Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Workstation Extension 15 SP1 package MozillaThunderbird, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVE-2019-9800 — CVSS 9.8 (critical): Mozilla developers and community members reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6. Some of…
CVE-2019-11693 — CVSS 9.8 (critical): The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious…
CVE-2019-11705 — CVSS 9.8 (critical): A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in icalrecur_add_bydayrules when processing certain email…
CVE-2019-11713 — CVSS 9.8 (critical): A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially…
CVE-2019-11714 — CVSS 9.8 (critical): Necko can access a child on the wrong thread during UDP connections, resulting in a potentially exploitable crash in some instances. This…
CVE-2019-11704 — CVSS 9.8 (critical): A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in icalmemory_strdup_and_dequote when processing certain email…
CVE-2019-11709 — CVSS 9.8 (critical): Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed…
CVE-2020-15683 — CVSS 9.8 (critical): Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed…
CVE-2019-11710 — CVSS 9.8 (critical): Mozilla developers and community members reported memory safety bugs present in Firefox 67. Some of these bugs showed evidence of memory…
CVE-2019-11703 — CVSS 9.8 (critical): A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing certain email…
CVE-2020-12395 — CVSS 9.8 (critical): Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed…
CVE-2020-6831 — CVSS 9.8 (critical): A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially…
CVE-2019-11691 — CVSS 9.8 (critical): A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called…
CVE-2019-9820 — CVSS 9.8 (critical): A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially…
CVE-2020-6814 — CVSS 9.8 (critical): Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs showed evidence of memory…
CVE-2020-6825 — CVSS 9.8 (critical): Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR…
CVE-2019-11692 — CVSS 9.8 (critical): A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a…
CVE-2019-9819 — CVSS 9.8 (critical): A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable…
CVE-2019-11752 — CVSS 8.8 (high): It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. This results in a use-after-free and…
CVE-2019-11757 — CVSS 8.8 (high): When following the value's prototype chain, it was possible to retain a reference to a locale, delete it, and subsequently reference it…
CVE-2019-11758 — CVSS 8.8 (high): Mozilla community member Philipp reported a memory safety bug present in Firefox 68 when 360 Total Security was installed. This bug showed…
CVE-2019-11759 — CVSS 8.8 (high): An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack. This could be used by an…
CVE-2019-11760 — CVSS 8.8 (high): A fixed-size stack buffer could overflow in nrappkit when doing WebRTC signaling. This resulted in a potentially exploitable crash in some…
CVE-2020-6811 — CVSS 8.8 (high): The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the…
CVE-2020-6807 — CVSS 8.8 (high): When a device was changed while a stream was about to be destroyed, the <code>stream-reinit</code> task may have been executed after the…
CVE-2019-11764 — CVSS 8.8 (high): Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firefox ESR 68.1. Some of these bugs showed…
CVE-2020-6806 — CVSS 8.8 (high): By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script…
CVE-2020-15669 — CVSS 8.8 (high): When aborting an operation, such as a fetch, an abort signal may be deleted while alerting the objects to be notified. This results in a…
CVE-2020-15673 — CVSS 8.8 (high): Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs showed evidence of memory…
CVE-2020-26968 — CVSS 8.8 (high): Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory…
CVE-2020-26960 — CVSS 8.8 (high): If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a…
CVE-2020-15678 — CVSS 8.8 (high): When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This…
CVE-2020-15685 — CVSS 8.8 (high): During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted…
CVE-2020-15969 — CVSS 8.8 (high): Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2020-26959 — CVSS 8.8 (high): During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory…
CVE-2020-16044 — CVSS 8.8 (high): Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2020-26950 — CVSS 8.8 (high): In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free…
CVE-2019-11711 — CVSS 8.8 (high): When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different…
CVE-2019-11712 — CVSS 8.8 (high): POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can…
CVE-2021-23960 — CVSS 8.8 (high): Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash…
CVE-2021-23954 — CVSS 8.8 (high): Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory…
CVE-2020-6822 — CVSS 8.8 (high): On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in <code>GMPDecodeData</code>. It is…
CVE-2019-11740 — CVSS 8.8 (high): Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. Some of these…
CVE-2021-23964 — CVSS 8.8 (high): Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory…
CVE-2019-11745 — CVSS 8.8 (high): When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds…
CVE-2019-11746 — CVSS 8.8 (high): A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a…
CVE-2019-17017 — CVSS 8.8 (high): Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough…
CVE-2020-6805 — CVSS 8.8 (high): When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a…
CVE-2020-6800 — CVSS 8.8 (high): Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Some of these bugs showed…
CVE-2019-17024 — CVSS 8.8 (high): Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of memory…
CVE-2020-6463 — CVSS 8.8 (high): Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2020-35113 — CVSS 8.8 (high): Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs showed evidence of memory…
CVE-2020-35112 — CVSS 8.8 (high): If a user downloaded a file lacking an extension on Windows, and then "Open"-ed it from the downloads panel, if there was an executable…
CVE-2020-26974 — CVSS 8.8 (high): When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This…
CVE-2020-26973 — CVSS 8.8 (high): Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer…
CVE-2020-26971 — CVSS 8.8 (high): Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. This…
CVE-2020-26970 — CVSS 8.8 (high): When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one…
CVE-2020-12406 — CVSS 8.8 (high): Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with…
CVE-2020-12410 — CVSS 8.8 (high): Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory…
CVE-2020-12417 — CVSS 8.8 (high): Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a…
CVE-2020-12419 — CVSS 8.8 (high): When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a…
CVE-2020-12420 — CVSS 8.8 (high): When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and…
CVE-2020-15659 — CVSS 8.8 (high): Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed…
CVE-2020-15663 — CVSS 8.8 (high): If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location…
CVE-2019-17005 — CVSS 8.8 (high): The plain text serializer used a fixed-size array for the number of <ol> elements it could process; however it was possible to overflow the…
CVE-2019-17008 — CVSS 8.8 (high): When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This…
CVE-2019-17012 — CVSS 8.8 (high): Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory…
CVE-2019-17015 — CVSS 8.8 (high): During the initialization of a new content process, a pointer offset can be manipulated leading to memory corruption and a potentially…
CVE-2019-9811 — CVSS 8.3 (high): As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a…
CVE-2019-11716 — CVSS 8.3 (high): Until explicitly accessed by script, window.globalThis is not enumerable and, as a result, is not visible to code such as…
CVE-2019-9818 — CVSS 8.3 (high): A race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a…
CVE-2019-9815 — CVSS 8.1 (high): If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS…
CVE-2020-12387 — CVSS 8.1 (high): A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially…
CVE-2019-17009 — CVSS 7.8 (high): When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to…
CVE-2020-12393 — CVSS 7.8 (high): The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the…
CVE-2019-11719 — CVSS 7.5 (high): When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the…
CVE-2019-11755 — CVSS 7.5 (high): A crafted S/MIME message consisting of an inner encryption layer and an outer SignedData layer was shown as having a valid digital…
CVE-2019-11729 — CVSS 7.5 (high): Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into…
CVE-2019-15903 — CVSS 7.5 (high): In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a…
CVE-2019-17010 — CVSS 7.5 (high): Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have…
CVE-2019-17011 — CVSS 7.5 (high): Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a…
CVE-2020-12398 — CVSS 7.5 (high): If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue…
CVE-2020-6821 — CVSS 7.5 (high): When reading from areas partially or fully outside the source resource with WebGL's <code>copyTexSubImage</code> method, the specification…
CVE-2019-11723 — CVSS 7.5 (high): A vulnerability exists during the installation of add-ons where the initial fetch ignored the origin attributes of the browsing context…
CVE-2019-11706 — CVSS 7.5 (high): A flaw in Thunderbird's implementation of iCal causes a type confusion in icaltimezone_get_vtimezone_properties when processing certain…
CVE-2019-11694 — CVSS 7.5 (high): A vulnerability exists in the Windows sandbox where an uninitialized value in memory can be leaked to a renderer from a broker when making…
CVE-2020-26965 — CVSS 6.5 (medium): Some websites have a feature "Show Password" where clicking a button will change a password field into a textbook field, revealing the…
CVE-2019-11721 — CVSS 6.5 (medium): The unicode latin 'kra' character can be used to spoof a standard 'k' character in the addressbar. This allows for domain spoofing attacks…
CVE-2019-11725 — CVSS 6.5 (medium): When a user navigates to site marked as unsafe by the Safebrowsing API, warning messages are displayed and navigation is interrupted but…
CVE-2019-11730 — CVSS 6.5 (medium): A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same…
CVE-2019-11739 — CVSS 6.5 (medium): Encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a a HTML reply/forward. This…
CVE-2019-11742 — CVSS 6.5 (medium): A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a <canvas>…
CVE-2019-13722 — CVSS 6.5 (medium): Inappropriate implementation in WebRTC in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap…
CVE-2019-5798 — CVSS 6.5 (medium): Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory…
CVE-2020-12418 — CVSS 6.5 (medium): Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This…
CVE-2020-12421 — CVSS 6.5 (medium): When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by…
CVE-2020-15652 — CVSS 6.5 (medium): By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This…
CVE-2020-15664 — CVSS 6.5 (medium): By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the…
CVE-2020-16042 — CVSS 6.5 (medium): Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain potentially sensitive information from…
CVE-2020-26961 — CVSS 6.5 (medium): When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming…
CVE-2020-26966 — CVSS 6.5 (medium): Searching for a single word from the address bar caused an mDNS request to be sent on the local network searching for a hostname consisting…
CVE-2020-26976 — CVSS 6.5 (medium): When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have…
CVE-2020-6514 — CVSS 6.5 (medium): Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to…
CVE-2020-6793 — CVSS 6.5 (medium): When processing an email message with an ill-formed envelope, Thunderbird could read data from a random memory location. This vulnerability…
CVE-2020-6794 — CVSS 6.5 (medium): If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still…
CVE-2020-6795 — CVSS 6.5 (medium): When processing a message that contains multiple S/MIME signatures, a bug in the MIME processing code caused a null pointer dereference…
CVE-2019-11744 — CVSS 6.1 (medium): Some HTML elements, such as <title> and <textarea>, can contain literal angle brackets without treating them as markup. It is…
CVE-2020-26956 — CVSS 6.1 (medium): In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This…
CVE-2020-26958 — CVSS 6.1 (medium): Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker…
CVE-2019-11720 — CVSS 6.1 (medium): Some unicode characters are incorrectly treated as whitespace during the parsing of web content instead of triggering parsing errors. This…
CVE-2020-15677 — CVSS 6.1 (medium): By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to…
CVE-2020-26978 — CVSS 6.1 (medium): Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as…
CVE-2020-15676 — CVSS 6.1 (medium): Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed…
CVE-2019-11724 — CVSS 6.1 (medium): Application permissions give additional remote troubleshooting permission to the site input.mozilla.org, which has been retired and now…
CVE-2019-11715 — CVSS 6.1 (medium): Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards…
CVE-2020-6798 — CVSS 6.1 (medium): If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be…
CVE-2019-17022 — CVSS 6.1 (medium): When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters…
CVE-2019-17016 — CVSS 6.1 (medium): When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This…
CVE-2019-11763 — CVSS 6.1 (medium): Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could…
CVE-2019-11762 — CVSS 6.1 (medium): If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM…
CVE-2020-26951 — CVSS 6.1 (medium): A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker…
CVE-2019-9816 — CVSS 5.9 (medium): A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the…
CVE-2020-12392 — CVSS 5.5 (medium): The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the…
CVE-2019-11761 — CVSS 5.4 (medium): By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact…
CVE-2019-11717 — CVSS 5.3 (medium): A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator…
CVE-2020-6812 — CVSS 5.3 (medium): The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites…
CVE-2019-11698 — CVSS 5.3 (medium): If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped…
CVE-2019-11727 — CVSS 5.3 (medium): A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures…
CVE-2019-9797 — CVSS 5.3 (medium): Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the…
CVE-2019-7317 — CVSS 5.3 (medium): png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
CVE-2020-12405 — CVSS 5.3 (medium): When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This…
CVE-2019-17021 — CVSS 5.3 (medium): During the initialization of a new content process, a race condition occurs that can allow a content process to disclose heap addresses…
CVE-2019-9817 — CVSS 5.3 (medium): Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a…
CVE-2019-11728 — CVSS 4.7 (medium): The HTTP Alternative Services header, Alt-Svc, can be used by a malicious site to scan all TCP ports of any host that the accessible to a…
CVE-2020-6797 — CVSS 4.3 (medium): By downloading a file with the .fileloc extension, a semi-privileged extension could launch an arbitrary application on the user's…
CVE-2020-12397 — CVSS 4.3 (medium): By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird…
CVE-2020-35111 — CVSS 4.3 (medium): When an extension with the proxy permission registered to receive <all_urls>, the proxy.onRequest callback was not triggered for…
CVE-2021-23953 — CVSS 4.3 (medium): If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said…
CVE-2020-6792 — CVSS 4.3 (medium): When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents. This vulnerability…
CVE-2018-18511 — CVSS 4.3 (medium): Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method…
CVE-2020-26953 — CVSS 4.3 (medium): It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a…
CVE-2020-16012 — CVSS 4.3 (medium): Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via…
CVE-2019-11743 — CVSS 3.7 (low): Navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specification in some instances for the unload…