Search CVE reports

Toggle filters

111 – 120 of 2874 results

CVE-2025-4086

Medium priority
Not affected

A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. *This bug only affects Thunderbird for Android. Other versions...

2 affected packages

firefox, thunderbird

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Not in release
thunderbird Not affected Not affected Not in release
Show less packages

CVE-2025-4085

Medium priority
Needs evaluation

An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. This vulnerability affects Firefox < 138 and Thunderbird < 138.

9 affected packages

mozjs38, firefox, thunderbird, mozjs52, mozjs68...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mozjs38 Not in release Not in release Not in release Needs evaluation
firefox Not affected Not affected Not in release
thunderbird Not affected Not affected Not in release
mozjs52 Not in release Not in release Needs evaluation Ignored
mozjs68 Not in release Not in release Ignored
mozjs78 Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release
mozjs102 Ignored Ignored Not in release
mozjs115 Ignored Not in release Not in release
Show all 9 packages Show less packages

CVE-2025-4084

Medium priority
Not affected

Due to insufficient escaping of the special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. *This bug only affects...

2 affected packages

firefox, thunderbird

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Not in release
thunderbird Not affected Not affected Not in release
Show less packages

CVE-2025-4083

Medium priority

Some fixes available 1 of 12

A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a...

9 affected packages

mozjs78, firefox, thunderbird, mozjs38, mozjs52...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mozjs78 Not in release Ignored Not in release
firefox Not affected Not affected Not in release
thunderbird Not affected Fixed Not in release
mozjs38 Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Needs evaluation Ignored
mozjs68 Not in release Not in release Ignored
mozjs91 Not in release Ignored Not in release
mozjs102 Ignored Ignored Not in release
mozjs115 Ignored Not in release Not in release
Show all 9 packages Show less packages

CVE-2025-4082

Medium priority
Not affected

Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges. *This bug only affects Thunderbird for macOS. Other...

2 affected packages

firefox, thunderbird

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Not in release
thunderbird Not affected Not affected Not in release
Show less packages

CVE-2025-2817

Medium priority
Not affected

Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could...

2 affected packages

firefox, thunderbird

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Not in release
thunderbird Not affected Not affected Not in release
Show less packages

CVE-2025-3608

Medium priority
Needs evaluation

A race condition existed in nsHttpTransaction that could have been exploited to cause memory corruption, potentially leading to an exploitable condition. This vulnerability affects Firefox < 137.0.2.

9 affected packages

mozjs52, firefox, thunderbird, mozjs38, mozjs68...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
mozjs52 Not in release Not in release Needs evaluation Ignored
firefox Not affected Not affected Not in release
thunderbird Not affected Not affected Not in release
mozjs38 Not in release Not in release Not in release Needs evaluation
mozjs68 Not in release Not in release Ignored
mozjs78 Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release
mozjs102 Ignored Ignored Not in release
mozjs115 Ignored Not in release Not in release
Show all 9 packages Show less packages

CVE-2025-3035

Medium priority
Needs evaluation

By first using the AI chatbot in one tab and later activating it in another tab, the document title of the previous tab would leak into the chat prompt. This vulnerability affects Firefox < 137.

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Not in release
thunderbird Not affected Not affected Not in release
mozjs38 Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Needs evaluation Ignored
mozjs68 Not in release Not in release Ignored
mozjs78 Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release
mozjs102 Ignored Ignored Not in release
mozjs115 Ignored Not in release Not in release
Show all 9 packages Show less packages

CVE-2025-3034

Medium priority
Needs evaluation

Memory safety bugs present in Firefox 136 and Thunderbird 136. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This...

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Not in release
thunderbird Not affected Not affected Not in release
mozjs38 Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Needs evaluation Ignored
mozjs68 Not in release Not in release Ignored
mozjs78 Not in release Ignored Not in release
mozjs91 Not in release Ignored Not in release
mozjs102 Ignored Ignored Not in release
mozjs115 Ignored Not in release Not in release
Show all 9 packages Show less packages

CVE-2025-3033

Medium priority
Not affected

After selecting a malicious Windows `.url` shortcut from the local filesystem, an unexpected file could be uploaded. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects...

2 affected packages

firefox, thunderbird

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Not in release
thunderbird Not affected Not affected Not in release
Show less packages
  1. Previous page
  2. 10
  3. 11
  4. 12
  5. 13
  6. 14
  7. Next page
Export to JSON