Description
Multiple vulnerabilities were found in Mozilla Thunderbird ESR. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, gain privileges, bypass security restrictions.
Below is a complete list of vulnerabilities:
- Use-after-free vulnerability in the WebRTC can be exploited to cause denial of service or execute arbitrary code.
- Incorrect boundary conditions vulnerability in the Graphics component can be exploited to cause denial of service.
- Privilege escalation vulnerability in the DOM can be exploited remotely to gain privileges.
- JIT miscompilation vulnerability in the JavaScript Engine can be exploited to cause denial of service.
- Privilege escalation vulnerability in the Netmonitor component can be exploited remotely to gain privileges.
- Same-origin policy bypass vulnerability in the Request Handling component can be exploited to bypass security restrictions.
- Memory safety vulnerability can be exploited to execute arbitrary code.
Original advisories
Related products
CVE list
- CVE-2025-14321 critical
- CVE-2025-14322 critical
- CVE-2025-14323 critical
- CVE-2025-14324 critical
- CVE-2025-14325 high
- CVE-2025-14328 critical
- CVE-2025-14329 critical
- CVE-2025-14330 critical
- CVE-2025-14331 high
- CVE-2025-14333 critical
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!