| CVE-2022-31747 |
AVG-2761 |
High |
Yes |
Arbitrary code execution |
Unknown |
| CVE-2022-31742 |
AVG-2761 |
Medium |
Unknown |
Information disclosure |
百度 社会各界对环保法的实施寄予厚望,希望环保法长出钢牙利齿。
An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key... |
| CVE-2022-31741 |
AVG-2761 |
High |
Yes |
Information disclosure |
A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption. |
| CVE-2022-31738 |
AVG-2761 |
High |
Yes |
Content spoofing |
When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or... |
| CVE-2022-31737 |
AVG-2761 |
High |
Yes |
Arbitrary code execution |
A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash. |
| CVE-2022-31736 |
AVG-2761 |
High |
Yes |
Information disclosure |
A malicious website could have learned the size of a cross-origin resource that supported Range requests. |
| CVE-2022-29917 |
AVG-2710 |
High |
Yes |
Arbitrary code execution |
Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99 and Firefox... |
| CVE-2022-29916 |
AVG-2710 |
High |
Yes |
Information disclosure |
Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables. This could have been used to probe the... |
| CVE-2022-29914 |
AVG-2710 |
High |
Yes |
Content spoofing |
When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks. |
| CVE-2022-29913 |
AVG-2710 |
Medium |
Yes |
Insufficient validation |
The parent process would not properly check whether the Speech Synthesis feature is enabled, when receiving instructions from a child process. |
| CVE-2022-29912 |
AVG-2710 |
Medium |
Yes |
Insufficient validation |
Requests initiated through reader mode did not properly omit cookies with a SameSite attribute. |
| CVE-2022-29911 |
AVG-2710 |
High |
Yes |
Arbitrary code execution |
An improper implementation of the new iframe sandbox keyword allow- top-navigation-by-user-activation could lead to script execution without allow-scripts... |
| CVE-2022-29909 |
AVG-2710 |
High |
Yes |
Privilege escalation |
Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and... |
| CVE-2022-28289 |
AVG-2712 |
High |
Yes |
Arbitrary code execution |
Mozilla developers and community members Nika Layzell, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory safety bugs present... |
| CVE-2022-28286 |
AVG-2712 |
Low |
Yes |
Content spoofing |
Due to a layout change, iframe contents could have been rendered outside of its border. This could have led to user confusion or spoofing attacks. |
| CVE-2022-28285 |
AVG-2712 |
Medium |
Unknown |
Unknown |
When generating the assembly code for MLoadTypedArrayElementHole, an incorrect AliasSet was used. In conjunction with another vulnerability this could have... |
| CVE-2022-28282 |
AVG-2712 |
Medium |
Unknown |
Unknown |
By using a link with rel="localization" a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing... |
| CVE-2022-28281 |
AVG-2712 |
High |
Yes |
Arbitrary code execution |
If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would... |
| CVE-2022-26387 |
AVG-2713 |
High |
Unknown |
Unknown |
When installing an add-on, Thunderbird verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on... |
| CVE-2022-26386 |
AVG-2713 |
Low |
No |
Unknown |
Previously Thunderbird for macOS and Linux would download temporary files to a user-specific directory in /tmp, but this behavior was changed to download... |
| CVE-2022-26384 |
AVG-2713 |
High |
Yes |
Unknown |
If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked,... |
| CVE-2022-26383 |
AVG-2713 |
High |
Yes |
Unknown |
When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification. |
| CVE-2022-26381 |
AVG-2713 |
High |
Yes |
Arbitrary code execution |
An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash. |
| CVE-2022-24713 |
AVG-2712 |
Low |
Unknown |
Unknown |
The rust regex crate did not properly prevent crafted regular expressions from taking an arbitrary amount of time during parsing. If an attacker was able to... |
| CVE-2022-1834 |
AVG-2761 |
High |
Yes |
Content spoofing |
When displaying the sender of an email, and the sender name contained the Braille Pattern Blank space character multiple times, Thunderbird would have... |
| CVE-2022-1802 |
AVG-2729 |
Critical |
Yes |
Arbitrary code execution |
If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of... |
| CVE-2022-1529 |
AVG-2729 |
Critical |
Yes |
Arbitrary code execution |
An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype... |
| CVE-2022-1520 |
AVG-2710 |
Low |
No |
Insufficient validation |
When viewing an email message A, which contains an attached message B, where B is encrypted or digitally signed or both, Thunderbird may show an incorrect... |
| CVE-2022-1197 |
AVG-2712 |
Medium |
Unknown |
Unknown |
When importing a revoked key that specified key compromise as the revocation reason, Thunderbird did not update the existing copy of the key that was not... |
| CVE-2022-1196 |
AVG-2712 |
Medium |
Unknown |
Unknown |
After a VR Process is destroyed, a reference to it may have been retained and used, leading to a use-after-free and potentially exploitable crash. |
| CVE-2022-1097 |
AVG-2712 |
High |
Yes |
Arbitrary code execution |
NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use- after-free and... |
| CVE-2021-43546 |
AVG-2608 |
Low |
Yes |
Content spoofing |
A security issue has been found in Firefox before version 95 and Thunderbird before version 91.4.0. It was possible to recreate previous cursor spoofing... |
| CVE-2021-43545 |
AVG-2608 |
Low |
Yes |
Denial of service |
A security issue has been found in Firefox before version 95 and Thunderbird before version 91.4.0. Using the Location API in a loop could have caused... |
| CVE-2021-43543 |
AVG-2608 |
Medium |
Yes |
Sandbox escape |
A security issue has been found in Firefox before version 95 and Thunderbird before version 91.4.0. Documents loaded with the CSP sandbox directive could... |
| CVE-2021-43542 |
AVG-2608 |
Medium |
Yes |
Information disclosure |
A security issue has been found in Firefox before version 95 and Thunderbird before version 91.4.0. Using XMLHttpRequest, an attacker could have identified... |
| CVE-2021-43541 |
AVG-2608 |
Medium |
Yes |
Incorrect calculation |
A security issue has been found in Firefox before version 95 and Thunderbird before version 91.4.0. When invoking protocol handlers for external protocols,... |
| CVE-2021-43539 |
AVG-2608 |
High |
Yes |
Arbitrary code execution |
A security issue has been found in Firefox before version 95 and Thunderbird before version 91.4.0. Failure to correctly record the location of live... |
| CVE-2021-43538 |
AVG-2608 |
High |
Yes |
Content spoofing |
A security issue has been found in Firefox before version 95 and Thunderbird before version 91.4.0. By misusing a race in the notification code, an attacker... |
| CVE-2021-43537 |
AVG-2608 |
High |
Yes |
Arbitrary code execution |
A security issue has been found in Firefox before version 95 and Thunderbird before version 91.4.0. An incorrect type conversion of sizes from 64bit to... |
| CVE-2021-43536 |
AVG-2608 |
High |
Yes |
Information disclosure |
A security issue has been found in Firefox before version 95 and Thunderbird before version 91.4.0. Under certain circumstances, asynchronous functions... |
| CVE-2021-43528 |
AVG-2608 |
Low |
Yes |
Arbitrary code execution |
Thunderbird before version 91.4.0 unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did... |
| CVE-2021-38510 |
AVG-2519 |
Medium |
Yes |
Arbitrary code execution |
A security issue has been found in Firefox before version 94 and Thunderbird before version 91.3. The executable file warning was not presented when... |
| CVE-2021-38509 |
AVG-2518 |
Medium |
Yes |
Content spoofing |
A security issue has been found in Firefox before version 94 and Thunderbird before version 91.3. Due to an unusual sequence of attacker-controlled events,... |
| CVE-2021-38508 |
AVG-2518 |
Medium |
Yes |
Content spoofing |
A security issue has been found in Firefox before version 94 and Thunderbird before version 91.3. By displaying a form validity message in the correct... |
| CVE-2021-38507 |
AVG-2518 |
High |
Yes |
Same-origin policy bypass |
A security issue has been found in Firefox before version 94 and Thunderbird before version 91.3. The Opportunistic Encryption feature of HTTP2 (RFC 8164)... |
| CVE-2021-38506 |
AVG-2518 |
High |
Yes |
Content spoofing |
A security issue has been found in Firefox before version 94 and Thunderbird before version 91.3. Through a series of navigations, Firefox and Thunderbird... |
| CVE-2021-38505 |
AVG-2519 |
High |
Yes |
Information disclosure |
A security issue has been found in Firefox before version 94 and Thunderbird before version 91.3. Microsoft introduced a new feature in Windows 10 known as... |
| CVE-2021-38504 |
AVG-2518 |
High |
Yes |
Arbitrary code execution |
A security issue has been found in Firefox before version 94 and Thunderbird before version 91.3. When interacting with an HTML input element's file picker... |
| CVE-2021-38503 |
AVG-2518 |
High |
Yes |
Sandbox escape |
A security issue has been found in Firefox before version 94 and Thunderbird before version 91.3. The iframe sandbox rules were not correctly applied to... |
| CVE-2021-38502 |
AVG-2459 |
High |
Yes |
Man-in-the-middle |
Thunderbird before version 91.2 ignored the configuration to require STARTTLS security for an SMTP connection. A man-in-the-middle (MITM) could perform a... |
| CVE-2021-38501 |
AVG-2459 |
High |
Yes |
Arbitrary code execution |
Mozilla developers and community members reported memory safety bugs present in Firefox 92 and Thunderbird 91.1. Some of these bugs showed evidence of... |
| CVE-2021-38500 |
AVG-2459 |
High |
Yes |
Arbitrary code execution |
Mozilla developers and community members reported memory safety bugs present in Firefox 92 and Thunderbird 91.1. Some of these bugs showed evidence of... |
| CVE-2021-38498 |
AVG-2459 |
Medium |
Yes |
Arbitrary code execution |
During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially... |
| CVE-2021-38497 |
AVG-2459 |
Medium |
Yes |
Content spoofing |
Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user... |
| CVE-2021-38496 |
AVG-2459 |
High |
Yes |
Arbitrary code execution |
During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. |
| CVE-2021-38495 |
AVG-2291 |
High |
Yes |
Arbitrary code execution |
Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes... |
| CVE-2021-38493 |
AVG-2344 |
Critical |
Yes |
Arbitrary code execution |
Mozilla developers reported memory safety bugs present in Firefox 91 and Thunderbird 78.13. Some of these bugs showed evidence of memory corruption and... |
| CVE-2021-38492 |
AVG-2353 |
Medium |
Yes |
Arbitrary command execution |
When delegating navigations to the operating system, Firefox before version 91.1 and Thunderbird before version 78.14 would accept the `mk` scheme which... |
| CVE-2021-32810 |
AVG-2459 |
Medium |
Yes |
Information disclosure |
In the crossbeam crate, one or more tasks in the worker queue could have been be popped twice instead of other tasks that are forgotten and never popped. If... |
| CVE-2021-30547 |
AVG-2152 |
High |
Yes |
Arbitrary code execution |
An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash in the Chromium browser engine... |
| CVE-2021-29991 |
AVG-2291 |
High |
Yes |
Url request injection |
Firefox and Thunderbird before version 91.0.1 incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for... |
| CVE-2021-29989 |
AVG-2270 |
High |
Yes |
Arbitrary code execution |
Mozilla developers reported memory safety bugs present in Firefox 90 and Thunderbird 78.12. Some of these bugs showed evidence of memory corruption and... |
| CVE-2021-29988 |
AVG-2270 |
High |
Yes |
Arbitrary code execution |
Firefox before version 91 and Thunderbird before version 78.13 incorrectly treated an inline list-item element as a block element, resulting in an out of... |
| CVE-2021-29987 |
AVG-2291 |
Medium |
Yes |
Content spoofing |
A security issue has been found in Firefox and Thunderbird before version 91. After requesting multiple permissions, and closing the first permission panel,... |
| CVE-2021-29986 |
AVG-2270 |
High |
Yes |
Arbitrary code execution |
A security issue has been found in Firefox before version 91 and Thunderbird before version 78.13. A suspected race condition when calling getaddrinfo() led... |
| CVE-2021-29985 |
AVG-2270 |
Medium |
Yes |
Arbitrary code execution |
A security issue has been found in Firefox before version 91 and Thunderbird before version 78.13. A use-after-free vulnerability in media channels could... |
| CVE-2021-29984 |
AVG-2270 |
High |
Yes |
Arbitrary code execution |
A security issue has been found in Firefox before version 91 and Thunderbird before version 78.13. Instruction reordering resulted in a sequence of... |
| CVE-2021-29982 |
AVG-2291 |
Low |
Yes |
Information disclosure |
A security issue has been found in Firefox and Thunderbird before version 91. Due to incorrect JIT optimization, it incorrectly interpreted data from the... |
| CVE-2021-29981 |
AVG-2291 |
High |
Yes |
Arbitrary code execution |
A security issue has been found in Firefox and Thunderbird before version 91. An issue present in lowering/register allocation could have led to obscure but... |
| CVE-2021-29980 |
AVG-2270 |
High |
Yes |
Arbitrary code execution |
A security issue has been found in Firefox before version 91 and Thunderbird before version 78.13. Uninitialized memory in a canvas object could have caused... |
| CVE-2021-29976 |
AVG-2152 |
High |
Yes |
Arbitrary code execution |
Mozilla developers reported memory safety bugs present in Firefox 89 and Thunderbird 78.11. Some of these bugs showed evidence of memory corruption and... |
| CVE-2021-29970 |
AVG-2152 |
High |
Yes |
Arbitrary code execution |
A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. This bug only affected Firefox before... |
| CVE-2021-29969 |
AVG-2152 |
High |
Yes |
Content spoofing |
If Thunderbird before version 78.12 was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the... |
| CVE-2021-29967 |
AVG-2035 |
High |
Yes |
Arbitrary code execution |
Mozilla developers reported memory safety bugs present in Firefox 88 and Thunderbird 78.10. Some of these bugs showed evidence of memory corruption and... |
| CVE-2021-29957 |
AVG-1964 |
Low |
Yes |
Content spoofing |
If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not... |
| CVE-2021-29956 |
AVG-1964 |
Low |
No |
Information disclosure |
OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were stored unencrypted on the user's local disk. The master... |
| CVE-2021-29951 |
AVG-1914 |
Medium |
Yes |
Denial of service |
A security issue has been found in Thunderbird for Windows before version 78.10.1. The Maintenance Service granted SERVICE_START access to BUILTIN|Users... |
| CVE-2021-29950 |
AVG-1845 |
Medium |
No |
Private key recovery |
A security issue was found in Thunderbird before version 78.8.1. Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or... |
| CVE-2021-29949 |
AVG-1790 |
Low |
No |
Arbitrary code execution |
A security issue was found in Thunderbird before version 78.9.1. When loading the shared library that provides the OTR protocol implementation, Thunderbird... |
| CVE-2021-29948 |
AVG-1836 |
Low |
No |
Signature forgery |
A security issue has been found in Thunderbird before version 78.10. Signatures are written to disk before and read during verification, which might be... |
| CVE-2021-29946 |
AVG-1836 |
Low |
Yes |
Access restriction bypass |
A security issue has been found in Firefox before version 88 and Thunderbird before version 78.10. Ports that were written as an integer overflow above the... |
| CVE-2021-29945 |
AVG-1837 |
Medium |
Yes |
Denial of service |
A security issue has been found in Firefox before version 88 and Thunderbird before version 78.10. The WebAssembly JIT could miscalculate the size of a... |
| CVE-2021-24002 |
AVG-1836 |
Medium |
Yes |
Arbitrary command execution |
A security issue has been found in Firefox before version 88 and Thunderbird before version 78.10. When a user clicked on an FTP URL containing encoded... |
| CVE-2021-23999 |
AVG-1836 |
Medium |
Yes |
Sandbox escape |
A security issue has been found in Firefox before version 88 and Thunderbird before version 78.10. If a Blob URL was loaded through some unusual user... |
| CVE-2021-23998 |
AVG-1836 |
Medium |
Yes |
Content spoofing |
A security issue has been found in Firefox before version 88 and Thunderbird before version 78.10. Through complicated navigations with new windows, an HTTP... |
| CVE-2021-23995 |
AVG-1836 |
High |
Yes |
Arbitrary code execution |
A security issue has been found in Firefox before version 88 and Thunderbird before version 78.10. When Responsive Design Mode was enabled, it used... |
| CVE-2021-23994 |
AVG-1836 |
High |
Yes |
Arbitrary code execution |
A security issue has been found in Firefox before version 88 and Thunderbird before version 78.10. A WebGL framebuffer was not initialized early enough,... |
| CVE-2021-23993 |
AVG-1790 |
Medium |
Yes |
Denial of service |
A security issue was found in Thunderbird before version 78.9.1. An attacker may perform a denial of service (DoS) attack to prevent a user from sending... |
| CVE-2021-23992 |
AVG-1790 |
Medium |
Yes |
Signature forgery |
Thunderbird before version 78.9.1 did not check if the user ID associated with an OpenPGP key has a valid self signature. An attacker may create a crafted... |
| CVE-2021-23991 |
AVG-1790 |
Medium |
Yes |
Denial of service |
A security issue was found in Thunderbird before version 78.9.1. If a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has extended... |
| CVE-2021-23987 |
AVG-1729 |
High |
Yes |
Arbitrary code execution |
A security issue was found in Firefox before version 87 and Thunderbird before version 78.9. Mozilla developers and community members reported memory safety... |
| CVE-2021-23984 |
AVG-1729 |
Medium |
Yes |
Content spoofing |
A security issue was found in Firefox before version 87 and Thunderbird before version 78.9. A malicious extension could have opened a popup window lacking... |
| CVE-2021-23982 |
AVG-1729 |
Medium |
Yes |
Information disclosure |
A security issue was found in Firefox before version 87 and Thunderbird before version 78.9. Using techniques that built on the slipstream research, a... |
| CVE-2021-23981 |
AVG-1729 |
High |
Yes |
Arbitrary code execution |
A security issue was found in Firefox before version 87 and Thunderbird before version 78.9. A texture upload of a Pixel Buffer Object could have confused... |
| CVE-2021-23978 |
AVG-1601 |
High |
Yes |
Arbitrary code execution |
A security issue was found in Firefox before version 86.0 and Thunderbird before version 78.8. Mozilla developers reported memory safety bugs present in... |
| CVE-2021-23973 |
AVG-1601 |
Low |
Yes |
Information disclosure |
A security issue was found in Firefox before version 86.0 and Thunderbird before version 78.8. When trying to load a cross-origin resource in an audio/video... |
| CVE-2021-23969 |
AVG-1601 |
High |
Yes |
Information disclosure |
A security issue was found in Firefox before version 86.0 and Thunderbird before version 78.8. As specified in the W3C Content Security Policy draft, when... |
| CVE-2021-23968 |
AVG-1601 |
High |
Yes |
Information disclosure |
A security issue was found in Firefox before version 86.0 and Thunderbird before version 78.8. If Content Security Policy blocked frame navigation, the full... |
| CVE-2021-23964 |
AVG-1496 |
High |
Yes |
Arbitrary code execution |
A security issue was found in Firefox before version 85.0 and Thunderbird before version 78.7. Mozilla developers reported memory safety bugs present in... |
| CVE-2021-23961 |
AVG-1836 |
Medium |
Yes |
Information disclosure |
A security issue was found in Firefox before version 85.0. Further techniques that built on the slipstream research combined with a malicious webpage could... |
| CVE-2021-23960 |
AVG-1496 |
Medium |
Yes |
Arbitrary code execution |
A security issue was found in Firefox before version 85.0 and Thunderbird before version 78.7. Performing garbage collection on re- declared JavaScript... |
| CVE-2021-23954 |
AVG-1496 |
High |
Yes |
Arbitrary code execution |
A security issue was found in Firefox before version 85.0 and Thunderbird before version 78.7. Using the new logical assignment operators in a JavaScript... |
| CVE-2021-23953 |
AVG-1496 |
High |
Yes |
Information disclosure |
A security issue was found in Firefox before version 85.0 and Thunderbird before version 78.7. If a user clicked into a specifically crafted PDF, the PDF... |
| CVE-2020-35113 |
AVG-1315 |
High |
Yes |
Arbitrary code execution |
Mozilla developer Christian Holler reported memory safety bugs present in Firefox 83, Firefox ESR 78.5 and Thunderbird 78.5. Some of these bugs showed... |
| CVE-2020-35112 |
AVG-1366 |
Low |
Yes |
Arbitrary command execution |
If a user downloaded a file lacking an extension on Firefox for Windows before 84.0 or Thunderbird for Windows before 78.6, and then "Open"-ed it from the... |
| CVE-2020-35111 |
AVG-1315 |
Low |
Yes |
Information disclosure |
A security issue was discovered in Firefox before 84.0 and Thunderbird before 78.6. When an extension with the proxy permission registered to receive... |
| CVE-2020-26978 |
AVG-1315 |
Medium |
Yes |
Information disclosure |
A security issue was discovered in Firefox before 84.0 and Thunderbird before 78.6. Using techniques that built on the slipstream research, a malicious... |
| CVE-2020-26976 |
AVG-1496 |
Medium |
Yes |
Information disclosure |
A security issue was found in Firefox before 84.0. When an HTTPS page was embedded in an HTTP page, and there was a service worker registered for the... |
| CVE-2020-26974 |
AVG-1315 |
High |
Yes |
Arbitrary code execution |
A security issue was found in Firefox before 84.0 and Thunderbird before 78.6. When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object... |
| CVE-2020-26973 |
AVG-1315 |
High |
Yes |
Content spoofing |
A security issue was found in Firefox before 84.0 and Thunderbird before 78.6 where certain input to the CSS Sanitizer confused it, resulting in incorrect... |
| CVE-2020-26971 |
AVG-1315 |
High |
Yes |
Arbitrary code execution |
A security issue was found in Firefox before 84.0 and Thunderbird before 78.6 where certain blit values provided by the user were not properly constrained,... |
| CVE-2020-26970 |
AVG-1315 |
High |
No |
Arbitrary code execution |
When reading SMTP server status codes, Thunderbird before 78.5.1 writes an integer value to a position on the stack that is intended to contain just one... |
| CVE-2020-16044 |
AVG-1440 |
Critical |
Yes |
Arbitrary code execution |
A security issue was found in Firefox before 84.0.2, Thunderbird before 78.6.1 and Chromium before 88.0.4324.96. A malicious peer could have modified a... |
| CVE-2020-16042 |
AVG-1315 |
High |
Yes |
Information disclosure |
An uninitialized use security issue has been found in the V8 component of the chromium browser before version 87.0.4280.88 and Firefox before 84.0. |
| CVE-2020-15685 |
AVG-1496 |
Medium |
Yes |
Insufficient validation |
A security issue was found in Thunderbird before version 78.7. During the plaintext phase of the STARTTLS connection setup, protocol commands could have... |
| CVE-2020-15659 |
AVG-1214 |
High |
Yes |
Arbitrary code execution |
Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed evidence of... |
| CVE-2020-15658 |
AVG-1214 |
Low |
Yes |
Content spoofing |
The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an... |
| CVE-2020-15656 |
AVG-1214 |
High |
Yes |
Denial of service |
JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the... |
| CVE-2020-15655 |
AVG-1214 |
High |
Yes |
Information disclosure |
A redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to potential disclosure of... |
| CVE-2020-15654 |
AVG-1214 |
Low |
Yes |
Denial of service |
When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they... |
| CVE-2020-15653 |
AVG-1214 |
Medium |
Yes |
Authentication bypass |
An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites... |
| CVE-2020-15652 |
AVG-1214 |
High |
Yes |
Information disclosure |
By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to... |
| CVE-2020-12410 |
AVG-1179 |
High |
Yes |
Arbitrary code execution |
Mozilla developers Tom Tung and Karl Tomlinson reported memory safety bugs present in Firefox 76, Firefox ESR 68.8 and Thunderbird before 68.9.0. Some of... |
| CVE-2020-12406 |
AVG-1179 |
High |
Yes |
Arbitrary code execution |
Mozilla Developer Iain Ireland discovered a missing type check in Firefox before 77.0 and Thunderbird before 68.9.0 during unboxed objects removal,... |
| CVE-2020-12405 |
AVG-1179 |
High |
Yes |
Denial of service |
When browsing a malicious page in Firefox before 77.0 and Thunderbird before 68.9.0, a race condition in our SharedWorkerService could occur and lead to a... |
| CVE-2020-12399 |
AVG-1179 |
High |
Yes |
Private key recovery |
NSS before 3.52.1, as used in Firefox before 77.0 and Thunderbird before 68.9.0, has shown timing differences when performing DSA signatures, which was... |
| CVE-2020-12398 |
AVG-1179 |
High |
Yes |
Man-in-the-middle |
A security downgrade issue has been found in Thunderbird before 68.9.0. If Thunderbird is configured to use STARTTLS for an IMAP server, and the server... |
| CVE-2020-12397 |
AVG-1155 |
Low |
Yes |
Content spoofing |
An spoofing email address issue has been found in Thunderbird before 68.8.0. By encoding Unicode whitespace characters within the From email header, an... |
| CVE-2020-12395 |
AVG-1155 |
Critical |
Yes |
Arbitrary code execution |
Several memory safety bugs has been found in Firefox before 76.0, Firefox ESR before 68.8 and Thunderbird before 68.8.0. Some of these bugs showed evidence... |
| CVE-2020-12392 |
AVG-1155 |
Medium |
Yes |
Content spoofing |
The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request in Firefox before 76.0 and Thunderbird before... |
| CVE-2020-12387 |
AVG-1155 |
Critical |
Yes |
Arbitrary code execution |
A race condition has been found in Firefox before 76.0 and Thunderbird before 68.8.0, when running shutdown code for Web Worker, leading to a use-after-free... |
| CVE-2020-6831 |
AVG-1155 |
High |
Yes |
Arbitrary code execution |
A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC, in Firefox before 76.0, Thunderbird before 68.8.0 and chromium before... |
| CVE-2020-6821 |
AVG-1132 |
High |
Yes |
Information disclosure |
An information disclosure issue has been found in Firefox before 75.0 and Thunderbird before 68.7.0. When reading from areas partially or fully outside the... |
| CVE-2020-6820 |
AVG-1132 |
Critical |
Yes |
Arbitrary code execution |
A use-after-free vulnerability has been found in Firefox before 74.0.1 and Thunderbird before 68.7.0 where, under certain conditions, when handling a... |
| CVE-2020-6819 |
AVG-1132 |
Critical |
Yes |
Arbitrary code execution |
A use-after-free vulnerability has been found in Firefox before 74.0.1 and Thunderbird before 68.7.0 where under certain conditions, when running the... |
| CVE-2020-6815 |
AVG-1132 |
Critical |
Yes |
Arbitrary code execution |
Several memory safety and script safety bugs have been found in Firefox before 74 and Thunderbird before 68.7.0. Some of these bugs showed evidence of... |
| CVE-2020-6814 |
AVG-1115 |
Critical |
Yes |
Arbitrary code execution |
Several memory safety and script safety bugs have been found in Firefox before 74, Firefox ESR before 68.6 and Thunderbird before 68.6. Some of these bugs... |
| CVE-2020-6812 |
AVG-1115 |
Medium |
Yes |
Information disclosure |
An information disclosure issue has been found in Firefox before 74 and Thunderbird before 68.6. The first time AirPods are connected to an iPhone, they... |
| CVE-2020-6811 |
AVG-1115 |
Medium |
Yes |
Arbitrary command execution |
A security issue has been found in Firefox before 74 and Thunderbird before 68.6, where the 'Copy as cURL' feature of Devtools' network tab did not properly... |
| CVE-2020-6807 |
AVG-1115 |
Critical |
Yes |
Arbitrary code execution |
A use-after-free issue has been found in Firefox before 74 and Thunderbird before 68.6, in cubeb during stream destruction. When a device was changed while... |
| CVE-2020-6806 |
AVG-1115 |
Critical |
Yes |
Arbitrary code execution |
A state confusion issue has been found in Firefox before 74 and Thunderbird before 68.6, in BodyStream::OnInputStreamReady. By carefully crafting promise... |
| CVE-2020-6805 |
AVG-1115 |
Critical |
Yes |
Arbitrary code execution |
A use-after-free issue has been found in Firefox before 74 and Thunderbird before 68.6. When removing data about an origin whose tab was recently closed, a... |
| CVE-2020-6800 |
AVG-1099 |
Critical |
Yes |
Arbitrary code execution |
Several memory safety bugs have been found in Firefox before 73.0 and Thunderbird before 68.5. Some of these bugs showed evidence of memory corruption and... |
| CVE-2020-6798 |
AVG-1099 |
Medium |
Yes |
Cross-site scripting |
An incorrect parsing of template could result in Javascript injection in Firefox before 73.0 and Thunderbird before 68.5. If a <template> tag was used in a... |
| CVE-2020-6795 |
AVG-1099 |
Medium |
Yes |
Denial of service |
A null-pointer dereference has been found in Thunderbird before 68.5, when processing a message that contains multiple S/MIME signatures. |
| CVE-2020-6794 |
AVG-1099 |
Medium |
No |
Information disclosure |
It has been found that setting a master password post-Thunderbird 52 does not delete unencrypted previously stored passwords before Thunderbird 68.5. If a... |
| CVE-2020-6793 |
AVG-1099 |
Medium |
Yes |
Information disclosure |
An out-of-bounds read has been found in Thunderbird before 68.5, when processing an e-mail message with an ill-formed envelope. |
| CVE-2020-6792 |
AVG-1099 |
Low |
Yes |
Information disclosure |
An information disclosure issue has bee found in Thunderbird before 68.5. When deriving an Message ID identifier for an email message, uninitialized memory... |
| CVE-2020-6514 |
AVG-1214 |
High |
Yes |
Arbitrary code execution |
Inappropriate implementation in WebRTC. |
| CVE-2020-6463 |
AVG-1214 |
High |
Yes |
Arbitrary code execution |
Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2019-20503 |
AVG-1115 |
Medium |
Yes |
Information disclosure |
An out-of-bounds read has been found in Firefox before 74, Thunderbird before 68.6 and chromium before 80.0.3987.149. The inputs to... |
| CVE-2019-18511 |
AVG-965 |
High |
Yes |
Same-origin policy bypass |
An issue has been found in Thunderbird before 60.7.0, where cross- origin images can be read from a canvas element in violation of the same-origin policy... |
| CVE-2019-17026 |
AVG-1086 |
Critical |
Yes |
Arbitrary code execution |
A type confusion vulnerability has been found in Firefox before 72.0.1, and Thunderbird before 68.4.1. Incorrect alias information in IonMonkey JIT compiler... |
| CVE-2019-17024 |
AVG-1086 |
Critical |
Yes |
Arbitrary code execution |
Several memory safety issues have been found in Firefox before 72.0, Firefox ESR before 68.4.1, and Thunderbird before 68.3. Some of these bugs showed... |
| CVE-2019-17022 |
AVG-1086 |
Medium |
Yes |
Insufficient validation |
A security issue has been found in Firefox before 72.0, and Thunderbird before 68.4.1 where CSS sanitization does not escape HTML tags. When pasting a... |
| CVE-2019-17017 |
AVG-1086 |
Critical |
Yes |
Arbitrary code execution |
A type confusion issue has been found in Firefox before 72.0, and Thunderbird before 68.4.1, in XPCVariant.cpp where, due to a missing case handling object... |
| CVE-2019-17016 |
AVG-1086 |
High |
Yes |
Insufficient validation |
A security issue has been found in Firefox before 72.0, and Thunderbird before 68.4.1. When pasting a <style> tag from the clipboard into a rich text... |
| CVE-2019-17012 |
AVG-1072 |
Critical |
Yes |
Arbitrary code execution |
Several memory safety bugs have been found in Firefox before 71.0 and Thunderbird before 68.3. Some of these bugs showed evidence of memory corruption and... |
| CVE-2019-17011 |
AVG-1072 |
High |
Yes |
Arbitrary code execution |
A use-after-free vulnerability has been found in Firefox before 71.0 and Thunderbird before 68.3. Under certain conditions, when retrieving a document from... |
| CVE-2019-17010 |
AVG-1072 |
High |
Yes |
Arbitrary code execution |
A use-after-free vulnerability has been found in Firefox before 71.0 and Thunderbird before 68.3. Under certain conditions, when checking the Resist... |
| CVE-2019-17008 |
AVG-1072 |
Critical |
Yes |
Arbitrary code execution |
A use-after-free vulnerability has been found in Firefox before 71.0 and Thunderbird before 68.3. When using nested workers, a use-after- free could occur... |
| CVE-2019-17005 |
AVG-1072 |
High |
Yes |
Arbitrary code execution |
An out-of-bounds write vulnerability has been found in Firefox before 71.0 and Thunderbird before 68.3 where the plain text serializer used a fixed-size... |
| CVE-2019-15903 |
AVG-1054 |
Medium |
Yes |
Denial of service |
A security issue has been found in libexpat before 2.2.8, where crafted XML input could fool the parser into changing from DTD parsing to document parsing... |
| CVE-2019-11764 |
AVG-1054 |
Critical |
Yes |
Arbitrary code execution |
Several memory safety bugs have been found in Firefox before 70.0 and Thunderbird before 68.2. Some of these bugs showed evidence of memory corruption and... |
| CVE-2019-11763 |
AVG-1054 |
Medium |
Yes |
Insufficient validation |
An issue has been found in Firefox before 70.0 and Thunderbird before 68.2, where failure to correctly handle null bytes when processing HTML entities... |
| CVE-2019-11762 |
AVG-1054 |
Medium |
Yes |
Same-origin policy bypass |
A same-origin policy bypass has been found in Firefox before 70.0 and Thunderbird before 68.2 where, if two same-origin documents set document.domain... |
| CVE-2019-11761 |
AVG-1054 |
Medium |
Yes |
Access restriction bypass |
An issue has been found in Firefox before 70.0 and Thunderbird before 68.2, where by using a form with a data URI it was possible to gain access to the... |
| CVE-2019-11760 |
AVG-1054 |
Critical |
Yes |
Arbitrary code execution |
A fixed-size stack buffer overflow has been found in nrappkit, in the WebRTC signaling code of Firefox before 70.0 and Thunderbird before 68.2. |
| CVE-2019-11759 |
AVG-1054 |
Critical |
Yes |
Arbitrary code execution |
A stack-based buffer overflow has been found in the HKDF output of Firefox before 70.0 and Thunderbird before 68.2. An attacker could have caused 4 bytes of... |
| CVE-2019-11757 |
AVG-1054 |
Critical |
Yes |
Arbitrary code execution |
A use-after-free issue has been found in the IndexedDB component of Firefox before 70.0 and Thunderbird before 68.2. When storing a value in IndexedDB, the... |
| CVE-2019-11745 |
AVG-1072 |
Critical |
Yes |
Arbitrary code execution |
An out-of-bounds write vulnerability has been found in the NSS component of Firefox before 71.0 and Thunderbird before 68.3. When encrypting with a block... |
| CVE-2019-11706 |
AVG-980 |
Low |
Yes |
Denial of service |
A flaw in Thunderbird's implementation of iCal before 60.7.1 causes a type confusion in icaltimezone_get_vtimezone_properties when processing certain email... |
| CVE-2019-11705 |
AVG-980 |
High |
Yes |
Arbitrary code execution |
A flaw in Thunderbird's implementation of iCal before 60.7.1 causes a stack buffer overflow in icalrecur_add_bydayrules when processing certain email... |
| CVE-2019-11704 |
AVG-980 |
High |
Yes |
Arbitrary code execution |
A flaw in Thunderbird's implementation of iCal before 60.7.1 causes a heap buffer overflow in icalmemory_strdup_and_dequote when processing certain email... |
| CVE-2019-11703 |
AVG-980 |
High |
Yes |
Arbitrary code execution |
A flaw in Thunderbird's implementation of iCal before 60.7.1 causes a heap buffer overflow in parser_get_next_char when processing certain email messages,... |
| CVE-2019-11698 |
AVG-965 |
Medium |
Yes |
Information disclosure |
If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar in Firefox before 67.0 or Thunderbird before 60.7.0, and the resulting bookmark... |
| CVE-2019-11693 |
AVG-965 |
Critical |
Yes |
Arbitrary code execution |
The bufferdata function in WebGL in Firefox before 67.0 and Thunderbird before 60.7.0 is vulnerable to a buffer overflow with specific graphics drivers on... |
| CVE-2019-11692 |
AVG-965 |
Critical |
Yes |
Arbitrary code execution |
A use-after-free vulnerability can occur in Firefox before 67.0 and Thunderbird before 60.7.0, when listeners are removed from the event listener manager... |
| CVE-2019-11691 |
AVG-965 |
Critical |
Yes |
Arbitrary code execution |
A use-after-free vulnerability can occur in Firefox before 67.0 and Thunderbird before 60.7.0, when working with XMLHttpRequest (XHR) in an event loop,... |
| CVE-2019-9819 |
AVG-965 |
Critical |
Yes |
Arbitrary code execution |
A vulnerability where a JavaScript compartment mismatch can occur in Firefox before 67.0 and Thunderbird before 60.7.0, while working with the fetch API,... |
| CVE-2019-9817 |
AVG-965 |
High |
Yes |
Same-origin policy bypass |
In Firefox before 67.0 and Thunderbird before 60.7.0, images from a different domain can be read using a canvas object in some circumstances. This could be... |
| CVE-2019-9816 |
AVG-965 |
High |
Yes |
Access restriction bypass |
A possible vulnerability exists in Firefox before 67.0 and Thunderbird before 60.7.0, where type confusion can occur when manipulating JavaScript objects in... |
| CVE-2019-9813 |
AVG-947 |
Critical |
Yes |
Arbitrary code execution |
An incorrect handling of __proto__ mutations may lead to type confusion in the IonMonkey JIT code of Firefox before 66.0.1 and Thunderbird before 60.6.1,... |
| CVE-2019-9810 |
AVG-947 |
Critical |
Yes |
Arbitrary code execution |
An incorrect alias information in the IonMonkey JIT compiler of Firefox before 66.0.1 and Thunderbird before 60.6.1 for the Array.prototype.slice method may... |
| CVE-2019-9800 |
AVG-965 |
Critical |
Yes |
Arbitrary code execution |
Several memory safety bugs have been found in Firefox before 67.0 and Thunderbird before 60.7.0. Some of these bugs showed evidence of memory corruption and... |
| CVE-2019-7317 |
AVG-965 |
Low |
No |
Denial of service |
png_image_free in png.c in libpng 1.6.36 has a use-after-free because png_image_free_function is called under png_safe_execute. |
| CVE-2019-5798 |
AVG-965 |
Medium |
Yes |
Information disclosure |
An out-of-bounds read has been found in the Skia component of the chromium browser before 73.0.3683.75 and Thunderbird before 60.7.0. |
| CVE-2019-5785 |
AVG-908 |
High |
Yes |
Arbitrary code execution |
An integer overflow issue has been found in the Skia component of firefox before 65.0.1 and thunderbird before 60.5.1. |
| CVE-2018-18509 |
AVG-908 |
High |
Yes |
Insufficient validation |
A flaw during verification of certain S/MIME signatures causes emails to be shown in Thunderbird before 60.5.1 as having a valid digital signature, even if... |
| CVE-2018-18356 |
AVG-908 |
High |
Yes |
Arbitrary code execution |
A use-after-free has been found in the Skia component of chromium before 71.0.3578.80 and firefox before 65.0.1 and thunderbird before 60.5.1. |
| CVE-2018-18335 |
AVG-908 |
Critical |
Yes |
Arbitrary code execution |
A heap-based buffer overflow has been found in the Skia component of chromium before 71.0.3578.80 and thunderbird before 60.5.1. |
| CVE-2018-12392 |
AVG-803 |
Critical |
Yes |
Arbitrary code execution |
A security issue has been found in Firefox and Thunderbird versions prior to 63.0. When manipulating user events in nested loops while opening a document... |
| CVE-2018-12390 |
AVG-803 |
Critical |
Yes |
Arbitrary code execution |
Several memory safety bugs have been found in Firefox and Thunderbird versions prior to 63.0. Some of these bugs showed evidence of memory corruption and... |
| CVE-2018-12389 |
AVG-803 |
Critical |
Yes |
Arbitrary code execution |
Several memory safety bugs have been found in Thunderbird versions prior to 63.0. Some of these bugs showed evidence of memory corruption and Mozilla... |
| CVE-2018-12385 |
AVG-782 |
Medium |
No |
Arbitrary code execution |
A security issue has been found in Thunderbird versions prior to 60.2.1. A potentially exploitable crash in TransportSecurityInfo used for SSL can be... |
| CVE-2018-12383 |
AVG-782 |
Low |
No |
Information disclosure |
A security issue has been found in Thunderbird versions prior to 60.2.1. If a user saved passwords before the move to a new password format and then later... |
| CVE-2018-12379 |
AVG-782 |
Medium |
No |
Arbitrary code execution |
A security issue has been found in Thunderbird versions prior to 60.2.1. When the Mozilla Updater opens a MAR format file which contains a very long item... |
| CVE-2018-12378 |
AVG-782 |
High |
Yes |
Arbitrary code execution |
A use-after-free vulnerability has been found in Thunderbird versions prior to 60.2.1, which can occur when an IndexedDB index is deleted while still in use... |
| CVE-2018-12377 |
AVG-782 |
High |
Yes |
Arbitrary code execution |
A use-after-free vulnerability has been found in Thunderbird versions prior to 60.2.1, which can occur when refresh driver timers are refreshed in some... |
| CVE-2018-12376 |
AVG-782 |
Critical |
Yes |
Arbitrary code execution |
Several memory safety bugs have been found in Thunderbird versions prior to 60.2.1. |
| CVE-2018-12374 |
AVG-728 |
Low |
Yes |
Information disclosure |
A security issue has been found in Thunderbird before 52.9, where plaintext of decrypted emails can leak through by user submitting an embedded form by... |
| CVE-2018-12373 |
AVG-728 |
High |
Yes |
Information disclosure |
A security issue has been found in Thunderbird before 52.9, where S/MIME parts hidden with CSS or <plaintext> can leak plaintext when included in a HTML... |
| CVE-2018-12372 |
AVG-728 |
High |
Yes |
Information disclosure |
A security issue has been found in Thunderbird before 52.9, where decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext... |
| CVE-2018-12371 |
AVG-751 |
Medium |
Yes |
Arbitrary code execution |
An integer overflow vulnerability has been found in the Skia library shipped with Firefox before 61.0 and Thunderbird before 60.0, when allocating memory... |
| CVE-2018-12367 |
AVG-751 |
Medium |
Yes |
Information disclosure |
A security issue has been found in Firefox before 61.0 and Thunderbird before 60.0. In the previous mitigations for Spectre, the resolution or precision of... |
| CVE-2018-12366 |
AVG-728 |
Medium |
Yes |
Information disclosure |
An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value, in Firefox before 61.0... |
| CVE-2018-12365 |
AVG-728 |
Medium |
No |
Information disclosure |
A security issue has been found in Firefox before 61.0 and Thunderbird before 52.9 where a compromised IPC child process can escape the content sandbox and... |
| CVE-2018-12364 |
AVG-728 |
High |
Yes |
Cross-site request forgery |
A security issue has been found in Firefox before 61.0 and Thunderbird before 52.9, where NPAPI plugins, such as Adobe Flash, can send non- simple... |
| CVE-2018-12363 |
AVG-728 |
High |
Yes |
Arbitrary code execution |
A use-after-free vulnerability can occur in Firefox before 61.0 and Thunderbird before 52.9 when script uses mutation events to move DOM nodes between... |
| CVE-2018-12362 |
AVG-728 |
High |
Yes |
Arbitrary code execution |
An integer overflow can occur in Firefox before 61.0 and Thunderbird before 52.9 during graphics operations done by the Supplemental Streaming SIMD... |
| CVE-2018-12361 |
AVG-751 |
Critical |
Yes |
Arbitrary code execution |
An integer overflow can occur in Firefox before 61.0 and Thunderbird before 60.0 in the SwizzleData code while calculating buffer sizes. The overflowed... |
| CVE-2018-12360 |
AVG-728 |
Critical |
Yes |
Arbitrary code execution |
A use-after-free vulnerability can occur in Firefox before 61.0 and Thunderbird before 52.9 when deleting an input element during a mutation event handler... |
| CVE-2018-12359 |
AVG-728 |
Critical |
Yes |
Arbitrary code execution |
A buffer overflow can occur in Firefox before 61.0 and Thunderbird before 52.9 when rendering canvas content while adjusting the height and width of the... |
| CVE-2018-5188 |
AVG-728 |
Critical |
Yes |
Arbitrary code execution |
Several memory safety bugs have been found in Firefox before 61.0 and Thunderbird before 52.9. Some of these bugs showed evidence of memory corruption and... |
| CVE-2018-5187 |
AVG-751 |
Critical |
Yes |
Arbitrary code execution |
Several memory safety bugs have been found in Firefox before 61.0 and Thunderbird before 60.0. Some of these bugs showed evidence of memory corruption and... |
| CVE-2018-5185 |
AVG-707 |
Low |
Yes |
Information disclosure |
A security issue has been found in Thunderbird before 52.8, where plaintext of decrypted emails can leak through by user submitting an embedded form. |
| CVE-2018-5184 |
AVG-707 |
High |
Yes |
Information disclosure |
A security issue has been found in Thunderbird before 52.8, where using remote content in S/MIME encrypted messages can lead to the disclosure of plaintext... |
| CVE-2018-5183 |
AVG-707 |
Critical |
Yes |
Arbitrary code execution |
Several memory corruption issues including invalid buffer reads and writes during graphic operations have been found in the Skia library. |
| CVE-2018-5178 |
AVG-707 |
Medium |
Yes |
Information disclosure |
A buffer overflow was found in Thunderbird before 52.8, during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data.... |
| CVE-2018-5170 |
AVG-707 |
Medium |
Yes |
Content spoofing |
It is possible in Thunderbird before 52.8 to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening... |
| CVE-2018-5168 |
AVG-707 |
Medium |
Yes |
Access restriction bypass |
Sites can bypass security checks on permissions to install lightweight themes in Firefox before 60.0 and Thunderbird before 52.8, by manipulating the... |
| CVE-2018-5162 |
AVG-707 |
Medium |
Yes |
Information disclosure |
A security issue has been found in Thunderbird before 52.8, where plaintext of decrypted emails can leak through the src attribute of remote images, or links. |
| CVE-2018-5161 |
AVG-707 |
Medium |
Yes |
Denial of service |
A security issue has been found in Thunderbird before 52.8, where crafted message headers can cause a Thunderbird process to hang on receiving the message. |
| CVE-2018-5159 |
AVG-707 |
High |
Yes |
Arbitrary code execution |
An integer overflow vulnerability has been found in the Skia library used in Firefox < 60.0 and Thunderbird < 52.8, due to 32-bit integer use in an array... |
| CVE-2018-5156 |
AVG-751 |
High |
Yes |
Arbitrary code execution |
A vulnerability can occur in Firefox before 61.0 and Thunderbird before 60.0 when capturing a media stream when the media source type is changed as the... |
| CVE-2018-5155 |
AVG-707 |
High |
Yes |
Arbitrary code execution |
A use-after-free vulnerability has been found in Firefox < 60.0 and Thunderbird < 52.8, while adjusting layout during SVG animations with text paths. |
| CVE-2018-5154 |
AVG-707 |
High |
Yes |
Arbitrary code execution |
A use-after-free vulnerability has been found in Firefox < 60.0 and Thunderbird < 52.8, while enumerating attributes during SVG animations with clip paths. |
| CVE-2018-5150 |
AVG-707 |
Critical |
Yes |
Arbitrary code execution |
Several memory safety bugs have been found in Firefox before 60.0 and Thunderbird before 52.8. Some of these bugs showed evidence of memory corruption and... |
| CVE-2018-5146 |
AVG-663 |
Critical |
Yes |
Arbitrary code execution |
An out of bounds memory write vulnerability has been discovered in libvorbis before 1.3.6 while processing Vorbis audio data related to codebooks that are... |
| CVE-2018-5145 |
AVG-663 |
Critical |
Yes |
Arbitrary code execution |
Various memory safety bugs have been found in Thunderbird < 52.7.0, some of them presenting evidence of memory corruption. Mozilla presumes that with enough... |
| CVE-2018-5144 |
AVG-663 |
High |
Yes |
Arbitrary code execution |
An integer overflow can occur during conversion of text to some Unicode character sets in Thunderbird < 52.7.0, due to an unchecked length parameter. |
| CVE-2018-5129 |
AVG-663 |
High |
No |
Access restriction bypass |
A lack of parameter validation on IPC messages results in a potential out-of-bounds write in Thunderbird < 52.7.0, through malformed IPC messages. This can... |
| CVE-2018-5127 |
AVG-663 |
Critical |
Yes |
Arbitrary code execution |
A buffer overflow can occur in Thunderbird < 52.7.0 when manipulating the SVG animatedPathSegList through script. This results in a potentially exploitable crash. |
| CVE-2018-5125 |
AVG-663 |
Critical |
Yes |
Arbitrary code execution |
Various memory safety bugs have been found in Thunderbird < 52.7.0 and Firefox < 59.0, some of them presenting evidence of memory corruption. Mozilla... |
| CVE-2017-7830 |
AVG-530 |
High |
Yes |
Same-origin policy bypass |
The Resource Timing API in Firefox before 57.0 and Thunderbird before 52.5 incorrectly revealed navigations in cross-origin iframes. This is a same-origin... |
| CVE-2017-7828 |
AVG-530 |
Critical |
Yes |
Arbitrary code execution |
A use-after-free vulnerability can occur in Firefox before 57.0 and Thunderbird before 52.5 when flushing and resizing layout because the PressShell object... |
| CVE-2017-7826 |
AVG-530 |
Critical |
Yes |
Arbitrary code execution |
Several reported memory safety bugs have been found in Firefox before 57.0 and Thunderbird before 52.5. Some of these bugs showed evidence of memory... |
| CVE-2017-7824 |
AVG-441 |
Critical |
Yes |
Arbitrary code execution |
A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content in Thunderbird < 52.4. This is due to... |
| CVE-2017-7823 |
AVG-441 |
Medium |
Yes |
Cross-site scripting |
The content security policy (CSP) sandbox directive in Thunderbird < 52.4 did not create a unique origin for the document, causing it to behave as if the... |
| CVE-2017-7819 |
AVG-441 |
Critical |
Yes |
Arbitrary code execution |
A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from... |
| CVE-2017-7818 |
AVG-441 |
Critical |
Yes |
Arbitrary code execution |
A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the... |
| CVE-2017-7814 |
AVG-441 |
Medium |
Yes |
Access restriction bypass |
A security issue has been found in Thunderbird < 52.4. File downloads encoded with blob: and data: URL elements bypassed normal file download checks though... |
| CVE-2017-7810 |
AVG-441 |
Critical |
Yes |
Arbitrary code execution |
Mozilla developers and community members Christoph Diehl, Jan de Mooij, Jason Kratzer, Randell Jesup, Tom Ritter, Tyson Smith, and Sebastian Hengst reported... |
| CVE-2017-7809 |
AVG-385 |
Critical |
Yes |
Arbitrary code execution |
A use-after-free issue has been found in firefox < 55.0 and thunderbird < 52.3, when an editor DOM node is deleted prematurely during tree traversal while... |
| CVE-2017-7807 |
AVG-385 |
High |
Yes |
Content spoofing |
A domain hijacking flaw has been found in firefox < 55.0 and thunderbird < 52.3. A mechanism that uses AppCache to hijack a URL in a domain using fallback... |
| CVE-2017-7805 |
AVG-441 |
Critical |
Yes |
Arbitrary code execution |
A security issue has been found in Thunderbird < 52.4. During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved... |
| CVE-2017-7803 |
AVG-385 |
Medium |
Yes |
Access restriction bypass |
A security issue has been found in firefox < 55.0 and thunderbird < 52.3. When a page’s content security policy (CSP) header contains a sandbox directive,... |
| CVE-2017-7802 |
AVG-385 |
Critical |
Yes |
Arbitrary code execution |
A use-after-free vulnerability has been found in firefox < 55.0 and thunderbird < 52.3, when manipulating the DOM during the resize event of an image... |
| CVE-2017-7801 |
AVG-385 |
Critical |
Yes |
Arbitrary code execution |
A use-after-free issue has been found in firefox < 55.0 and thunderbird < 52.3, while re-computing layout for a marquee element during window resizing where... |
| CVE-2017-7800 |
AVG-385 |
Critical |
Yes |
Arbitrary code execution |
A use-after-free issue has been found in firefox < 55.0 and thunderbird < 52.3, in WebSockets, when the object holding the connection is freed before the... |
| CVE-2017-7793 |
AVG-441 |
Critical |
Yes |
Arbitrary code execution |
A use-after-free vulnerability can occur in the Fetch API of Thunderbird < 52.4, when the worker or the associated window are freed when still in use,... |
| CVE-2017-7792 |
AVG-385 |
High |
Yes |
Arbitrary code execution |
A buffer overflow has been found in firefox < 55.0 and thunderbird < 52.3, when viewing a certificate in the certificate manager if the certificate has an... |
| CVE-2017-7791 |
AVG-385 |
Medium |
Yes |
Content spoofing |
A content spoofing issue has been found in firefox < 55.0 and thunderbird < 52.3. On pages containing an iframe, the data: protocol can be used to create a... |
| CVE-2017-7787 |
AVG-385 |
High |
Yes |
Same-origin policy bypass |
Same-origin policy protections can be bypassed in firefox < 55.0 and thunderbird < 52.3, on pages with embedded iframes during page reloads, allowing the... |
| CVE-2017-7786 |
AVG-385 |
Critical |
Yes |
Arbitrary code execution |
A buffer overflow has been found in firefox < 55.0 and thunderbird < 52.3, when the image renderer attempts to paint non-displayable SVG elements. This... |
| CVE-2017-7785 |
AVG-385 |
Critical |
Yes |
Arbitrary code execution |
A buffer overflow has been found in firefox < 55.0 and thunderbird < 52.3, when manipulating Accessible Rich Internet Applications (ARIA) attributes within... |
| CVE-2017-7784 |
AVG-385 |
Critical |
Yes |
Arbitrary code execution |
A use-after-free issue has been found in firefox < 55.0 and thunderbird < 52.3, when reading an image observer during frame reconstruction after the... |
| CVE-2017-7779 |
AVG-385 |
Critical |
Yes |
Arbitrary code execution |
Several memory safety bugs have been found in firefox < 55.0 and thunderbird < 52.3. Some of these bugs showed evidence of memory corruption and we presume... |
| CVE-2017-7778 |
AVG-303 |
High |
Yes |
Arbitrary code execution |
An out-of-bounds write has been found in the Graphite 2 library used in Firefox < 54.0 and Thunderbird < 52.2, in lz4::decompress. |
| CVE-2017-7777 |
AVG-303 |
High |
Yes |
Information disclosure |
An use of initialized memory has been found in the Graphite 2 library used in Firefox < 54.0 and Thunderbird < 52.2, in GlyphCache::Loader::read_glyph. |
| CVE-2017-7776 |
AVG-303 |
High |
Yes |
Information disclosure |
A heap-buffer-overflow read has been found in the Graphite 2 library used in Firefox < 54.0 and Thunderbird < 52.2, in Silf::getClassGlyph. |
| CVE-2017-7775 |
AVG-303 |
High |
Yes |
Denial of service |
An assertion failure has been found in the Graphite 2 library used in Firefox < 54.0 and Thunderbird < 52.2. |
| CVE-2017-7774 |
AVG-303 |
High |
Yes |
Information disclosure |
An out-of-bounds read has been found in the Graphite 2 library used in Firefox < 54.0 and Thunderbird < 52.2, in Silf::readGraphite. |
| CVE-2017-7773 |
AVG-303 |
High |
Yes |
Arbitrary code execution |
A heap-buffer-overflow write has been found in the Graphite 2 library used in Firefox < 54.0 and Thunderbird < 52.2, in lz4::decompress. |
| CVE-2017-7772 |
AVG-303 |
High |
Yes |
Arbitrary code execution |
A heap-buffer-overflow write has been found in the Graphite 2 library used in Firefox < 54.0 and Thunderbird < 52.2, in lz4::decompress. |
| CVE-2017-7771 |
AVG-303 |
High |
Yes |
Information disclosure |
An out-of-bounds read has been found in the Graphite 2 library used in Firefox < 54.0 and Thunderbird < 52.2, in Pass::readPass. |
| CVE-2017-7764 |
AVG-303 |
Medium |
Yes |
Content spoofing |
A security issue has been found in Firefox < 54.0 and Thunderbird < 52.2, where characters from the "Canadian Syllabics" unicode block can be mixed with... |
| CVE-2017-7758 |
AVG-303 |
High |
Yes |
Information disclosure |
An out-of-bounds read vulnerability has been found in Firefox < 54.0 and Thunderbird < 52.2, with the Opus encoder when the number of channels in an audio... |
| CVE-2017-7757 |
AVG-303 |
High |
Yes |
Arbitrary code execution |
A use after-free vulnerability has been found in Firefox < 54.0 and Thunderbird < 52.2, in IndexedDB when one of its objects is destroyed in memory while a... |
| CVE-2017-7756 |
AVG-303 |
High |
Yes |
Arbitrary code execution |
A use after-free and use-after-scope vulnerability has been found in Firefox < 54.0 and Thunderbird < 52.2, when logging errors from headers for XML HTTP... |
| CVE-2017-7754 |
AVG-303 |
High |
Yes |
Information disclosure |
An out-of-bounds read has been found in Firefox < 54.0 and Thunderbird < 52.2, with a maliciously crafted ImageInfo object during WebGL operations. |
| CVE-2017-7753 |
AVG-385 |
High |
Yes |
Information disclosure |
An out-of-bounds read has been found in firefox < 55.0 and thunderbird < 52.3, when applying style rules to pseudo-elements, such as ::first-line, using... |
| CVE-2017-7752 |
AVG-303 |
Medium |
Yes |
Arbitrary code execution |
A use-after-free has been found in Firefox < 54.0 and Thunderbird < 52.2, during specific user interactions with the input method editor (IME) in some... |
| CVE-2017-7751 |
AVG-303 |
High |
Yes |
Arbitrary code execution |
A use-after-free has been found in Firefox < 54.0 and Thunderbird < 52.2, in content viewer listeners. |
| CVE-2017-7750 |
AVG-303 |
High |
Yes |
Arbitrary code execution |
A use-after-free has been found in Firefox < 54.0 and Thunderbird < 52.2, during video control operations when a <track> element holds a reference to an... |
| CVE-2017-7749 |
AVG-303 |
High |
Yes |
Arbitrary code execution |
A user-after-free has been found in Firefox < 54.0 and Thunderbird < 52.2, when using an incorrect URL during the reloading of a docshell. |
| CVE-2017-5472 |
AVG-303 |
Critical |
Yes |
Arbitrary code execution |
A use-after-free vulnerability has been found in Firefox < 54.0 and Thunderbird < 52.2, in the frameloader during tree reconstruction while regenerating CSS... |
| CVE-2017-5470 |
AVG-303 |
Critical |
Yes |
Arbitrary code execution |
Several memory safety issues leading to arbitrary code execution have been found in Firefox < 54.0 and Thunderbird < 52.2. |
| CVE-2017-5410 |
AVG-193 |
Critical |
Yes |
Arbitrary code execution |
Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for... |
| CVE-2017-5408 |
AVG-193 |
Medium |
Yes |
Information disclosure |
Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential... |
| CVE-2017-5407 |
AVG-193 |
High |
Yes |
Information disclosure |
Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user.... |
| CVE-2017-5405 |
AVG-193 |
Low |
Yes |
Content spoofing |
Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. |
| CVE-2017-5404 |
AVG-193 |
Critical |
Yes |
Arbitrary code execution |
A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This... |
| CVE-2017-5402 |
AVG-193 |
Critical |
Yes |
Arbitrary code execution |
A use-after-free can occur when events are fired for a FontFace object after the object has been already been destroyed while working with fonts. |
| CVE-2017-5401 |
AVG-193 |
Critical |
Yes |
Arbitrary code execution |
A crash triggerable by web content in which an ErrorResult references unassigned memory due to a logic error. |
| CVE-2017-5400 |
AVG-193 |
Critical |
Yes |
Arbitrary code execution |
JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. |
| CVE-2017-5398 |
AVG-193 |
Critical |
Yes |
Arbitrary code execution |
Several memory safety bugs, some of them leading to memory corruption issues have been found in Firefox < 52 and Thunderbird < 45.8. |
| CVE-2017-5396 |
AVG-158 |
High |
Yes |
Arbitrary code execution |
A use-after-free vulnerability has been found in the Media Decoder of Firefox < 51 and Thunderbird < 45.7, when working with media files when some events... |
| CVE-2017-5390 |
AVG-158 |
High |
Yes |
Privilege escalation |
The JSON viewer in the Developer Tools in Firefox < 51 and Thunderbird < 45.7 uses insecure methods to create a communication channel for copying and... |
| CVE-2017-5383 |
AVG-158 |
Medium |
Yes |
Content spoofing |
URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display in Firefox < 51 and Thunderbird < 45.7,... |
| CVE-2017-5380 |
AVG-158 |
High |
Yes |
Arbitrary code execution |
A potential use-after-free vulnerability during DOM manipulation of SVG content has been in Firefox < 51 and Thunderbird < 45.7. |
| CVE-2017-5378 |
AVG-158 |
High |
Yes |
Information disclosure |
An information disclosure vulnerability has been found in Firefox < 51 and Thunderbird < 45.7, where hashed codes of JavaScript objects are shared between... |
| CVE-2017-5376 |
AVG-158 |
Critical |
Yes |
Arbitrary code execution |
A use-after-free vulnerability has been found in Firefox < 51 and Thunderbird < 45.7, while manipulating XSL in XSLT documents. |
| CVE-2017-5375 |
AVG-158 |
Critical |
Yes |
Arbitrary code execution |
JIT code allocation in Firefox < 51 and Thunderbird < 45.7 can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. |
| CVE-2017-5373 |
AVG-158 |
Critical |
Yes |
Arbitrary code execution |
Several memory safety bugs have been found in Firefox < 51 and Thunderbird < 47.5. Some of these bugs showed evidence of memory corruption and we presume... |
| CVE-2016-9079 |
AVG-91 |
Critical |
Yes |
Arbitrary code execution |
A use-after-free vulnerability has been discovered in the SVG Animation component of Firefox, leading to arbitrary code execution. |