Multiple vulnerabilities in Mozilla Thunderbird

Описание

Multiple vulnerabilities were found in Mozilla Thunderbird Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, cause denial of service, spoof user interface.

Below is a complete list of vulnerabilities:

1. Use-after-free vulnerability in the Audio/Video component can be exploited to cause denial of service or execute arbitrary code.
2. Mitigation bypass vulnerability in the DOM: Security component can be exploited to bypass security restrictions.
3. Incorrect boundary conditions vulnerability in the Graphics: WebGPU component can be exploited to cause denial of service.
4. Sandbox escape due to incorrect boundary conditions vulnerability in the Graphics: WebGPU component can be exploited to cause denial of service.
5. Race condition vulnerability in the Graphics component can be exploited to cause denial of service.
6. Memory safety vulnerability in Firefox can be exploited to execute arbitrary code.
7. Mitigation bypass vulnerability in the DOM: Core & HTML component can be exploited to bypass security restrictions.
8. Same-origin policy bypass vulnerability in the DOM: Workers component can be exploited to bypass security restrictions.
9. JIT miscompilation vulnerability in the JavaScript Engine: JIT component can be exploited to cause denial of service.
10. Spoofing vulnerability in Firefox can be exploited to spoof user interface.
11. Same-origin policy bypass vulnerability in the DOM: Notifications component can be exploited to bypass security restrictions.
12. Incorrect boundary conditions vulnerability in the JavaScript: WebAssembly component can be exploited to cause denial of service.
13. Use-after-free vulnerability in the WebRTC: Audio/Video component can be exploited to cause denial of service or execute arbitrary code.

Первичный источник обнаружения

• MFSA2025-90
  

Эксплуатация

Public exploits exist for this vulnerability.

Связанные продукты

• Mozilla-Thunderbird

Список CVE

• CVE-2025-13012
  critical
• CVE-2025-13013
  high
• CVE-2025-13014
  critical
• CVE-2025-13015
  warning
• CVE-2025-13016
  critical
• CVE-2025-13017
  critical
• CVE-2025-13018
  critical
• CVE-2025-13019
  critical
• CVE-2025-13020
  critical
• CVE-2025-13021
  critical
• CVE-2025-13022
  critical
• CVE-2025-13023
  critical
• CVE-2025-13024
  critical
• CVE-2025-13025
  critical
• CVE-2025-13026
  critical
• CVE-2025-13027
  critical

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com