Mozilla Thunderbird vulnerabilities

CVE-2024-5700 [HIGH] CWE-786 CVE-2024-5700: Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.

CVE-2024-5696 [HIGH] CWE-787 CVE-2024-5696: By manipulating the text in an `&lt;input&gt;` tag, an attacker could have caused corrupt memory lea By manipulating the text in an ` ` tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.

CVE-2024-5688 [HIGH] CWE-416 CVE-2024-5688: If a garbage collection was triggered at the right time, a use-after-free could have occurred during If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.

CVE-2024-5690 [MEDIUM] CWE-203 CVE-2024-5690: By monitoring the time certain operations take, an attacker could have guessed which external protoc By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.

CVE-2024-5693 [MEDIUM] CWE-829 CVE-2024-5693: Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image d Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.

CVE-2024-5692 [MEDIUM] CVE-2024-5692: On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser in On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as `.url` by including an invalid character in the extension. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 127, Firef

CVE-2024-5691 [MEDIUM] CWE-693 CVE-2024-5691: By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a b By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.

CVE-2024-4777 [HIGH] CWE-787 CVE-2024-4777: Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

CVE-2024-4367 [HIGH] CWE-754 CVE-2024-4367: A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execu A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

CVE-2024-4770 [HIGH] CWE-416 CVE-2024-4770: When saving a page to PDF, certain font styles could have led to a potential use-after-free crash. T When saving a page to PDF, certain font styles could have led to a potential use-after-free crash. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

CVE-2024-4768 [MEDIUM] CWE-281 CVE-2024-4768: A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a us A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

CVE-2024-4767 [MEDIUM] CWE-459 CVE-2024-4767: If the `browser.privatebrowsing.autostart` preference is enabled, IndexedDB files were not properly If the `browser.privatebrowsing.autostart` preference is enabled, IndexedDB files were not properly deleted when the window was closed. This preference is disabled by default in Firefox. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

CVE-2024-4769 [MEDIUM] CWE-351 CVE-2024-4769: When importing resources using Web Workers, error messages would distinguish the difference between When importing resources using Web Workers, error messages would distinguish the difference between `application/javascript` responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

CVE-2024-3863 [CRITICAL] CWE-434 CVE-2024-3863: The executable file warning was not presented when downloading .xrm-ms files. *Note: This issue on The executable file warning was not presented when downloading .xrm-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.

CVE-2024-3857 [HIGH] CWE-416 CVE-2024-3857: The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free crashes during garbage collection. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.

CVE-2024-3854 [HIGH] CWE-125 CVE-2024-3854: In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.

CVE-2024-3864 [HIGH] CWE-119 CVE-2024-3864: Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.

CVE-2024-3852 [HIGH] CWE-386 CVE-2024-3852: GetBoundName could return the wrong version of an object when JIT optimizations were applied. This v GetBoundName could return the wrong version of an object when JIT optimizations were applied. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.

CVE-2024-3859 [MEDIUM] CWE-125 CVE-2024-3859: On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially c On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could be triggered by a malformed OpenType font. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.

CVE-2024-3861 [MEDIUM] CWE-416 CVE-2024-3861: If an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect r If an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect reference count and later use-after-free. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.