Vulnerabilities
Vulnerable Software
Mozilla:  >> Thunderbird  >> 149.0.2  Security Vulnerabilities
Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
CVSS Score
7.5
EPSS Score
0.003
Published
2026-04-21
Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
CVSS Score
7.5
EPSS Score
0.003
Published
2026-04-21
Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
CVSS Score
7.5
EPSS Score
0.003
Published
2026-04-21
Incorrect boundary conditions, integer overflow in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
CVSS Score
5.3
EPSS Score
0.002
Published
2026-04-21
Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
CVSS Score
9.8
EPSS Score
0.003
Published
2026-04-21
Mitigation bypass in the DOM: postMessage component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
CVSS Score
6.5
EPSS Score
0.002
Published
2026-04-21
Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
CVSS Score
7.5
EPSS Score
0.004
Published
2026-04-21
Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
CVSS Score
9.8
EPSS Score
0.003
Published
2026-04-21
Mozilla Necko, as used in Firefox, SeaMonkey, and other applications, performs DNS prefetching of domain names contained in links within local HTML documents, which makes it easier for remote attackers to determine the network location of the application's user by logging DNS requests. NOTE: the vendor disputes the significance of this issue, stating "I don't think we necessarily need to worry about that case."
CVSS Score
5.0
EPSS Score
0.01
Published
2010-01-29
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVSS Score
9.3
EPSS Score
0.037
Published
2009-12-17


Contact Us

Shodan ® - All rights reserved