Description
Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, cause denial of service, bypass security restrictions, spoof user interface.
Below is a complete list of vulnerabilities:
- Memory safety vulnerability can be exploited to execute arbitrary code.
- Privilege escalation vulnerability in the DOM can be exploited remotely to gain privileges.
- Use-after-free vulnerability in the Audio/Video can be exploited to cause denial of service or execute arbitrary code.
- Use-after-free vulnerability in the WebRTC can be exploited to cause denial of service or execute arbitrary code.
- JIT miscompilation vulnerability in the JavaScript Engine can be exploited to cause denial of service.
- Privilege escalation vulnerability in the Netmonitor component can be exploited remotely to gain privileges.
- Same-origin policy bypass vulnerability in the Request Handling component can be exploited to bypass security restrictions.
- Incorrect boundary conditions vulnerability in the Graphics component can be exploited to cause denial of service.
- Spoofing vulnerability in the Downloads Panel component can be exploited to spoof user interface.
Original advisories
Related products
CVE list
- CVE-2025-14321 critical
- CVE-2025-14322 critical
- CVE-2025-14323 critical
- CVE-2025-14324 critical
- CVE-2025-14325 high
- CVE-2025-14326 critical
- CVE-2025-14327 critical
- CVE-2025-14328 critical
- CVE-2025-14329 critical
- CVE-2025-14330 critical
- CVE-2025-14331 high
- CVE-2025-14332 high
- CVE-2025-14333 critical
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!