A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog.
*This bug only affects Thunderbird for An
A specially crafted filename containing a large number of spaces could obscure the file's extension when displayed in the download dialog.
*This bug only affects Firefox for Android. Other versions of
A vulnerability existed in Thunderbird for Android where potentially sensitive library locations were logged via Logcat. This vulnerability was fixed in Firefox 138 and Thunderbird 138.
By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a ne
If a user saved a response from the Network tab in Devtools using the Save As context menu option, that file may not have been saved with the `.download` file extension. This could have led to the use
Information disclosure in the XML component. This vulnerability was fixed in Firefox 147 and Thunderbird 147.
Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based clipboard history if enabled. This vulnerability affects F
Due to insufficient escaping of special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's syst
A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. This
A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and
Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1,
jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was us
The executable file warning was not presented when downloading .library-ms files.
*Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerabili
Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's s
Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user into executing unexpected code. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox E
Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.
Information disclosure in the Form Autofill component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
Information disclosure, mitigation bypass in the Settings UI component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
Spoofing issue in the Downloads Panel component. This vulnerability was fixed in Firefox 146, Thunderbird 146, Firefox ESR 140.7, and Thunderbird 140.7.
An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 12
Page 1+ Next →