5.4
CVE-2024-11696 - firefox: thunderbird: Unhandled Exception in Add-on Signature Verification
The application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flaw, triggered by an invalid or unsupported extension manifest, could have caused runtime errors that disrupted the signature validation process. As a result, theβ¦
9.8
CVE-2024-11704 - firefox: thunderbird: Potential Double-Free Vulnerability in PKCS#7 Decryption Handling
A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption. This vulnerability affects Firefox < 133, Thunderbird < 133, Firefox Eβ¦
5.7
CVE-2024-11703 - firefox: thunderbird: Password access without authentication via PIN bypass on Android
On Android, Firefox may have inadvertently allowed viewing saved passwords without the required device PIN authentication. This vulnerability affects Firefox < 133.
5.4
CVE-2024-11695 - firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters
A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
6.1
CVE-2024-11694 - firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims
Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP `frame-src` bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability aβ¦
9.8
CVE-2024-11693 - firefox: thunderbird: Download Protections were bypassed by .library-ms files on Windows
The executable file warning was not presented when downloading .library-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
7.5
CVE-2024-11702 - firefox: thunderbird: Inadequate Clipboard Protection in Private Browsing Mode on Android
Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based clipboard history if enabled. This vulnerability affects Firefox < 133 and Thunderbird < 133.
8.1
CVE-2024-11700 - firefox: thunderbird: Potential Tapjacking Exploit for Intent Confirmation on Android
Malicious websites may have been able to perform user intent confirmation through tapjacking. This could have led to users unknowingly approving the launch of external applications, potentially exposing them to underlying vulnerabilities. This vulnerability affects Firefox < 133 and Thunderbird < 1β¦
4.3
CVE-2024-11701 - firefox: thunderbird: Misleading Address Bar State During Navigation Interruption
The incorrect domain may have been displayed in the address bar during an interrupted navigation attempt. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133 and Thunderbird < 133.
4.3
CVE-2024-11692 - firefox: thunderbird: Select list elements could be shown over another site
An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.