Description
Multiple vulnerabilities were found in Mozilla Thunderbird ESR. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, cause denial of service, spoof user interface.
Below is a complete list of vulnerabilities:
- Use-after-free vulnerability in the Audio/Video component can be exploited to cause denial of service or execute arbitrary code.
- Mitigation bypass vulnerability in the DOM: Security component can be exploited to bypass security restrictions.
- Race condition vulnerability in the Graphics component can be exploited to cause denial of service.
- Mitigation bypass vulnerability in the DOM: Core & HTML component can be exploited to bypass security restrictions.
- Same-origin policy bypass vulnerability in the DOM: Workers component can be exploited to bypass security restrictions.
- Spoofing vulnerability in Firefox can be exploited to spoof user interface.
- Same-origin policy bypass vulnerability in the DOM: Notifications component can be exploited to bypass security restrictions.
- Incorrect boundary conditions vulnerability in the JavaScript: WebAssembly component can be exploited to cause denial of service.
- Use-after-free vulnerability in the WebRTC: Audio/Video component can be exploited to cause denial of service or execute arbitrary code.
Original advisories
Related products
CVE list
- CVE-2025-13012 critical
- CVE-2025-13013 high
- CVE-2025-13014 critical
- CVE-2025-13015 warning
- CVE-2025-13016 critical
- CVE-2025-13017 critical
- CVE-2025-13018 critical
- CVE-2025-13019 critical
- CVE-2025-13020 critical
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!