Mozilla: >> Thunderbird >> 146.0 Security Vulnerabilities
Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
CVSS Score
8.0
EPSS Score
0.001
Published
2026-01-13
Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-01-13
Sandbox escape due to integer overflow in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
CVSS Score
8.8
EPSS Score
0.0
Published
2026-01-13
Sandbox escape in the Messaging System component. This vulnerability affects Firefox < 147 and Thunderbird < 147.
CVSS Score
10.0
EPSS Score
0.001
Published
2026-01-13
Use-after-free in the IPC component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
CVSS Score
8.8
EPSS Score
0.0
Published
2026-01-13
Information disclosure in the Networking component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
CVSS Score
5.3
EPSS Score
0.0
Published
2026-01-13
Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-01-13
Mozilla Necko, as used in Firefox, SeaMonkey, and other applications, performs DNS prefetching of domain names contained in links within local HTML documents, which makes it easier for remote attackers to determine the network location of the application's user by logging DNS requests. NOTE: the vendor disputes the significance of this issue, stating "I don't think we necessarily need to worry about that case."
CVSS Score
5.0
EPSS Score
0.002
Published
2010-01-29
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVSS Score
9.3
EPSS Score
0.044
Published
2009-12-17
Unspecified vulnerability in the browser engine in Mozilla Firefox before 3.0.16, SeaMonkey before 2.0.1, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVSS Score
9.3
EPSS Score
0.046
Published
2009-12-17