5.4
CVE-2024-11695 - firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters
A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
6.1
CVE-2024-11694 - firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims
Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP `frame-src` bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability aโฆ
9.8
CVE-2024-11693 - firefox: thunderbird: Download Protections were bypassed by .library-ms files on Windows
The executable file warning was not presented when downloading .library-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
7.5
CVE-2024-11702 - firefox: thunderbird: Inadequate Clipboard Protection in Private Browsing Mode on Android
Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based clipboard history if enabled. This vulnerability affects Firefox < 133 and Thunderbird < 133.
8.1
CVE-2024-11700 - firefox: thunderbird: Potential Tapjacking Exploit for Intent Confirmation on Android
Malicious websites may have been able to perform user intent confirmation through tapjacking. This could have led to users unknowingly approving the launch of external applications, potentially exposing them to underlying vulnerabilities. This vulnerability affects Firefox < 133 and Thunderbird < 1โฆ
4.3
CVE-2024-11701 - firefox: thunderbird: Misleading Address Bar State During Navigation Interruption
The incorrect domain may have been displayed in the address bar during an interrupted navigation attempt. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133 and Thunderbird < 133.
4.3
CVE-2024-11692 - firefox: thunderbird: Select list elements could be shown over another site
An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
8.8
CVE-2024-11691 - firefox: thunderbird: Memory corruption in Apple GPU drivers
Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. *This bug only affected the application on Apple M series hardware. Other platforms were unaffected.* This vulnerability affects Firefox โฆ
4.3
CVE-2024-9929 -
A vulnerability exists in NSD570 that allows any authenticated user to access all device logs disclosing login information with timestamps.
5.3
CVE-2024-9928 -
A vulnerability exists in NSD570 login panel that does not restrict excessive authentication attempts. If exploited, this could cause account takeover and unauthorized access to the system when an attacker conducts brute-force attacks against the equipment login. Note that the system supports only โฆ