Search CVE reports

Toggle filters

141 – 150 of 2202 results

CVE-2025-4087

Medium priority

Some fixes available 1 of 12

A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory...

9 affected packages

mozjs68, firefox, thunderbird, mozjs38, mozjs52...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mozjs68 Not in release Not in release Ignored
firefox Not affected Not affected Not in release
thunderbird Not affected Fixed Not in release
mozjs38 Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Needs evaluation Ignored
mozjs78 Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release
mozjs102 Ignored Ignored Not in release
mozjs115 Ignored Not in release Not in release
Show all 9 packages Show less packages

CVE-2025-4086

Medium priority
Not affected

A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. *This bug only affects Thunderbird for Android. Other versions...

2 affected packages

firefox, thunderbird

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Not in release
thunderbird Not affected Not affected Not in release
Show less packages

CVE-2025-4085

Medium priority
Needs evaluation

An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. This vulnerability affects Firefox < 138 and Thunderbird < 138.

9 affected packages

mozjs38, firefox, thunderbird, mozjs52, mozjs68...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mozjs38 Not in release Not in release Not in release Needs evaluation
firefox Not affected Not affected Not in release
thunderbird Not affected Not affected Not in release
mozjs52 Not in release Not in release Needs evaluation Ignored
mozjs68 Not in release Not in release Ignored
mozjs78 Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release
mozjs102 Ignored Ignored Not in release
mozjs115 Ignored Not in release Not in release
Show all 9 packages Show less packages

CVE-2025-4084

Medium priority
Not affected

Due to insufficient escaping of the special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. *This bug only affects...

2 affected packages

firefox, thunderbird

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Not in release
thunderbird Not affected Not affected Not in release
Show less packages

CVE-2025-4083

Medium priority

Some fixes available 1 of 12

A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a...

9 affected packages

mozjs78, firefox, thunderbird, mozjs38, mozjs52...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mozjs78 Not in release Ignored Not in release
firefox Not affected Not affected Not in release
thunderbird Not affected Fixed Not in release
mozjs38 Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Needs evaluation Ignored
mozjs68 Not in release Not in release Ignored
mozjs91 Not in release Ignored Not in release
mozjs102 Ignored Ignored Not in release
mozjs115 Ignored Not in release Not in release
Show all 9 packages Show less packages

CVE-2025-4082

Medium priority
Not affected

Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges. *This bug only affects Thunderbird for macOS. Other...

2 affected packages

firefox, thunderbird

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Not in release
thunderbird Not affected Not affected Not in release
Show less packages

CVE-2025-2817

Medium priority
Not affected

Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could...

2 affected packages

firefox, thunderbird

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Not in release
thunderbird Not affected Not affected Not in release
Show less packages

CVE-2025-3523

Medium priority
Fixed

When an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL header, only the last link is shown when hovering over any attachment. Although the correct link is used on click, the...

1 affected package

thunderbird

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
thunderbird Not affected Fixed Not in release
Show less packages

CVE-2025-3522

Medium priority
Fixed

Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an email is opened, Thunderbird accesses the specified URL to determine file size, and navigates to it...

1 affected package

thunderbird

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
thunderbird Not affected Fixed Not in release
Show less packages

CVE-2025-2830

Medium priority
Fixed

By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a new message. This vulnerability...

1 affected package

thunderbird

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
thunderbird Not affected Fixed Not in release
Show less packages
  1. Previous page
  2. 13
  3. 14
  4. 15
  5. 16
  6. 17
  7. Next page
Export to JSON