code>stream-reinit</code> task may have been executed after the st…
from 0, < 1:68.6.0-1
HIGH8.8By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script exe…
from 0, < 1:68.6.0-1
HIGH8.8When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potenti…
from 0, < 1:68.6.0-1
HIGH8.8Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4.
from 0, < 1:68.5.0-1
HIGH8.8Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3.
from 0, < 1:68.4.1-1
HIGH8.8Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash.
from 0, < 1:68.4.1-1
HIGH8.8Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2.
from 0, < 1:68.3.0-1
HIGH8.8When using nested workers, a use-after-free could occur during worker destruction.
from 0, < 1:68.3.0-1
HIGH8.8thunderbird - security update
from 0, < 1:68.3.0-2~deb9u1
HIGH8.8thunderbird - security update
from 0, < 1:68.3.0-2~deb8u1
HIGH8.8thunderbird - security update
from 0, < 1:68.3.0-1
HIGH8.8Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firefox ESR 68.1.
from 0, < 1:68.2.1-1
HIGH8.8A fixed-size stack buffer could overflow in nrappkit when doing WebRTC signaling.
from 0, < 1:68.2.1-1
HIGH8.8An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack.
from 0, < 1:68.2.1-1
HIGH8.8firefox-esr - security update
from 0, < 1:68.2.1-1
HIGH8.8It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion.
from 0, < 1:60.9.0-1
HIGH8.8A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use.
from 0, < 1:60.9.0-1
HIGH8.8firefox-esr - security update
from 0, < 1:60.9.0-1
HIGH8.8POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements.
from 0, < 1:60.8.0-1
HIGH8.8When an inner window is reused, it does not consider the use of document.domain for cross-origin protections.
from 0, < 1:60.8.0-1
HIGH8.8thunderbird - security update
from 0, < 1:60.3.0-1
HIGH8.8thunderbird - security update
from 0, < 1:60.3.0-1~deb9u1
HIGH8.8thunderbird - security update
from 0, < 1:60.5.1-1~deb9u1
HIGH8.8thunderbird - security update
from 0, < 1:60.5.1-1
HIGH8.8thunderbird - security update
from 0, < 1:60.5.1-1~deb8u1
HIGH8.8Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory rea…
from 0, < 1:60.4.0-1
HIGH8.8NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307…
from 0, < 1:52.9.0-1
HIGH8.8A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old documen…
from 0, < 1:52.9.0-1
HIGH8.8An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in…
from 0, < 1:52.9.0-1
HIGH8.8thunderbird - security update
from 0, < 1:60.0-3~deb9u1
HIGH8.8thunderbird - security update
from 0, < 1:60.0-1
HIGH8.8A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element.
from 0, < 1:52.9.0-1
HIGH8.8thunderbird - security update
from 0, < 1:52.9.1-1~deb9u1
HIGH8.8thunderbird - security update
from 0, < 1:52.9.0-1
HIGH8.8thunderbird - security update
from 0, < 1:52.9.1-1~deb8u1
HIGH8.8firefox-esr - security update
from 0, < 1:52.7.0-1
HIGH8.8A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script.
from 0, < 1:52.7.0-1
HIGH8.8thunderbird - security update
from 0, < 1:52.7.0-1~deb8u1
HIGH8.8thunderbird - security update
from 0, < 1:52.7.0-1~deb7u1
HIGH8.8thunderbird - security update
from 0, < 1:52.7.0-1
HIGH8.8It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g.
from 0, < 1:52.5.2-1
HIGH8.6Information disclosure, sandbox escape in the Security: Process Sandboxing component.
from 0, < 1:140.11.0esr-1~deb11u1
HIGH8.6Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component.
from 0, < 1:140.9.0esr-1~deb11u1
HIGH8.6Sandbox escape due to incorrect boundary conditions in the Telemetry component.
from 0, < 1:140.9.0esr-1~deb11u1
HIGH8.6By manipulating the text in an `<input>` tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash.
from 0, < 1:115.12.0-1~deb11u1
HIGH8.6firefox-esr - security update
from 0, < 1:102.6.0-1~deb11u1
HIGH8.6firefox-esr - security update
from 0, < 1:102.6.0-1~deb10u1
HIGH8.6A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages.
from 0, < 1:52.7.0-1
HIGH8.4`AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEncodedCharacters()` could have experienced integer overflows…
from 0, < 1:115.9.0-1~deb11u1
HIGH8.3As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a b…
from 0, < 1:60.8.0-1
HIGH8.2Prototype pollution in matrix-js-sdk (part 2)
from 0, < 1:102.10.0-1~deb11u1
HIGH8.1Mitigation bypass in the DOM: Security component.
from 0, < 1:140.11.0esr-1~deb11u1
HIGH8.1Memory safety bugs present in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1.
from 0, < 1:140.10.2esr-1~deb11u1
HIGH8.1Undefined behavior in the WebRTC: Signaling component.
from 0, < 1:140.9.0esr-1~deb11u1
HIGH8.1Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146.
from 0, < 1:140.7.0esr-1~deb11u1
HIGH8.1Mitigation bypass in the DOM: Security component.
from 0, < 1:140.7.0esr-1~deb11u1
HIGH8.1Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5, Firefox 145 and Thunderbird 145.
from 0, < 1:140.6.0esr-1~deb11u1
HIGH8.1Same-origin policy bypass in the DOM: Workers component.
from 0, < 1:140.5.0esr-1~deb11u1
HIGH8.1Mitigation bypass in the DOM: Security component.
from 0, < 1:140.5.0esr-1~deb11u1
HIGH8.1Same-origin policy bypass in the DOM: Notifications component.
from 0, < 1:140.5.0esr-1~deb11u1
HIGH8.1Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Fir…
from 0, < 1:128.14.0esr-1~deb11u1
HIGH8.1Same-origin policy bypass in the Graphics: Canvas2D component.
from 0, < 1:128.14.0esr-1~deb11u1
HIGH8.1XSLT document loading did not correctly propagate the source document which bypassed its CSP.
from 0, < 1:128.13.0esr-1~deb11u1
HIGH8.1Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user into executing unexpected code.
from 0, < 1:128.13.0esr-1~deb11u1
HIGH8.1Thunderbird executed `javascript:` URLs when used in `object` and `embed` tags.
from 0, < 1:128.13.0esr-1~deb11u1
HIGH8.1Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10.
from 0, < 1:128.11.0esr-1~deb11u1
HIGH8.1Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10.
from 0, < 1:128.11.0esr-1~deb11u1
HIGH8.1Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context.
from 0, < 1:128.10.1esr-1~deb11u1
HIGH8.1Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9.
from 0, < 1:128.10.1esr-1~deb11u1
HIGH8.1Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9.
from 0, < 1:128.10.1esr-1~deb11u1
HIGH8.1Memory safety bugs present in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8.
from 0, < 1:128.9.0esr-1~deb11u1
HIGH8.1An inconsistent comparator in xslt/txNodeSorter could have resulted in potentially exploitable out-of-bounds access.
from 0, < 1:128.8.0esr-1~deb11u1
HIGH8.1It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response…
from 0, < 1:115.14.0-1~deb11u1
HIGH8.1thunderbird - security update
from 0, < 1:115.12.0-1~deb10u1
HIGH8.1thunderbird - security update
from 0, < 1:115.12.0-1~deb11u1
HIGH8.1thunderbird - security update
from 0, < 1:115.12.0-1~deb11u1
HIGH8.1Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9.
from 0, < 1:115.10.1-1~deb11u1
HIGH8.1If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be levera…
from 0, < 1:115.9.0-1~deb11u1
HIGH8.1Return registers were overwritten which could have allowed an attacker to execute arbitrary code.
from 0, < 1:115.9.0-1~deb11u1
HIGH8.1Memory safety bugs present in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7.
from 0, < 1:115.8.0-1~deb11u1
HIGH8.1thunderbird - security update
from 0, < 1:102.6.0-1~deb11u1
HIGH8.1thunderbird - security update
from 0, < 1:102.6.0-1~deb11u1
HIGH8.1thunderbird - security update
from 0, < 1:102.4.0-1~deb11u1
HIGH8.1thunderbird - security update
from 0, < 1:102.4.0-1~deb11u1
HIGH8.1thunderbird - security update
from 0, < 1:102.4.0-1~deb10u1
HIGH8.1If a Thunderbird user replied to a crafted HTML email containing a <code>meta</code> tag, with the <code>meta</code> tag having the <code>h…
from 0, < 1:102.2.1-1
HIGH8.1A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash.
from 0, < 1:78.13.0-1~deb11u1
HIGH8.1thunderbird - security update
from 0, < 1:78.9.0-1~deb9u1
HIGH8.1thunderbird - security update
from 0, < 1:78.9.0-1
HIGH8.1thunderbird - security update
from 0, < 1:78.9.0-1~deb10u1
HIGH8.1thunderbird - security update
from 0, < 1:68.8.0-1~deb8u1
HIGH8.1thunderbird - security update
from 0, < 1:68.8.0-1
HIGH8.1thunderbird - security update
from 0, < 1:68.8.0-1~deb9u1
HIGH8.1A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data.
from 0, < 1:52.8.0-1
HIGH8.0Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component.
from 0, < 1:140.7.0esr-1~deb11u1
HIGH8.0Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component.
from 0, < 1:140.6.0esr-1~deb11u1
HIGH7.8Incorrect boundary conditions in the WebRTC: Networking component.
from 0, < 1:140.10.0esr-1~deb11u1
HIGH7.8thunderbird - security update
from 0, < 1:128.8.0esr-1~deb11u1
HIGH7.8thunderbird - security update
from 0, < 1:128.8.0esr-1~deb11u1
HIGH7.8thunderbird - security update
from 0, < 1:128.8.0esr-1~deb12u1
HIGH7.8The JIT created incorrect code for arguments in certain cases.
from 0, < 1:115.10.1-1~deb11u1
HIGH7.8When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code.
from 0, < 1:102.13.0-1~deb11u1
HIGH7.8When loading the shared library that provides the OTR protocol implementation, Thunderbird will initially attempt to open it using a filena…
from 0, < 1:78.10.0-1
HIGH7.8When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading…
from 0, < 1:60.2.1-1
HIGH7.8File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protectio…
from 0, < 1:52.4.0-1
HIGH7.7When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash.
from 0, < 1:128.6.0esr-1~deb11u1
HIGH7.6On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory.
from 0, < 1:128.8.0esr-1~deb11u1
HIGH7.5Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component.
from 0, < 1:140.11.0esr-1~deb11u1
HIGH7.5Incorrect boundary conditions, integer overflow in the Audio/Video component.
from 0, < 1:140.11.0esr-1~deb11u1
HIGH7.5Incorrect boundary conditions in the Audio/Video: Web Codecs component.
from 0, < 1:140.11.0esr-1~deb11u1
HIGH7.5Information disclosure due to incorrect boundary conditions in the Audio/Video component.
from 0, < 1:140.10.1esr-1~deb11u1
HIGH7.5Memory safety bugs present in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149.
from 0, < 1:140.10.0esr-1~deb11u1
HIGH7.5Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149.
from 0, < 1:140.10.0esr-1~deb11u1
HIGH7.5Incorrect boundary conditions in the Libraries component in NSS.
from 0, < 1:140.10.0esr-1~deb11u1
HIGH7.5Incorrect boundary conditions in the Libraries component in NSS.
from 0, < 1:140.10.0esr-1~deb11u1
HIGH7.5Use-after-free in the JavaScript Engine component.
from 0, < 1:140.10.0esr-1~deb11u1
HIGH7.5Information disclosure due to uninitialized memory in the Graphics: Canvas2D component.
from 0, < 1:140.10.0esr-1~deb11u1
HIGH7.5Use-after-free in the WebRTC component.
from 0, < 1:140.10.0esr-1~deb11u1
HIGH7.5Use-after-free in the DOM: Core & HTML component.
from 0, < 1:140.10.0esr-1~deb11u1
HIGH7.5Incorrect boundary conditions in the Graphics: Text component.
from 0, < 1:140.9.0esr-1~deb11u1
HIGH7.5Incorrect boundary conditions in the Audio/Video component.
from 0, < 1:140.9.0esr-1~deb11u1
HIGH7.5Incorrect boundary conditions in the Graphics component.
from 0, < 1:140.9.0esr-1~deb11u1
HIGH7.5Information disclosure in the Widget: Cocoa component.
from 0
HIGH7.5Incorrect boundary conditions in the Audio/Video: GMP component.
from 0, < 1:140.9.0esr-1~deb11u1
HIGH7.5Incorrect boundary conditions in the Graphics component.
from 0, < 1:140.9.0esr-1~deb11u1
HIGH7.5Incorrect boundary conditions in the Graphics: Canvas2D component.
from 0, < 1:140.9.0esr-1~deb11u1
HIGH7.5Incorrect boundary conditions in the Graphics: Canvas2D component.
from 0, < 1:140.9.0esr-1~deb11u1
HIGH7.5Denial-of-service in the WebRTC: Signaling component.
from 0, < 1:140.9.0esr-1~deb11u1
HIGH7.5Incorrect boundary conditions in the Layout: Text and Fonts component.
from 0, < 1:140.9.0esr-1~deb11u1
HIGH7.5Incorrect boundary conditions in the Audio/Video: Web Codecs component.
from 0, < 1:140.9.0esr-1~deb11u1
HIGH7.5Incorrect boundary conditions in the Audio/Video: Web Codecs component.
from 0, < 1:140.9.0esr-1~deb11u1
HIGH7.5Incorrect boundary conditions, integer overflow in the Graphics component.
from 0, < 1:140.9.0esr-1~deb11u1
HIGH7.5Incorrect boundary conditions in the Audio/Video: Playback component.
from 0, < 1:140.9.0esr-1~deb11u1
HIGH7.5Incorrect boundary conditions in the Graphics: Canvas2D component.
from 0, < 1:140.9.0esr-1~deb11u1
HIGH7.5Incorrect boundary conditions in the Graphics: Canvas2D component.
from 0, < 1:140.9.0esr-1~deb11u1
HIGH7.5Race condition, use-after-free in the Graphics: WebRender component.
from 0, < 1:140.9.0esr-1~deb11u1
HIGH7.5Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component.
from 0, < 1:140.8.0esr-1~deb11u1
HIGH7.5thunderbird - security update
from 0, < 1:140.7.0esr-1~deb11u1
HIGH7.5thunderbird - security update
from 0, < 1:140.7.0esr-1~deb11u1
HIGH7.5thunderbird - security update
from 0, < 1:140.7.0esr-1~deb12u1
HIGH7.5Incorrect boundary conditions in the JavaScript: WebAssembly component.
from 0, < 1:140.5.0esr-1~deb11u1
HIGH7.5thunderbird - security update
from 0, < 1:140.5.0esr-1~deb12u1
HIGH7.5thunderbird - security update
from 0, < 1:140.5.0esr-1~deb11u1
HIGH7.5thunderbird - security update
from 0, < 1:140.5.0esr-1~deb11u1
HIGH7.5thunderbird - security update
from 0, < 1:140.9.0esr-1~deb11u1
HIGH7.5thunderbird - security update
from 0, < 1:140.9.0esr-1~deb12u1
HIGH7.5thunderbird - security update
from 0, < 1:140.9.0esr-1~deb11u1
HIGH7.5thunderbird - security update
from 0, < 1:128.10.1esr-1~deb12u1
HIGH7.5thunderbird - security update
from 0, < 1:128.10.1esr-1~deb11u1
HIGH7.5Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7.
from 0, < 1:128.8.0esr-1~deb11u1
HIGH7.5It was possible to cause a use-after-free in the content process side of a WebTransport connection, leading to a potentially exploitable cr…
from 0, < 1:128.8.0esr-1~deb11u1
HIGH7.5A race during concurrent delazification could have led to a use-after-free.
from 0, < 1:128.7.0esr-1~deb11u1
HIGH7.5By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive.
from 0, < 1:128.4.0esr-1~deb11u1
HIGH7.5An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash.
from 0, < 1:128.4.0esr-1~deb11u1
HIGH7.5thunderbird - security update
from 0, < 1:128.4.0esr-1~deb11u1
HIGH7.5thunderbird - security update
from 0, < 1:128.4.0esr-1~deb11u1
HIGH7.5thunderbird - security update
from 0, < 1:128.4.0esr-1~deb12u1
HIGH7.5A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service co…
from 0, < 1:128.3.0esr-1
HIGH7.5An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin.
from 0, < 1:115.16.0esr-1~deb11u1
HIGH7.5An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin.
from 0, < 1:115.16.0esr-1~deb11u1
HIGH7.5An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events.
from 0, < 1:128.3.0esr-1
HIGH7.5An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory…
from 0, < 1:115.13.0-1~deb11u1
HIGH7.5Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the browser does n…
from 0, < 1:115.15.0-1~deb11u1
HIGH7.5Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12.
from 0, < 1:115.13.0-1~deb11u1
HIGH7.5Memory corruption in the networking stack could have led to a potentially exploitable crash.
from 0, < 1:115.12.0-1~deb11u1
HIGH7.5GetBoundName could return the wrong version of an object when JIT optimizations were applied.
from 0, < 1:115.10.1-1~deb11u1
HIGH7.5The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird'…
from 0, < 1:115.9.0-1~deb11u1
HIGH7.5Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior.*Note:* This issue only affects…
from 0, < 1:115.8.0-1~deb11u1
HIGH7.5thunderbird - security update
from 0, < 1:115.8.0-1~deb11u1
HIGH7.5thunderbird - security update
from 0, < 1:115.8.0-1~deb10u1
HIGH7.5thunderbird - security update
from 0, < 1:115.8.0-1~deb11u1
HIGH7.5nss - security update
from 0, < 1:115.9.0-1~deb11u1
HIGH7.5During garbage collection extra operations were performed on a object that should not be.
from 0, < 1:115.4.1-1~deb11u1
HIGH7.5Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash.
from 0, < 1:115.4.1-1~deb11u1
HIGH7.5When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to h…
from 0, < 1:115.2.0-1
HIGH7.5When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent wi…
from 0, < 1:102.14.0-1~deb11u1
HIGH7.5A website could have obscured the full screen notification by using the file open dialog.
from 0, < 1:115.2.0-1
HIGH7.5In some cases, an untrusted input stream was copied to a stack buffer without checking its size.
from 0, < 1:102.14.0-1~deb11u1
HIGH7.5An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations.
from 0, < 1:102.14.0-1~deb11u1
HIGH7.5thunderbird - security update
from 0, < 1:102.13.1-1~deb10u1
HIGH7.5thunderbird - security update
from 0, < 1:102.13.1-1~deb11u1
HIGH7.5thunderbird - security update
from 0, < 1:102.13.1-1~deb11u1
HIGH7.5libwebp - security update
from 0, < 1:102.10.0-1~deb11u1
HIGH7.5A data race could occur in the <code>PK11_ChangePW</code> function, potentially leading to a use-after-free vulnerability.
from 0, < 1:102.2.0-1
HIGH7.5When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed.
from 0, < 1:91.12.0-1~deb11u1
HIGH7.5When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the unde…
from 0, < 1:91.7.0-2~deb11u1
HIGH7.5When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode.
from 0, < 1:91.5.0-2~deb11u1
HIGH7.5Constructing audio sinks could have lead to a race condition when playing audio files and closing windows.
from 0, < 1:91.5.0-2~deb11u1
HIGH7.5Regexes with large repetitions on empty sub-expressions take a very long time to parse
from 0, < 1:91.8.0-1~deb11u1
HIGH7.5Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key import task.
from 0, < 1:78.9.0-1
HIGH7.5thunderbird - security update
from 0, < 1:68.9.0-1~deb9u1
HIGH7.5thunderbird - security update
from 0, < 1:68.9.0-1
HIGH7.5thunderbird - security update
from 0, < 1:68.9.0-1~deb8u2
HIGH7.5firefox-esr - security update
from 0, < 1:68.7.0-1
HIGH7.5Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-fre…
from 0, < 1:68.3.0-1
HIGH7.5Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have…
from 0, < 1:68.3.0-1
HIGH7.5thunderbird - security update
from 0, < 1:68.2.2-1~deb9u1
HIGH7.5thunderbird - security update
from 0, < 1:68.2.2-1~deb8u1
HIGH7.5thunderbird - security update
from 0, < 1:68.2.1-1
HIGH7.5expat - security update
from 0, < 1:68.2.1-1
HIGH7.5Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into me…
from 0, < 1:60.8.0-1
HIGH7.5nss - security update
from 0, < 1:60.8.0-1
HIGH7.5A flaw in Thunderbird's implementation of iCal causes a type confusion in icaltimezone_get_vtimezone_properties when processing certain ema…
from 0, < 1:60.7.1-1
HIGH7.5A crash can occur when processing a crafted S/MIME message or an XPI package containing a crafted signature.
from 0, < 1:60.5.0-1
HIGH7.5A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 repre…
from 0, < 1:60.3.0-1
HIGH7.5Using remote content in encrypted messages can lead to the disclosure of plaintext.
from 0, < 1:52.8.0-1
HIGH7.5Plaintext of decrypted emails can leak through the src attribute of remote images, or links.
from 0, < 1:52.8.0-1
HIGH7.5nss - security update
from 0, < 1:52.4.0-1
HIGH7.4A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer.
from 0, < 1:140.9.0esr-1~deb11u1
HIGH7.4In an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory corruptio…
from 0, < 1:115.13.0-1~deb11u1
HIGH7.4thunderbird - security update
from 0, < 1:78.10.0-1
HIGH7.4thunderbird - security update
from 0, < 1:78.10.0-1~deb9u1
HIGH7.4thunderbird - security update
from 0, < 1:78.10.0-1~deb10u1
HIGH7.3Use-after-free in the DOM: Bindings (WebIDL) component.
from 0, < 1:140.11.0esr-1~deb11u1
HIGH7.3Use-after-free in the DOM: Networking component.
from 0, < 1:140.10.2esr-1~deb11u1
HIGH7.3Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0.
from 0, < 1:140.10.1esr-1~deb11u1
HIGH7.3Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0.
from 0, < 1:140.10.1esr-1~deb11u1
HIGH7.3Incorrect boundary conditions in the WebRTC component.
from 0, < 1:140.10.0esr-1~deb11u1
HIGH7.3Incorrect boundary conditions in the WebRTC component.
from 0, < 1:140.10.0esr-1~deb11u1
HIGH7.3Uninitialized memory in the Audio/Video: Web Codecs component.
from 0, < 1:140.10.0esr-1~deb11u1
HIGH7.3JIT miscompilation in the JavaScript Engine: JIT component.
from 0, < 1:140.6.0esr-1~deb11u1
HIGH7.3Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component.
from 0, < 1:140.3.0esr-1~deb11u1
HIGH7.3A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attac…
from 0, < 1:128.9.0esr-1~deb11u1
HIGH7.3jar: URLs retrieve local file content packaged in a ZIP archive.
from 0, < 1:128.8.0esr-1~deb11u1
HIGH7.3An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter.
from 0, < 1:52.7.0-1
HIGH7.2matrix-js-sdk Prototype Pollution vulnerability
from 0, < 1:102.2.1-1
HIGH7.1thunderbird - security update
from 0, < 1:140.3.0esr-1~deb11u1
HIGH7.1thunderbird - security update
from 0, < 1:140.3.0esr-1~deb11u1
HIGH7.1thunderbird - security update
from 0, < 1:140.3.0esr-1~deb12u1
HIGH7.0Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which instead contained an OpenPGP signed message…
from 0, < 1:128.8.0esr-1~deb11u1
HIGH7.0Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11.
from 0, < 1:115.12.0-1~deb11u1
HIGH7.0A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profil…
from 0, < 1:60.2.1-1
MEDIUM6.8If a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has extended the validity period of her key, but Alice's updat…
from 0, < 1:78.10.0-1
MEDIUM6.5Spoofing issue in the Form Autofill component.
from 0, < 1:140.11.0esr-1~deb11u1
MEDIUM6.5Incorrect boundary conditions in the JavaScript Engine: JIT component.
from 0, < 1:140.11.0esr-1~deb11u1
MEDIUM6.5Other issue in the Storage: IndexedDB component.
from 0, < 1:140.10.0esr-1~deb11u1
MEDIUM6.5Incorrect boundary conditions in the DOM: Device Interfaces component.
from 0, < 1:140.10.0esr-1~deb11u1
MEDIUM6.5Mitigation bypass in the File Handling component.
from 0, < 1:140.10.0esr-1~deb11u1
MEDIUM6.5Spoofing issue in Thunderbird.
from 0, < 1:140.9.0esr-1~deb11u1
MEDIUM6.5Use-after-free in the JavaScript: GC component.
from 0, < 1:140.7.0esr-1~deb11u1
MEDIUM6.5Same-origin policy bypass in the Request Handling component.
from 0, < 1:140.6.0esr-1~deb11u1
MEDIUM6.5There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable.
from 0, < 1:140.4.0esr-1~deb11u1
MEDIUM6.5Incorrect boundary conditions in the JavaScript: GC component.
from 0, < 1:140.3.0esr-1~deb11u1
MEDIUM6.5Same-origin policy bypass in the Layout component.
from 0, < 1:140.3.0esr-1~deb11u1
MEDIUM6.5Uninitialized memory in the JavaScript Engine component.
from 0, < 1:128.14.0esr-1~deb11u1
MEDIUM6.5The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref.
from 0, < 1:128.13.0esr-1~deb11u1
MEDIUM6.5thunderbird - security update
from 0, < 1:128.13.0esr-1~deb12u1
MEDIUM6.5thunderbird - security update
from 0, < 1:128.13.0esr-1~deb11u1
MEDIUM6.5thunderbird - security update
from 0, < 1:128.13.0esr-1~deb11u1
MEDIUM6.5Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an `embed` tag.
from 0, < 1:128.12.0esr-1~deb11u1
MEDIUM6.5thunderbird - security update
from 0, < 1:128.12.0esr-1~deb11u1
MEDIUM6.5thunderbird - security update
from 0, < 1:128.12.0esr-1~deb12u1
MEDIUM6.5thunderbird - security update
from 0, < 1:128.12.0esr-1~deb11u1
MEDIUM6.5It was possible to craft an email that showed a tracking link as an attachment.
from 0, < 1:128.10.1esr-1~deb11u1
MEDIUM6.5thunderbird - security update
from 0, < 1:128.9.0esr-1~deb12u1
MEDIUM6.5thunderbird - security update
from 0, < 1:128.9.0esr-1~deb11u1
MEDIUM6.5thunderbird - security update
from 0, < 1:128.9.0esr-1~deb11u1
MEDIUM6.5Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7.
from 0, < 1:128.8.0esr-1~deb11u1
MEDIUM6.5It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage collection wh…
from 0, < 1:128.8.0esr-1~deb11u1
MEDIUM6.5A race condition could have led to private browsing tabs being opened in normal browsing windows.
from 0, < 1:128.7.0esr-1~deb11u1
MEDIUM6.5Thunderbird displayed an incorrect sender address if the From field of an email used the invalid group name syntax that is described in CVE…
from 0, < 1:128.7.0esr-1~deb11u1
MEDIUM6.5Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.…
from 0, < 1:128.6.0esr-1~deb11u1
MEDIUM6.5A clipboard "paste" button could persist across tabs which allowed a spoofing attack.
from 0, < 1:128.4.0esr-1~deb11u1
MEDIUM6.5Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser.
from 0, < 1:128.4.0esr-1~deb11u1
MEDIUM6.5Video frames could have been leaked between origins in some situations.
from 0, < 1:128.4.0esr-1~deb11u1
MEDIUM6.5Truncation of a long URL could have allowed origin spoofing in a permission prompt.
from 0, < 1:128.4.0esr-1~deb11u1
MEDIUM6.5When aborting the verification of an OTR chat session, an attacker could have caused a use-after-free bug leading to a potentially exploita…
from 0, < 1:128.2.0esr-1
MEDIUM6.5The date picker could partially obscure security prompts.
from 0, < 1:115.14.0-1~deb11u1
MEDIUM6.5ANGLE failed to initialize parameters which lead to reading from uninitialized memory.
from 0, < 1:115.14.0-1~deb11u1
MEDIUM6.5thunderbird - security update
from 0, < 1:115.9.0-1~deb10u1
MEDIUM6.5thunderbird - security update
from 0, < 1:115.9.0-1~deb11u1
MEDIUM6.5thunderbird - security update
from 0, < 1:115.9.0-1~deb11u1
MEDIUM6.5Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the vic…
from 0, < 1:115.8.0-1~deb11u1
MEDIUM6.5In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain.
from 0, < 1:115.7.0-1~deb11u1
MEDIUM6.5When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Con…
from 0, < 1:115.7.0-1~deb11u1
MEDIUM6.5A Linux user opening the print preview dialog could have caused the browser to crash.
from 0, < 1:115.7.0-1~deb11u1
MEDIUM6.5firefox-esr - security update
from 0, < 1:115.7.0-1~deb11u1
MEDIUM6.5firefox-esr - security update
from 0, < 1:115.7.0-1~deb11u1
MEDIUM6.5firefox-esr - security update
from 0, < 1:115.7.0-1~deb10u1
MEDIUM6.5The `VideoBridge` allowed any content process to use textures produced by remote decoders.
from 0, < 1:115.6.0-1~deb11u1
MEDIUM6.5Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override t…
from 0, < 1:115.5.0-1~deb11u1
MEDIUM6.5It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash.
from 0, < 1:115.5.0-1~deb11u1
MEDIUM6.5thunderbird - security update
from 0, < 1:115.5.0-1~deb11u1
MEDIUM6.5thunderbird - security update
from 0, < 1:115.5.0-1~deb10u1
MEDIUM6.5thunderbird - security update
from 0, < 1:115.5.0-1~deb11u1
MEDIUM6.5An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited.
from 0, < 1:115.4.1-1~deb11u1
MEDIUM6.5During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes…
from 0, < 1:115.3.1-1~deb11u1
MEDIUM6.5thunderbird - security update
from 0, < 1:115.3.1-1~deb11u1
MEDIUM6.5thunderbird - security update
from 0, < 1:115.3.1-1~deb10u1
MEDIUM6.5thunderbird - security update
from 0, < 1:115.3.1-1~deb11u1
MEDIUM6.5Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information.
from 0, < 1:115.2.0-1
MEDIUM6.5When calling `JS::CheckRegExpSyntax` a Syntax Error could have been set which would end in calling `convertToRuntimeErrorAndClear`.
from 0, < 1:115.2.0-1
MEDIUM6.5When `UpdateRegExpStatics` attempted to access `initialStringHeap` it could already have been garbage collected prior to entering the funct…
from 0, < 1:115.2.0-1
MEDIUM6.5When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and…
from 0, < 1:102.15.0-1~deb11u1
MEDIUM6.5When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and…
from 0, < 1:102.15.0-1~deb11u1
MEDIUM6.5thunderbird - security update
from 0, < 1:102.15.0-1~deb10u1
MEDIUM6.5thunderbird - security update
from 0, < 1:102.15.0-1~deb11u1
MEDIUM6.5thunderbird - security update
from 0, < 1:102.15.0-1~deb11u1
MEDIUM6.5A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto UR…
from 0, < 1:115.2.0-1
MEDIUM6.5A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL.
from 0, < 1:102.13.0-1~deb11u1
MEDIUM6.5A type checking bug would have led to invalid code being compiled.
from 0, < 1:102.11.0-1~deb11u1
MEDIUM6.5An out-of-bound read could have led to a crash in the RLBox Expat driver.
from 0, < 1:102.11.0-1~deb11u1
MEDIUM6.5A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result.
from 0, < 1:102.10.0-1~deb11u1
MEDIUM6.5Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced.
from 0, < 1:102.10.0-1~deb11u1
MEDIUM6.5Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks.
from 0, < 1:102.9.0-1~deb11u1
MEDIUM6.5When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds.
from 0, < 1:102.9.0-1~deb11u1
MEDIUM6.5thunderbird - security update
from 0, < 1:102.9.0-1~deb10u1
MEDIUM6.5thunderbird - security update
from 0, < 1:102.9.0-1~deb11u1
MEDIUM6.5thunderbird - security update
from 0, < 1:102.9.0-1~deb11u1
MEDIUM6.5When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash.
from 0, < 1:102.8.0-1~deb11u1
MEDIUM6.5The <code>Content-Security-Policy-Report-Only</code> header could allow an attacker to leak a child iframe's unredacted URI when interactio…
from 0, < 1:102.8.0-1~deb11u1
MEDIUM6.5Regular expressions used to filter out forbidden properties and values from style directives in calls to `console.log` weren't accounting f…
from 0, < 1:102.8.0-1~deb11u1
MEDIUM6.5A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored.
from 0, < 1:102.8.0-1~deb11u1
MEDIUM6.5Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attack…
from 0, < 1:102.8.0-1~deb11u1
MEDIUM6.5Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being d…
from 0, < 1:102.8.0-1~deb11u1
MEDIUM6.5firefox-esr - security update
from 0, < 1:102.10.0-1~deb11u1
MEDIUM6.5If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message,…
from 0, < 1:102.8.0-1~deb11u1
MEDIUM6.5thunderbird - security update
from 0, < 1:102.10.0-1~deb10u1
MEDIUM6.5thunderbird - security update
from 0, < 1:102.10.0-1~deb11u1
MEDIUM6.5thunderbird - security update
from 0, < 1:102.10.0-1~deb11u1
MEDIUM6.5Certificate OCSP revocation status was not checked when verifying S/Mime signatures.
from 0, < 1:102.8.0-1~deb11u1
MEDIUM6.5A missing check related to tex units could have led to a use-after-free and potentially exploitable crash.<br />*Note*: This advisory was a…
from 0, < 1:102.6.0-1~deb11u1
MEDIUM6.5Use tables inside of an iframe, an attacker could have caused iframe contents to be rendered outside the boundaries of the iframe, resultin…
from 0, < 1:102.5.0-1~deb11u1
MEDIUM6.5Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses.
from 0, < 1:102.5.0-1~deb11u1
MEDIUM6.5When a ServiceWorker intercepted a request with <code>FetchEvent</code>, the origin of the request was lost after the ServiceWorker took ow…
from 0, < 1:102.5.0-1~deb11u1
MEDIUM6.5Through a series of popups that reuse windowName, an attacker can cause a window to go fullscreen without the user seeing the notification…
from 0, < 1:102.5.0-1~deb11u1
MEDIUM6.5Freeing arbitrary <code>nsIInputStream</code>'s on a different thread than creation could have led to a use-after-free and potentially expl…
from 0, < 1:102.5.0-1~deb11u1
MEDIUM6.5Through a series of popup and <code>window.print()</code> calls, an attacker can cause a window to go fullscreen without the user seeing th…
from 0, < 1:102.5.0-1~deb11u1
MEDIUM6.5thunderbird - security update
from 0, < 1:102.5.0-1~deb11u1
MEDIUM6.5thunderbird - security update
from 0, < 1:102.5.0-1~deb11u1
MEDIUM6.5thunderbird - security update
from 0, < 1:102.5.0-1~deb10u1
MEDIUM6.5If a website called `window.print()` in a particular way, it could cause a denial of service of the browser, which may persist beyond brows…
from 0, < 1:102.4.0-1~deb11u1
MEDIUM6.5Concurrent use of the URL parser with non-UTF-8 data was not thread-safe.
from 0, < 1:102.3.0-1~deb11u1
MEDIUM6.5During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissio…
from 0, < 1:102.3.0-1~deb11u1
MEDIUM6.5By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus o…
from 0, < 1:102.3.0-1~deb11u1
MEDIUM6.5Inconsistent data in instruction and data cache when creating wasm code could lead to a potentially exploitable crash.<br>*This bug only af…
from 0, < 1:102.3.0-1~deb11u1
MEDIUM6.5When receiving an HTML email that contained an <code>iframe</code> element, which used a <code>srcdoc</code> attribute to define the inner…
from 0, < 1:102.2.1-1
MEDIUM6.5thunderbird - security update
from 0, < 1:91.13.0-1~deb11u1
MEDIUM6.5thunderbird - security update
from 0, < 1:91.13.0-1~deb11u1
MEDIUM6.5thunderbird - security update
from 0, < 1:91.13.0-1~deb10u1
MEDIUM6.5A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in po…
from 0, < 1:91.11.0-1~deb11u1
MEDIUM6.5An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Conte…
from 0, < 1:91.11.0-1~deb11u1
MEDIUM6.5An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between…
from 0, < 1:91.10.0-1~deb11u1
MEDIUM6.5When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user…
from 0, < 1:91.10.0-1~deb11u1
MEDIUM6.5An OpenPGP digital signature includes information about the date when the signature was created.
from 0, < 1:91.11.0-1~deb11u1
MEDIUM6.5Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables.
from 0, < 1:91.9.0-1~deb11u1
MEDIUM6.5When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoo…
from 0, < 1:91.9.0-1~deb11u1
MEDIUM6.5The parent process would not properly check whether the Speech Synthesis feature is enabled, when receiving instructions from a child proce…
from 0, < 1:91.9.0-1~deb11u1
MEDIUM6.5When generating the assembly code for <code>MLoadTypedArrayElementHole</code>, an incorrect AliasSet was used.
from 0, < 1:91.8.0-1~deb11u1
MEDIUM6.5By using a link with <code>rel="localization"</code> a use-after-free could have been triggered by destroying an object during JavaScript e…
from 0, < 1:91.8.0-1~deb11u1
MEDIUM6.5Previously Firefox for macOS and Linux would download temporary files to a user-specific directory in <code>/tmp</code>, but this behavior…
from 0, < 1:91.7.0-2~deb11u1
MEDIUM6.5When importing resources using Web Workers, error messages would distinguish the difference between <code>application/javascript</code> res…
from 0, < 1:91.6.0-1~deb11u1
MEDIUM6.5thunderbird - security update
from 0, < 1:91.6.0-1~deb11u1
MEDIUM6.5thunderbird - security update
from 0, < 1:91.6.0-1~deb10u1
MEDIUM6.5thunderbird - security update
from 0, < 1:91.6.0-1~deb9u1
MEDIUM6.5Malicious websites could have confused Firefox into showing the wrong origin when asking to launch a program and handling an external URL p…
from 0, < 1:91.5.0-2~deb11u1
MEDIUM6.5nss - security update
from 0, < 1:91.5.0-2~deb11u1
MEDIUM6.5Securitypolicyviolation events could have leaked cross-origin information for frame-ancestors violations.
from 0, < 1:91.5.0-2~deb11u1
MEDIUM6.5When inserting text while in edit mode, some characters might have lead to out-of-bounds memory access causing a potentially exploitable cr…
from 0, < 1:91.5.0-2~deb11u1
MEDIUM6.5Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol.
from 0, < 1:91.5.0-2~deb11u1
MEDIUM6.5When displaying the sender of an email, and the sender name contained the Braille Pattern Blank space character multiple times, Thunderbird…
from 0, < 1:91.10.0-1~deb11u1
MEDIUM6.5After a VR Process is destroyed, a reference to it may have been retained and used, leading to a use-after-free and potentially exploitable…
from 0, < 1:91.8.0-1~deb11u1
MEDIUM6.5thunderbird - security update
from 0, < 1:91.8.0-1~deb11u1
MEDIUM6.5thunderbird - security update
from 0, < 1:91.8.0-1~deb10u1
MEDIUM6.5thunderbird - security update
from 0, < 1:91.8.0-1~deb9u1
MEDIUM6.5When receiving an OpenPGP/MIME signed email message that contains an additional outer MIME message layer, for example a message footer adde…
from 0, < 1:91.4.1-1~deb11u1
MEDIUM6.5Using the Location API in a loop could have caused severe application hangs and crashes.
from 0, < 1:91.4.1-1~deb11u1
MEDIUM6.5Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols.
from 0, < 1:91.4.1-1~deb11u1
MEDIUM6.5When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped.
from 0, < 1:91.4.1-1~deb11u1
MEDIUM6.5Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL.
from 0, < 1:91.4.1-1~deb11u1
MEDIUM6.5Thunderbird unexpectedly enabled JavaScript in the composition area.
from 0, < 1:91.4.1-1~deb11u1
MEDIUM6.5The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a connection to be transparently upgraded to TLS while retaining the visual…
from 0, < 1:91.4.1-1~deb11u1
MEDIUM6.5The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash.
from 0, < 1:78.10.0-1
MEDIUM6.5Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page.
from 0, < 1:78.10.0-1
MEDIUM6.5An attacker may perform a DoS attack to prevent a user from sending encrypted email to a correspondent.
from 0, < 1:78.10.0-1
MEDIUM6.5A malicious extension could have opened a popup window lacking an address bar.
from 0, < 1:78.9.0-1
MEDIUM6.5Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as…
from 0, < 1:78.9.0-1
MEDIUM6.5When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may…
from 0, < 1:78.8.0-1
MEDIUM6.5thunderbird - security update
from 0, < 1:78.6.0-1~deb9u1
MEDIUM6.5thunderbird - security update
from 0, < 1:78.6.0-1~deb10u1
MEDIUM6.5thunderbird - security update
from 0, < 1:78.6.0-1
MEDIUM6.5firefox-esr - security update
from 0, < 1:78.7.0-1
MEDIUM6.5Some websites have a feature "Show Password" where clicking a button will change a password field into a textbook field, revealing the type…
from 0, < 1:78.5.0-1
MEDIUM6.5When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming…
from 0, < 1:78.5.0-1
MEDIUM6.5thunderbird - security update
from 0, < 1:68.12.0-1
MEDIUM6.5thunderbird - security update
from 0, < 1:68.12.0-1~deb10u1
MEDIUM6.5thunderbird - security update
from 0, < 1:68.12.0-1~deb9u1
MEDIUM6.5thunderbird - security update
from 0, < 1:68.11.0-1~deb9u1
MEDIUM6.5thunderbird - security update
from 0, < 1:68.11.0-1
MEDIUM6.5thunderbird - security update
from 0, < 1:68.11.0-1~deb10u1
MEDIUM6.5Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to poten…
from 0, < 1:68.11.0-1
MEDIUM6.5When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by…
from 0, < 1:68.10.0-1
MEDIUM6.5Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript.
from 0, < 1:68.10.0-1
MEDIUM6.5chromium - security update
from 0, < 1:68.6.0-1
MEDIUM6.5chromium - security update
from 0, < 1:68.6.0-1~deb9u1
MEDIUM6.5chromium - security update
from 0, < 1:68.6.0-1~deb8u1
MEDIUM6.5When processing a message that contains multiple S/MIME signatures, a bug in the MIME processing code caused a null pointer dereference, le…
from 0, < 1:68.5.0-1
MEDIUM6.5If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still acces…
from 0, < 1:68.5.0-1
MEDIUM6.5When processing an email message with an ill-formed envelope, Thunderbird could read data from a random memory location.
from 0, < 1:68.5.0-1
MEDIUM6.5A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a <canvas> e…
from 0, < 1:60.9.0-1
MEDIUM6.5thunderbird - security update
from 0, < 1:60.9.0-1
MEDIUM6.5thunderbird - security update
from 0, < 1:60.9.0-1~deb8u1
MEDIUM6.5thunderbird - security update
from 0, < 1:60.9.0-1~deb9u1
MEDIUM6.5A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same dire…
from 0, < 1:60.8.0-1
MEDIUM6.5Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memor…
from 0, < 1:60.5.1-1
MEDIUM6.5Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory…
from 0, < 1:60.7.0-1
MEDIUM6.5A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a r…
from 0, < 1:60.2.1-1
MEDIUM6.5A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redire…
from 0, < 1:60.4.0-1
MEDIUM6.5dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward.
from 0, < 1:52.9.0-1
MEDIUM6.5Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward.
from 0, < 1:52.9.0-1
MEDIUM6.5An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value.
from 0, < 1:52.9.0-1
MEDIUM6.5A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consen…
from 0, < 1:52.9.0-1
MEDIUM6.5Plaintext of decrypted emails can leak through by user submitting an embedded form.
from 0, < 1:52.8.0-1
MEDIUM6.5The Resource Timing API incorrectly revealed navigations in cross-origin iframes.
from 0, < 1:52.5.0-1
MEDIUM6.5thunderbird - security update
from 0, < 1:60.2.1-2~deb9u1
MEDIUM6.5thunderbird - security update
from 0, < 1:60.2.1-1
MEDIUM6.5thunderbird - security update
from 0, < 1:60.3.0-1~deb8u1
MEDIUM6.4When an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL header, only the last link is sho…
from 0, < 1:128.10.1esr-1~deb11u1
MEDIUM6.3Spoofing issue in the DOM: Core & HTML component.
from 0, < 1:140.10.0esr-1~deb11u1
MEDIUM6.3Invalid pointer in the JavaScript: WebAssembly component.
from 0, < 1:140.10.0esr-1~deb11u1
MEDIUM6.3Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally.
from 0, < 1:128.10.1esr-1~deb11u1
MEDIUM6.3thunderbird - security update
from 0, < 1:128.10.1esr-1~deb11u1
MEDIUM6.3thunderbird - security update
from 0, < 1:128.10.1esr-1~deb11u1
MEDIUM6.3thunderbird - security update
from 0, < 1:128.10.0esr-1~deb12u1
MEDIUM6.2Information disclosure in the Networking: Cache component.
from 0, < 1:140.3.0esr-1~deb11u1
MEDIUM6.1Mitigation bypass in the DOM: Core & HTML component.
from 0, < 1:140.5.0esr-1~deb11u1
MEDIUM6.1A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resou…
from 0, < 1:140.4.0esr-1~deb11u1
MEDIUM6.1When a file download is specified via the `Content-Disposition` header, that directive would be ignored if the file was included via a `<…
from 0, < 1:128.12.0esr-1~deb11u1
MEDIUM6.1Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP `frame-src` bypass and DOM-based XSS through the Google Saf…
from 0, < 1:128.5.0esr-1~deb11u1
MEDIUM6.1In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a down…
from 0, < 1:128.4.0esr-1~deb11u1
MEDIUM6.1A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjackin…
from 0, < 1:128.3.0esr-1
MEDIUM6.1If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform…
from 0, < 1:128.2.0esr-1
MEDIUM6.1Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of s…
from 0, < 1:115.12.0-1~deb11u1
MEDIUM6.1A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions.
from 0, < 1:115.11.0-1~deb11u1
MEDIUM6.1Using a markup injection an attacker could have stolen nonce values.
from 0, < 1:115.9.0-1~deb11u1
MEDIUM6.1thunderbird - security update
from 0, < 1:115.10.1-1~deb10u1
MEDIUM6.1thunderbird - security update
from 0, < 1:115.10.1-1~deb11u1
MEDIUM6.1thunderbird - security update
from 0, < 1:115.10.1-1~deb11u1
MEDIUM6.1Set-Cookie response headers were being incorrectly honored in multipart HTTP responses.
from 0, < 1:115.8.0-1~deb11u1
MEDIUM6.1A malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-po…
from 0, < 1:115.8.0-1~deb11u1
MEDIUM6.1If a website set a large custom cursor, portions of the cursor could have overlapped with the permission dialog, potentially resulting in u…
from 0, < 1:115.8.0-1~deb11u1
MEDIUM6.1If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting i…
from 0, < 1:102.5.0-1~deb11u1
MEDIUM6.1Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization he…
from 0, < 1:102.5.0-1~deb11u1
MEDIUM6.1When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead.
from 0, < 1:102.3.0-1~deb11u1
MEDIUM6.1Requests initiated through reader mode did not properly omit cookies with a SameSite attribute.
from 0, < 1:91.9.0-1~deb11u1
MEDIUM6.1An improper implementation of the new iframe sandbox keyword <code>allow-top-navigation-by-user-activation</code> could lead to script exec…
from 0, < 1:91.9.0-1~deb11u1
MEDIUM6.1Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content.
from 0, < 1:91.4.1-1~deb11u1
MEDIUM6.1Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as…
from 0, < 1:78.6.0-1
MEDIUM6.1Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker.
from 0, < 1:78.5.0-1
MEDIUM6.1In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS.
from 0, < 1:78.5.0-1
MEDIUM6.1A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization.
from 0, < 1:78.5.0-1
MEDIUM6.1By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to…
from 0, < 1:78.3.1-1
MEDIUM6.1Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed…
from 0, < 1:78.3.1-1
MEDIUM6.1If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be a…
from 0, < 1:68.5.0-1
MEDIUM6.1When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters.
from 0, < 1:68.4.1-1
MEDIUM6.1thunderbird - security update
from 0, < 1:68.4.1-1~deb9u1
MEDIUM6.1thunderbird - security update
from 0, < 1:68.4.1-1~deb8u1
MEDIUM6.1thunderbird - security update
from 0, < 1:68.4.1-1
MEDIUM6.1Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities.
from 0, < 1:68.2.1-1
MEDIUM6.1If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods…
from 0, < 1:68.2.1-1
MEDIUM6.1Some HTML elements, such as <title> and <textarea>, can contain literal angle brackets without treating them as markup.
from 0, < 1:60.9.0-1
MEDIUM6.1Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards o…
from 0, < 1:60.8.0-1
MEDIUM5.9When importing resources using Web Workers, error messages would distinguish the difference between `application/javascript` responses and…
from 0, < 1:115.11.0-1~deb11u1
MEDIUM5.9On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could be triggered by a malformed OpenTy…
from 0, < 1:115.10.1-1~deb11u1
MEDIUM5.9Race conditions in reference counting code were found through code inspection.
from 0, < 1:102.14.0-1~deb11u1
MEDIUM5.9Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection.
from 0, < 1:91.4.1-1~deb11u1
MEDIUM5.9thunderbird - security update
from 0, < 1:78.12.0-1~deb10u1
MEDIUM5.9thunderbird - security update
from 0, < 1:78.12.0-1
MEDIUM5.9thunderbird - security update
from 0, < 1:78.12.0-1~deb9u1
MEDIUM5.9If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mecha…
from 0, < 1:68.10.0-1
MEDIUM5.9A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypa…
from 0, < 1:60.7.0-1
MEDIUM5.9A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been di…
from 0, < 1:60.6.1-1
MEDIUM5.9thunderbird - security update
from 0, < 1:60.6.1-1~deb8u1
MEDIUM5.9thunderbird - security update
from 0, < 1:60.6.1-1
MEDIUM5.9thunderbird - security update
from 0, < 1:60.6.1-1~deb9u1
MEDIUM5.5A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions.
from 0, < 1:115.9.0-1~deb11u1
MEDIUM5.5thunderbird - security update
from 0, < 1:102.3.0-1~deb11u1
MEDIUM5.5thunderbird - security update
from 0, < 1:102.3.0-1~deb11u1
MEDIUM5.5thunderbird - security update
from 0, < 1:102.3.0-1~deb10u1
MEDIUM5.5The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the…
from 0, < 1:68.8.0-1
MEDIUM5.5firefox-esr - security update
from 0, < 1:60.2.1-1
MEDIUM5.5libical - security update
from 0, < 1:60.5.0-1
MEDIUM5.4Spoofing issue in the DOM: Copy & Paste and Drag & Drop component.
from 0, < 1:140.7.0esr-1~deb11u1
MEDIUM5.4libvpx - security update
from 0, < 1:128.11.0esr-1~deb11u1
MEDIUM5.4A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page.
from 0, < 1:128.11.0esr-1~deb11u1
MEDIUM5.4The Thunderbird Address Book URI fields contained unsanitized links.
from 0, < 1:128.7.0esr-1~deb11u1
MEDIUM5.4firefox-esr - security update
from 0, < 1:128.6.0esr-1~deb11u1
MEDIUM5.4The application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification.
from 0, < 1:128.5.0esr-1~deb11u1
MEDIUM5.4A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential sp…
from 0, < 1:128.5.0esr-1~deb11u1
MEDIUM5.4The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts.
from 0, < 1:115.5.0-1~deb11u1
MEDIUM5.4A background script invoking <code>requestFullscreen</code> and then blocking the main thread could force the browser into fullscreen mode…
from 0, < 1:102.8.0-1~deb11u1
MEDIUM5.4Due to a layout change, iframe contents could have been rendered outside of its border.
from 0, < 1:91.8.0-1~deb11u1
MEDIUM5.4When importing a revoked key that specified key compromise as the revocation reason, Thunderbird did not update the existing copy of the ke…
from 0, < 1:91.8.0-1~deb11u1
MEDIUM5.4By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content.
from 0, < 1:68.2.1-1
MEDIUM5.4The content security policy (CSP) "sandbox" directive did not create a unique origin for the document, causing it to behave as if the "allo…
from 0, < 1:52.4.0-1
MEDIUM5.3Other issue in the JavaScript Engine component.
from 0, < 1:140.11.0esr-1~deb11u1
MEDIUM5.3Other issue in the Libraries component in NSS.
from 0, < 1:140.10.0esr-1~deb11u1
MEDIUM5.3Information disclosure in the Form Autofill component.
from 0, < 1:140.10.0esr-1~deb11u1
MEDIUM5.3Incorrect boundary conditions in the Graphics component.
from 0, < 1:140.7.0esr-1~deb11u1
MEDIUM5.3Information disclosure in the Networking component.
from 0, < 1:140.7.0esr-1~deb11u1
MEDIUM5.3When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could have learned the length o…
from 0, < 1:128.8.0esr-1~deb11u1
MEDIUM5.3Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash.
from 0, < 1:128.6.0esr-1~deb11u1
MEDIUM5.3The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`.
from 0, < 1:128.4.0esr-1~deb11u1
MEDIUM5.3By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application wh…
from 0, < 1:128.3.0esr-1
MEDIUM5.3When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary.
from 0, < 1:115.6.0-1~deb11u1
MEDIUM5.3In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis.
from 0, < 1:102.14.0-1~deb11u1
MEDIUM5.3thunderbird - security update
from 0, < 1:102.14.0-1~deb10u1
MEDIUM5.3thunderbird - security update
from 0, < 1:102.14.0-1~deb11u1
MEDIUM5.3thunderbird - security update
from 0, < 1:102.14.0-1~deb11u1
MEDIUM5.3Ribose RNP before 0.16.3 may hang when the input is malformed.
from 0, < 1:102.10.0-1~deb11u1
MEDIUM5.3thunderbird - security update
from 0, < 1:91.12.0-1~deb10u1
MEDIUM5.3thunderbird - security update
from 0, < 1:91.12.0-1~deb11u1
MEDIUM5.3When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash.
from 0, < 1:68.9.0-1
MEDIUM5.3The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g.
from 0, < 1:68.6.0-1
MEDIUM5.3Images from a different domain can be read using a canvas object in some circumstances.
from 0, < 1:60.7.0-1
MEDIUM5.3A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, al…
from 0, < 1:60.8.0-1
MEDIUM5.3If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped…
from 0, < 1:60.7.0-1
MEDIUM5.3Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the imag…
from 0, < 1:60.7.0-1
MEDIUM5.3A flaw during verification of certain S/MIME signatures causes emails to be shown in Thunderbird as having a valid digital signature, even…
from 0, < 1:60.5.1-1
MEDIUM5.3libpng1.6 - security update
from 0, < 1:60.7.0-1
MEDIUM5.3Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element.
from 0, < 1:52.8.0-1
MEDIUM5.3If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to s…
from 0, < 1:52.6.0-1
MEDIUM5.3RSS fields can inject new lines into the created email structure, modifying the message body.
from 0, < 1:52.5.2-1
MEDIUM5.3thunderbird - security update
from 0, < 1:52.5.2-1~deb7u1
MEDIUM5.3thunderbird - security update
from 0, < 1:52.5.2-1
MEDIUM5.1Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5.
from 0, < 1:128.6.0esr-1~deb11u1
MEDIUM4.8Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command…
from 0, < 1:128.11.0esr-1~deb11u1
MEDIUM4.8A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attrib…
from 0, < 1:128.10.1esr-1~deb11u1
MEDIUM4.7thunderbird - security update
from 0, < 1:115.13.0-1~deb11u1
MEDIUM4.7thunderbird - security update
from 0, < 1:115.13.0-1~deb11u1
MEDIUM4.7By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would…
from 0, < 1:115.12.0-1~deb11u1
MEDIUM4.4firefox-esr - security update
from 0, < 1:68.9.0-1
MEDIUM4.3thunderbird - security update
from 0, < 1:140.7.1esr-1~deb11u1
MEDIUM4.3thunderbird - security update
from 0, < 1:140.7.1esr-1~deb12u1
MEDIUM4.3thunderbird - security update
from 0, < 1:140.7.1esr-1~deb11u1
MEDIUM4.3Clickjacking issue, information disclosure in the PDF Viewer component.
from 0, < 1:140.7.0esr-1~deb11u1
MEDIUM4.3An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and pe…
from 0, < 1:128.12.0esr-1~deb11u1
MEDIUM4.3Script elements loading cross-origin resources generated load and error events which leaked information enabling XS-Leaks attacks.
from 0, < 1:128.11.0esr-1~deb11u1
MEDIUM4.3firefox-esr - security update
from 0, < 1:128.11.0esr-1~deb11u1
MEDIUM4.3A web page could trick a user into setting that site as the default handler for a custom URL protocol.
from 0, < 1:128.8.0esr-1~deb11u1
MEDIUM4.3thunderbird - security update
from 0, < 1:128.5.0esr-1~deb11u1
MEDIUM4.3thunderbird - security update
from 0, < 1:128.5.0esr-1~deb12u1
MEDIUM4.3thunderbird - security update
from 0, < 1:128.5.0esr-1~deb11u1
MEDIUM4.3thunderbird - security update
from 0, < 1:128.4.3esr-1~deb11u1
MEDIUM4.3thunderbird - security update
from 0, < 1:128.4.3esr-1~deb12u1
MEDIUM4.3thunderbird - security update
from 0, < 1:128.4.3esr-1~deb11u1
MEDIUM4.3By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's…
from 0, < 1:115.12.0-1~deb11u1
MEDIUM4.3If the `browser.privatebrowsing.autostart` preference is enabled, IndexedDB files were not properly deleted when the window was closed.
from 0, < 1:115.11.0-1~deb11u1
MEDIUM4.3A website could have obscured the fullscreen notification by using a dropdown select input element.
from 0, < 1:115.8.0-1~deb11u1
MEDIUM4.3A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar.
from 0, < 1:115.7.0-1~deb11u1
MEDIUM4.3It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timest…
from 0, < 1:115.7.0-1~deb11u1
MEDIUM4.3When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user.
from 0, < 1:115.6.0-1~deb11u1
MEDIUM4.3thunderbird - security update
from 0, < 1:115.6.0-1~deb11u1
MEDIUM4.3thunderbird - security update
from 0, < 1:115.6.0-1~deb10u1
MEDIUM4.3thunderbird - security update
from 0, < 1:115.6.0-1~deb11u1
MEDIUM4.3A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive us…
from 0, < 1:115.4.1-1~deb11u1
MEDIUM4.3thunderbird - security update
from 0, < 1:115.4.1-1~deb11u1
MEDIUM4.3thunderbird - security update
from 0, < 1:115.4.1-1~deb10u1
MEDIUM4.3thunderbird - security update
from 0, < 1:115.4.1-1~deb11u1
MEDIUM4.3Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any…
from 0, < 1:102.15.0-1~deb11u1
MEDIUM4.3An attacker could have positioned a `datalist` element to obscure the address bar.
from 0, < 1:102.11.0-1~deb11u1
MEDIUM4.3thunderbird - security update
from 0, < 1:102.11.0-1~deb10u1
MEDIUM4.3thunderbird - security update
from 0, < 1:102.11.0-1~deb11u1
MEDIUM4.3thunderbird - security update
from 0, < 1:102.11.0-1~deb11u1
MEDIUM4.3A website could have obscured the fullscreen notification by using a combination of <code>window.open</code>, fullscreen requests, <code>wi…
from 0, < 1:102.10.0-1~deb11u1
MEDIUM4.3By confusing the browser, the fullscreen notification could have been delayed or suppressed, resulting in potential user confusion or spoof…
from 0, < 1:102.8.0-1~deb11u1
MEDIUM4.3When receiving an HTML email that specified to load an <code>iframe</code> element from a remote location, a request to the remote document…
from 0, < 1:102.2.1-1
MEDIUM4.3If there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would have been blocked, resulting in incorre…
from 0, < 1:91.11.0-1~deb11u1
MEDIUM4.3When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification.
from 0, < 1:91.7.0-2~deb11u1
MEDIUM4.3When navigating from inside an iframe while requesting fullscreen access, an attacker-controlled tab could have made the browser unable to…
from 0, < 1:91.5.0-2~deb11u1
MEDIUM4.3thunderbird - security update
from 0, < 1:91.9.0-1~deb10u1
MEDIUM4.3thunderbird - security update
from 0, < 1:91.9.0-1~deb9u1
MEDIUM4.3thunderbird - security update
from 0, < 1:91.9.0-1~deb11u1
MEDIUM4.3It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor.
from 0, < 1:91.4.1-1~deb11u1
MEDIUM4.3By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full scr…
from 0, < 1:91.4.1-1~deb11u1
MEDIUM4.3Due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbitrary (although unstyled) contents could be…
from 0, < 1:91.4.1-1~deb11u1
MEDIUM4.3By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validi…
from 0, < 1:91.4.1-1~deb11u1
MEDIUM4.3Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user.
from 0, < 1:91.4.1-1~deb11u1
MEDIUM4.3If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thun…
from 0, < 1:78.10.2-1
MEDIUM4.3thunderbird - security update
from 0, < 1:78.11.0-1~deb9u1
MEDIUM4.3thunderbird - security update
from 0, < 1:78.10.2-1
MEDIUM4.3thunderbird - security update
from 0, < 1:78.11.0-1~deb10u1
MEDIUM4.3Thunderbird did not check if the user ID associated with an OpenPGP key has a valid self signature.
from 0, < 1:78.10.0-1
MEDIUM4.3If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said inform…
from 0, < 1:78.7.0-1
MEDIUM4.3As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file i…
from 0, < 1:78.8.0-1
MEDIUM4.3thunderbird - security update
from 0, < 1:78.8.0-1
MEDIUM4.3thunderbird - security update
from 0, < 1:78.8.0-1~deb10u1
MEDIUM4.3thunderbird - security update
from 0, < 1:78.8.0-1~deb9u1
MEDIUM4.3thunderbird - security update
from 0, < 1:78.5.0-1~deb10u1
MEDIUM4.3thunderbird - security update
from 0, < 1:78.5.0-1~deb9u1
MEDIUM4.3thunderbird - security update
from 0, < 1:78.5.0-1
MEDIUM4.3When an extension with the proxy permission registered to receive <all_urls>, the proxy.onRequest callback was not triggered for view-sourc…
from 0, < 1:78.6.0-1
MEDIUM4.3It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phis…
from 0, < 1:78.5.0-1
MEDIUM4.3By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird dis…
from 0, < 1:68.8.0-1
MEDIUM4.3thunderbird - security update
from 0, < 1:68.5.0-1
MEDIUM4.3thunderbird - security update
from 0, < 1:68.5.0-1~deb8u1
MEDIUM4.3thunderbird - security update
from 0, < 1:68.5.0-1~deb9u1
MEDIUM4.3thunderbird - security update
from 0, < 1:60.7.0-1~deb9u1
MEDIUM4.3thunderbird - security update
from 0, < 1:60.7.0-1~deb8u1
MEDIUM4.3thunderbird - security update
from 0, < 1:60.7.0-1
MEDIUM4.3Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field.
from 0, < 1:52.9.0-1
MEDIUM4.3In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure pr…
from 0, < 1:60.0-1
MEDIUM4.3It is possible to spoof the filename of an attachment and display an arbitrary attachment name.
from 0, < 1:52.8.0-1
MEDIUM4.3Crafted message headers can cause a Thunderbird process to hang on receiving the message.
from 0, < 1:52.8.0-1
MEDIUM4.3Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name.
from 0, < 1:52.5.2-1
MEDIUM4.0Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free.
from 0, < 1:128.6.0esr-1~deb11u1
MEDIUM4.0When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site.
from 0, < 1:128.6.0esr-1~deb11u1
MEDIUM4.0If an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect reference count and later use-after-free.
from 0, < 1:115.10.1-1~deb11u1
LOW3.7There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed.
from 0, < 1:115.10.1-1~deb11u1
LOW3.7Navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specification in some instances for the unload eve…
from 0, < 1:60.9.0-1
LOW3.4Spoofing issue in Firefox.
from 0, < 1:140.5.0esr-1~deb11u1
LOW3.1thunderbird - security update
from 0, < 1:102.12.0-1~deb11u1
LOW3.1thunderbird - security update
from 0, < 1:102.12.0-1~deb10u1
LOW3.1thunderbird - security update
from 0, < 1:102.12.0-1~deb11u1
LOW2.7To harden ICU against exploitation, the behavior for out-of-memory conditions was changed to crash instead of attempt to continue.
from 0, < 1:115.9.0-1~deb11u1
LOW2.5Signatures are written to disk before and read during verification, which might be subject to a race condition when a malicious local proce…
from 0, < 1:78.10.0-1
—Rejected reason: This CVE was marked as fixed, but due to other code landing - was not actually fixed.
from 0, < 1:128.10.1esr-1~deb11u1
—matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal
from 0, < 1:128.6.0esr-1~deb12u1
—matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal
from 0, < 1:128.6.0esr-1~deb11u1
—matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal
from 0, < 1:128.6.0esr-1~deb11u1
—Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5, with "Load Images" enabled, allows remote user-assisted attackers to bypass…
from 0, < 1.5.0.7-1
—The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked popups" display in the context of the Location bar instead of the su…
from 0, < 1.5.0.7-1
—Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows remote attackers to bypass the security model and inject content into the…
from 0, < 1.5.0.7-1
—Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allow remote attacke…
from 0, < 1.5.0.7-1
—Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service…
from 0, < 1.5.0.7-1
—Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and Se…
from 0, < 1.5.0.7-1
—Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it easy for users to accept self-signed certificates for the auto-updat…
from 0, < 1.5.0.7-1
—Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attacker…
from 0, < 1.5.0.7-1
—Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly…
from 0, < 1.5.0.7-1
—Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to reference remote files an…
from 0, < 1.5.0.5-1
—Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to cause a denial of ser…
from 0, < 1.5.0.5-1
—Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 does not properly clear a JavaScript reference to a frame or window, which le…
from 0, < 1.5.0.5-1
—mozilla-firefox - several vulnerabilities
from 0, < 1.5.0.5-1
—Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allow remote attackers t…
from 0, < 1.5.0.5-1
—Cross-site scripting (XSS) vulnerability in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allo…
from 0, < 1.5.0.5-1
—Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to hijack native DOM methods…
from 0, < 1.5.0.5-1
—Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows scripts with the UniversalBrowserRead privile…
from 0, < 1.5.0.5-1
—Mozilla Firefox before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote Proxy AutoConfig (PAC) servers to execute code with elevated privil…
from 0, < 1.5.0.5-1
—Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code vi…
from 0, < 1.5.0.5-1
—Race condition in the JavaScript garbage collection in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before…
from 0, < 1.5.0.5-1
—Multiple integer overflows in the Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0…
from 0, < 1.5.0.5-1
—Heap-based buffer overflow in Mozilla Thunderbird before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to cause a denial of se…
from 0, < 1.5.0.5-1
—EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via javascript that calls the va…
from 0, < 1.5.0.4-1
—HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbird before 1.5.0.4, when used with certain proxy servers, allows remot…
from 0, < 1.5.0.4-1
—mozilla - several
from 0, < 1.5.0.4-1
—Mozilla Firefox and Thunderbird before 1.5.0.4 strip the Unicode Byte-order-Mark (BOM) from a UTF-8 page before the page is passed to the p…
from 0, < 1.5.0.4-1
—Double free vulnerability in nsVCard.cpp in Mozilla Thunderbird before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to cause…
from 0, < 1.5.0.4-1
—Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to cause a denial of service (crash) and possibl…
from 0, < 1.5.0.4-1
—Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL attributes with the wrong URL under certain unspecified circumstances, which…
from 0, < 1.5.0.4-1
—Certain privileged UI code in Mozilla Firefox and Thunderbird before 1.5.0.4 calls content-defined setters on an object prototype, which al…
from 0, < 1.5.0.4-1
—The crypto.signText function in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to execute arbitrary code via certai…
from 0, < 1.5.0.4-1
—A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code…
from 0, < 1.5.0.2-1
—Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey befor…
from 0, < 1.5.0.2-1
—Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMon…
from 0, < 1.5.0.2-1
—Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote…
from 0, < 1.5.0.2-1
—Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and Se…
from 0, < 1.5.0.2-1
—Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial…
from 0, < 1.5.0.2-1
—Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey b…
from 0, < 1.5.0.2-1
—nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey…
from 0, < 1.5.0.2-1
—Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial…
from 0, < 1.5.0.2-1
—Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and Se…
from 0, < 1.5.0.2-1
—Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote…
from 0, < 1.5.0.2-1
—Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inj…
from 0, < 1.5.0.2-1
—Unspecified vulnerability in Firefox and Thunderbird 1.5 before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to bypass the…
from 0, < 1.5.0.2-1
—Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not prope…
from 0, < 1.5.0.2-1
—The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey…
from 0, < 1.5.0.2-1
—Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to spo…
from 0, < 1.5.0.2-1
—Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 returns the Ob…
from 0, < 1.5.0.2-1
—Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial…
from 0, < 1.5.0.2-1
—Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows r…
from 0, < 1.5.0.2-1
—The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and Se…
from 0, < 1.5.0.2-1
—Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMon…
from 0, < 1.5.0.2-1
—Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before…
from 0, < 1.5.0.2-1
—Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial…
from 0, < 1.5.0.2-1
—The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly…
from 0, < 1.5.0.2-1
—The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascr…
from 0, < 1.5.0.2-1
—The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 exposes t…
from 0, < 1.5.0.2-1
—The XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and…
from 0, < 1.5.0.2-1
—Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow r…
from 0, < 1.5.0.2-1
—The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which a…
from 0, < 1.5.0.2-1
—Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arb…
from 0, < 1.5.0.2-1
—The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote atta…
from 0, < 1.5.0.2-1
—Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 allow remote attackers to execute a…
from 0, < 1.5.0.2-1
—mozilla-thunderbird - several vulnerabilities
from 0, < 1.5.0.2-1