📦 Thunderbird

This vulnerability involves uninitialized memory in Firefox's Graphics: Text component, which could allow attackers to read sensitive data from memory or potentially execute arbitrary code. It affects...

A JIT miscompilation vulnerability in Firefox's JavaScript: WebAssembly component could allow arbitrary code execution when processing malicious web content. This affects Firefox versions before 148, ...

A spoofing vulnerability in the WebAuthn component of Firefox for Android allows attackers to potentially impersonate legitimate websites during authentication. This affects Firefox for Android versio...

A use-after-free vulnerability in Firefox's JavaScript engine allows attackers to execute arbitrary code by tricking users into visiting malicious websites. This affects Firefox versions below 148 and...

This vulnerability involves incorrect boundary conditions in the GMP (Gecko Media Plugins) audio/video component of Firefox, which could allow memory corruption. It affects Firefox versions below 148,...

This CVE describes a same-origin policy bypass vulnerability in Firefox's JAR (Java Archive) networking component. It allows malicious websites to access data from other origins, potentially leading t...

Memory safety vulnerabilities in Mozilla Firefox and Thunderbird could allow memory corruption attacks. With sufficient effort, attackers could exploit these bugs to execute arbitrary code on affected...

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect boundary conditions. Attackers could potentially break out of browser security sandboxes to execute ...

This CVE describes a sandbox escape vulnerability in Firefox's DOM Core & HTML component due to incorrect boundary conditions. It allows malicious web content to break out of browser security sandboxe...

This CVE describes a privilege escalation vulnerability in Firefox's Netmonitor component. Attackers could exploit this to gain elevated privileges within the browser. It affects Firefox versions belo...

This CVE describes a privilege escalation vulnerability in Firefox's Netmonitor component that allows attackers to gain elevated privileges on affected systems. It affects Firefox versions below 148 a...

This CVE describes a DOM security component mitigation bypass vulnerability in Firefox. Attackers could potentially bypass security controls to execute malicious code or access restricted content. Aff...

This CVE describes a sandbox escape vulnerability in Firefox's IndexedDB storage component. Attackers could potentially break out of browser security restrictions to execute arbitrary code. Affects Fi...

This CVE describes a use-after-free vulnerability in Firefox's DOM Bindings (WebIDL) component that could allow an attacker to execute arbitrary code. It affects Firefox versions below 148, Firefox ES...

A use-after-free vulnerability in Firefox's audio/video playback component allows attackers to execute arbitrary code or cause crashes. This affects Firefox versions below 148, Firefox ESR below 115.3...

An integer overflow vulnerability in Firefox's Audio/Video component could allow attackers to execute arbitrary code or cause denial of service. This affects Firefox versions below 148, Firefox ESR be...

A use-after-free vulnerability in Firefox's JavaScript garbage collector component allows attackers to execute arbitrary code by manipulating memory after it has been freed. This affects Firefox versi...

This CVE describes a sandbox escape vulnerability in Firefox's WebRender graphics component due to incorrect boundary conditions. It allows attackers to break out of browser security sandboxes and pot...

An integer overflow vulnerability in Firefox's JavaScript Standard Library component could allow attackers to execute arbitrary code or cause denial of service. This affects Firefox versions below 148...

This CVE describes a use-after-free vulnerability in Firefox's JavaScript JIT compiler that could allow arbitrary code execution. It affects Firefox versions below 148 and Firefox ESR versions below 1...

This CVE describes a use-after-free vulnerability in Firefox's DOM Core & HTML components that could allow attackers to execute arbitrary code or cause crashes. It affects Firefox versions before 148....

A heap buffer overflow vulnerability in libvpx video codec library allows attackers to execute arbitrary code or cause denial of service. This affects Firefox browsers below specific versions across m...

A denial-of-service vulnerability in Firefox and Thunderbird's DOM Service Workers component allows attackers to crash the browser or email client. This affects users running Firefox versions below 14...

This CVE describes memory safety bugs in Firefox and Thunderbird that could lead to memory corruption. With sufficient effort, attackers could potentially exploit these vulnerabilities to execute arbi...

This CVE describes a mitigation bypass vulnerability in the DOM Security component of Mozilla products. It allows attackers to circumvent security protections, potentially leading to arbitrary code ex...

This CVE describes a sandbox escape vulnerability in the Graphics: CanvasWebGL component due to incorrect boundary conditions. It allows attackers to break out of browser security sandboxes and execut...

This CVE describes an integer overflow vulnerability in the Graphics component of Mozilla products that allows sandbox escape. Attackers could exploit this to execute arbitrary code outside the browse...

A use-after-free vulnerability in Firefox and Thunderbird's IPC component allows attackers to execute arbitrary code or cause denial of service. This affects Firefox versions below 147 and specific ES...

A JIT (Just-In-Time) compilation vulnerability in Mozilla's JavaScript engine allows memory corruption through miscompiled code. This affects Firefox, Firefox ESR, and Thunderbird users running outdat...

This vulnerability allows attackers to spoof download notifications in Firefox and Thunderbird, potentially tricking users into executing malicious files. It affects all users running vulnerable versi...

This CVE describes a privilege escalation vulnerability in the Netmonitor component of Mozilla products. It allows attackers to gain elevated privileges on affected systems. The vulnerability affects ...

This CVE describes a privilege escalation vulnerability in the Netmonitor component of Mozilla products. Attackers could exploit this to gain elevated privileges on affected systems. It affects Firefo...

Memory safety bugs in Firefox and Thunderbird could allow attackers to corrupt memory and potentially execute arbitrary code. This affects all users running Firefox versions before 146 or Thunderbird ...

This CVE describes memory safety bugs in Mozilla Firefox and Thunderbird that could lead to memory corruption. With sufficient effort, attackers could potentially exploit these vulnerabilities to exec...

This CVE describes a sandbox escape vulnerability in Firefox and Thunderbird's Graphics: CanvasWebGL component due to incorrect boundary conditions. It allows attackers to break out of browser sandbox...

This CVE describes a privilege escalation vulnerability in the DOM Notifications component of Mozilla products. It allows attackers to elevate privileges within the browser context, potentially execut...

This vulnerability in Firefox and Thunderbird's 'Copy as cURL' feature allows insufficient escaping on Windows systems, potentially tricking users into executing malicious code. Attackers could craft ...

This CVE describes memory safety bugs in Firefox and Thunderbird that could lead to memory corruption. With sufficient effort, attackers could potentially exploit these vulnerabilities to execute arbi...

This CVE describes memory safety vulnerabilities in Firefox and Thunderbird that could lead to memory corruption. With sufficient effort, attackers could potentially exploit these bugs to execute arbi...

An integer overflow vulnerability in the SVG component of Mozilla products allows attackers to execute arbitrary code or cause denial of service. This affects Firefox, Firefox ESR, and Thunderbird use...

This CVE describes a use-after-free vulnerability in the Canvas2D graphics component of Mozilla products, allowing sandbox escape. Attackers could exploit this to execute arbitrary code with elevated ...

This vulnerability allows attackers to cause denial-of-service through memory exhaustion in Firefox and Thunderbird's WebRender graphics component. It affects all users running vulnerable versions of ...

This CVE describes memory safety vulnerabilities in Firefox and Thunderbird that could allow memory corruption. With sufficient effort, attackers could potentially exploit these bugs to execute arbitr...

This vulnerability allows search terms to persist in the URL bar after navigating away from search pages, potentially exposing sensitive search queries. It affects Firefox, Firefox ESR, Thunderbird, a...

This CVE describes memory safety bugs in multiple Mozilla products that could lead to memory corruption. With sufficient effort, attackers could potentially exploit these vulnerabilities to execute ar...

This vulnerability in Thunderbird and Firefox allows attackers to bypass Cross-Origin Resource Sharing (CORS) protections using DNS rebinding attacks. By exploiting cached CORS preflight responses acr...

This vulnerability in Firefox and Thunderbird allows saved files from the Network tab in Devtools to lack the .download extension, potentially causing users to inadvertently execute malicious files. A...

Memory safety vulnerabilities in Firefox and Thunderbird could allow attackers to corrupt memory and potentially execute arbitrary code. This affects all users running Firefox versions before 139 or T...

This CVE describes memory safety bugs in Firefox and Thunderbird that could lead to memory corruption. With sufficient effort, attackers could potentially exploit these vulnerabilities to execute arbi...

A double-free vulnerability in Thunderbird's WebRTC encoder initialization could cause memory corruption and potentially exploitable crashes. This affects Thunderbird email clients on all platforms. A...

This vulnerability in Thunderbird allows attackers to execute JavaScript in the file:/// context by crafting a malicious email attachment. When Thunderbird incorrectly renders a nested message/rfc822 ...

This vulnerability allows an attacker with control over a content process to abuse the privileged UITour actor, potentially leading to information disclosure or privilege escalation. It affects users ...

This CVE describes memory safety bugs in Mozilla Firefox and Thunderbird that could lead to memory corruption. With sufficient effort, attackers could potentially exploit these vulnerabilities to exec...

A memory safety vulnerability in Firefox ESR and Thunderbird could allow attackers to execute arbitrary code on affected systems. This affects Firefox ESR versions before 128.10 and Thunderbird versio...

This vulnerability allows a medium-integrity user process to interfere with Thunderbird's SYSTEM-level updater by manipulating file-locking behavior. An attacker can inject code to bypass access contr...

This vulnerability allows attackers to craft URLs with specific Unicode characters that hide the true origin of web pages, enabling spoofing attacks. It affects Firefox, Firefox ESR, and Thunderbird u...

This vulnerability allows file descriptors from the fork server to leak into web content processes, potentially enabling privilege escalation attacks. It affects Firefox versions before 137 and Thunde...

This CVE describes memory safety bugs in Firefox and Thunderbird that could lead to memory corruption. With sufficient effort, attackers could potentially exploit these vulnerabilities to execute arbi...

This vulnerability in Thunderbird email client incorrectly displays signed OpenPGP messages as encrypted messages when crafted MIME emails claim to contain encryption. This affects Thunderbird users o...

CVE-2025-1943 is a heap-based buffer overflow vulnerability in Firefox and Thunderbird that could allow memory corruption. Attackers could potentially exploit this to execute arbitrary code on affecte...

A race condition vulnerability in Firefox's JavaScript garbage collector (GC) component could allow attackers to execute arbitrary code or cause denial of service. This affects Firefox versions before...

A use-after-free vulnerability in Firefox's WebAssembly JavaScript component allows attackers to execute arbitrary code by manipulating freed memory. This affects all Firefox users running versions be...

This vulnerability in Thunderbird allows attackers to exfiltrate decrypted OpenPGP email contents through CSS injection when users load remote content. It affects Thunderbird users who decrypt inline ...

This CVE describes a use-after-free vulnerability in the JavaScript garbage collection component of Mozilla products. Attackers could exploit this to execute arbitrary code or cause crashes by manipul...

A memory corruption vulnerability in Firefox and Thunderbird's graphics component due to incorrect boundary conditions. This could allow attackers to execute arbitrary code or cause denial of service....

This CVE describes a clickjacking vulnerability in the PDF Viewer component of Mozilla products that could allow information disclosure. Attackers could trick users into clicking hidden UI elements, p...

This CVE describes an information disclosure vulnerability in the XML component of Firefox and Thunderbird. It allows attackers to potentially access sensitive data from affected browsers. Users runni...

This CVE describes a spoofing vulnerability in Firefox and Thunderbird's DOM copy-paste and drag-drop components. Attackers can manipulate clipboard or drag-drop operations to trick users into interac...

This CVE describes an information disclosure vulnerability in the Networking component of Mozilla products. It allows attackers to potentially access sensitive information from affected browsers and e...

This CVE describes a same-origin policy bypass vulnerability in Firefox and Thunderbird's request handling component. It allows malicious websites to access data from other origins they shouldn't have...

This vulnerability allows malicious web pages to bypass browser security controls using OBJECT tags when servers don't provide proper content-type headers. Attackers could potentially execute cross-si...

This vulnerability involves incorrect boundary conditions in Firefox and Thunderbird's JavaScript garbage collector (GC) component, which could allow an attacker to execute arbitrary code or cause a d...

A spoofing vulnerability in Firefox for Android's WebAuthn component allows attackers to bypass authentication by presenting fake credentials. This affects Firefox for Android versions below 143 and T...

This CVE describes a mitigation bypass vulnerability in the Web Compatibility: Tooling component of Firefox and Thunderbird. Attackers could potentially bypass security mitigations to execute arbitrar...

This CVE describes a same-origin policy bypass vulnerability in the Layout component of Mozilla products. It allows malicious websites to access data from other origins they shouldn't have access to, ...

This vulnerability involves uninitialized memory in the JavaScript Engine component of Mozilla products, which could allow an attacker to execute arbitrary code or cause a crash. It affects Firefox, F...

This vulnerability in Thunderbird and Firefox allows attackers to trigger undefined behavior through XPath parsing, potentially leading to out-of-bounds memory reads and memory corruption. It affects ...

This vulnerability in Firefox and Thunderbird's 'copy as cURL' feature allows attackers to craft malicious commands with insufficient escaping of special characters. If a user copies and executes such...

This vulnerability in Thunderbird email client causes misleading hover text when emails contain multiple attachments with external links. Only the last link appears when hovering over any attachment, ...

This vulnerability allows JavaScript code to trigger a use-after-free condition during XSLT document transformations in Mozilla browsers and email clients. Attackers could exploit this to execute arbi...

This vulnerability allows an attacker to read 32 bits of sensitive data from the stack in JIT-compiled JavaScript functions. It affects Firefox web browser versions before 137 and Thunderbird email cl...

This vulnerability allows an attacker to interrupt RegExp bailout processing and execute additional JavaScript, potentially triggering unexpected garbage collection in the JavaScript engine. This affe...

This CVE describes memory safety bugs in Firefox and Thunderbird that could lead to memory corruption. With sufficient effort, attackers could potentially exploit these vulnerabilities to execute arbi...

A race condition vulnerability in Mozilla Firefox, Firefox ESR, and Thunderbird could cause private browsing tabs to open in normal browsing windows, potentially leaking private browsing data. This af...

This vulnerability allows attackers to hide the fullscreen notification in Firefox and Thunderbird by rapidly requesting fullscreen mode, enabling potential UI spoofing attacks. It affects users runni...

This vulnerability allows attackers to embed malicious links in Thunderbird address book fields. When another user imports the infected address book and clicks the link, JavaScript executes within Thu...

Thunderbird email client displays incorrect sender addresses when emails use invalid group name syntax in the From field. This allows attackers to spoof sender identities, potentially tricking users i...

This vulnerability in Mozilla's WebChannel API allows privilege escalation by accepting arbitrary principal information from untrusted sources. Attackers could exploit this to gain elevated privileges...

This vulnerability allows attackers to bypass certificate validation when Firefox or Thunderbird redirects from a secure server to an insecure one using Alt-Svc. This could enable man-in-the-middle at...

This CVE describes memory safety bugs in Mozilla Firefox and Thunderbird that could lead to memory corruption. With sufficient effort, attackers could potentially exploit these vulnerabilities to exec...