CVE search results

91 – 100 of 2147 results

Detailed view

Sort by:

CVE-2025-4082

Medium priority

Not affected

Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges. *This bug only affects Thunderbird for macOS. Other...

2 affected packages

firefox, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not in release	—
thunderbird	Not affected	Not affected	Not in release	—

CVE-2025-2817

Medium priority

Not affected

Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could...

2 affected packages

firefox, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not in release	—
thunderbird	Not affected	Not affected	Not in release	—

CVE-2025-3523

Medium priority

Fixed

When an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL header, only the last link is shown when hovering over any attachment. Although the correct link is used on click, the...

1 affected package

thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
thunderbird	Not affected	Fixed	Not in release	—

CVE-2025-3522

Medium priority

Fixed

Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an email is opened, Thunderbird accesses the specified URL to determine file size, and navigates to it...

1 affected package

thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
thunderbird	Not affected	Fixed	Not in release	—

CVE-2025-2830

Medium priority

Fixed

By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a new message. This vulnerability...

1 affected package

thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
thunderbird	Not affected	Fixed	Not in release	—

CVE-2025-3608

Medium priority

Needs evaluation

A race condition existed in nsHttpTransaction that could have been exploited to cause memory corruption, potentially leading to an exploitable condition. This vulnerability affects Firefox < 137.0.2.

9 affected packages

mozjs52, firefox, thunderbird, mozjs38, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
mozjs52	Not in release	Not in release	Needs evaluation	Ignored
firefox	Not affected	Not affected	Not in release	—
thunderbird	Not affected	Not affected	Not in release	—
mozjs38	Not in release	Not in release	Not in release	Needs evaluation
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	Not in release	—
mozjs91	Not in release	Ignored	Not in release	—
mozjs102	Ignored	Ignored	Not in release	—
mozjs115	Ignored	Not in release	Not in release	—

CVE-2025-3035

Medium priority

Needs evaluation

By first using the AI chatbot in one tab and later activating it in another tab, the document title of the previous tab would leak into the chat prompt. This vulnerability affects Firefox < 137.

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not in release	—
thunderbird	Not affected	Not affected	Not in release	—
mozjs38	Not in release	Not in release	Not in release	Needs evaluation
mozjs52	Not in release	Not in release	Needs evaluation	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	Not in release	—
mozjs91	Not in release	Ignored	Not in release	—
mozjs102	Ignored	Ignored	Not in release	—
mozjs115	Ignored	Not in release	Not in release	—

CVE-2025-3034

Medium priority

Needs evaluation

Memory safety bugs present in Firefox 136 and Thunderbird 136. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This...

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not in release	—
thunderbird	Not affected	Not affected	Not in release	—
mozjs38	Not in release	Not in release	Not in release	Needs evaluation
mozjs52	Not in release	Not in release	Needs evaluation	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	Not in release	—
mozjs91	Not in release	Ignored	Not in release	—
mozjs102	Ignored	Ignored	Not in release	—
mozjs115	Ignored	Not in release	Not in release	—

CVE-2025-3033

Medium priority

Not affected

After selecting a malicious Windows `.url` shortcut from the local filesystem, an unexpected file could be uploaded. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects...

2 affected packages

firefox, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not in release	—
thunderbird	Not affected	Not affected	Not in release	—

CVE-2025-3032

Medium priority

Needs evaluation

Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks. This vulnerability affects Firefox < 137 and Thunderbird < 137.

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not in release	—
thunderbird	Not affected	Not affected	Not in release	—
mozjs38	Not in release	Not in release	Not in release	Needs evaluation
mozjs52	Not in release	Not in release	Needs evaluation	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	Not in release	—
mozjs91	Not in release	Ignored	Not in release	—
mozjs102	Ignored	Ignored	Not in release	—
mozjs115	Ignored	Not in release	Not in release	—

Export to JSON

Results by page:

Search CVE reports