thunderbird vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the thunderbird package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
L CVE-2024-3864	<115.10.1-r0
H CVE-2023-6208	<115.5.0-r0
M Use After Free	<115.5.0-r0
M Improper Restriction of Rendered UI Layers or Frames	<115.5.0-r0
H Out-of-bounds Write	<115.5.0-r0
M Out-of-bounds Read	<115.5.0-r0
H Use After Free	<115.5.0-r0
M Directory Traversal	<115.5.0-r0
M CVE-2023-5732	<115.4.0-r0
M Improper Restriction of Rendered UI Layers or Frames	<115.4.0-r0
M CVE-2023-5727	<115.4.0-r0
H CVE-2023-5724	<115.4.0-r0
H CVE-2023-5728	<115.4.0-r0
M CVE-2023-5726	<115.4.0-r0
C Out-of-bounds Write	<115.4.0-r0
M CVE-2023-5725	<115.4.0-r0
M Authentication Bypass	<102.1.0-r0
C Use After Free	<102.0-r0
M CVE-2022-34479	<102.1.0-r0
H Integer Overflow or Wraparound	<102.1.0-r0
H Use After Free	<102.1.0-r0
M CVE-2022-34472	<102.1.0-r0
H Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	<102.0-r0
M CVE-2022-34478	<102.1.0-r0
H CVE-2022-34468	<102.0-r0
M Cross-site Scripting (XSS)	<102.0-r0
M Improper Certificate Validation	<91.10.0-r0
C Out-of-bounds Read	<91.10.0-r0
H CVE-2022-31740	<91.10.0-r0
C CVE-2022-31736	<91.10.0-r0
H CVE-2022-31739	<91.10.0-r0
C Out-of-bounds Write	<91.10.0-r0
M CVE-2022-31742	<91.10.0-r0
M Authentication Bypass	<91.10.0-r0
H Use of Uninitialized Resource	<91.10.0-r0
M CVE-2022-1520	<91.9.0-r0
L CVE-2022-26388	<91.7.0-r0
M Files or Directories Accessible to External Parties	<91.3.2-r0
C Out-of-bounds Write	<91.4.0-r0
H Arbitrary Command Injection	<78.7.0-r0
H Use After Free	<91.3.2-r0
M CVE-2022-29913	<91.9.0-r0
H Out-of-bounds Write	<91.3.2-r0
H Out-of-bounds Write	<91.6.2-r0
M CVE-2021-38502	<91.3.2-r0
H Cleartext Transmission of Sensitive Information	<68.9.0-r0
M Improper Privilege Management	<91.4.0-r0
H Out-of-bounds Write	<78.5.1-r0
M Use of Uninitialized Resource	<68.5.0-r0
M CVE-2021-29957	<91.3.2-r0
H Out-of-bounds Read	<91.3.2-r0
L Race Condition	<91.3.2-r0
M Improper Certificate Validation	<91.8.0-r0
M Origin Validation Error	<68.8.0-r0
M Use of Uninitialized Resource	<68.5.0-r0
M CVE-2021-4126	<91.4.1-r0
M Improper Privilege Management	<91.3.2-r0
M Cleartext Storage of Sensitive Information	<91.3.2-r0
M NULL Pointer Dereference	<68.5.0-r0
M Cleartext Storage of Sensitive Information	<68.5.0-r0
H Time-of-check Time-of-use (TOCTOU)	<91.6.0-r0
H Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	<91.9.1-r0
H Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	<91.9.1-r0
M CVE-2022-29916	<91.9.0-r0
M Improper Restriction of Rendered UI Layers or Frames	<91.9.0-r0
H Incorrect Default Permissions	<91.9.0-r0
C Out-of-bounds Write	<91.9.0-r0
M CVE-2022-29914	<91.9.0-r0
M Open Redirect	<91.9.0-r0
H Out-of-bounds Write	<91.8.0-r0
M Out-of-bounds Read	<91.8.0-r0
M Improper Restriction of Rendered UI Layers or Frames	<91.8.0-r0
H Inefficient Regular Expression Complexity	<91.8.0-r0
M Use After Free	<91.8.0-r0
H Out-of-bounds Write	<91.8.0-r0
M Use After Free	<91.8.0-r0
M Use After Free	<91.8.0-r0
M CVE-2022-26386	<91.7.0-r0
C CVE-2022-26384	<91.7.0-r0
M CVE-2022-26383	<91.7.0-r0
H Use After Free	<91.7.0-r0
H Use After Free	<91.6.2-r0
C Use After Free	<91.6.2-r0
H Out-of-bounds Write	<91.6.0-r0
M Information Exposure	<91.6.0-r0
C CVE-2022-22759	<91.6.0-r0
H CVE-2022-22761	<91.6.0-r0
M Incorrect Authorization	<91.6.0-r0
H CVE-2022-22763	<91.6.0-r0
H CVE-2022-22756	<91.6.0-r0
M CVE-2022-22745	<91.5.0-r0
M Improper Certificate Validation	<91.5.0-r0
H Use After Free	<91.5.0-r0
M Out-of-bounds Read	<91.5.0-r0
H CVE-2022-22741	<91.5.0-r0
M CVE-2022-22743	<91.5.0-r0
C XML Injection	<91.5.0-r0
M CVE-2022-22748	<91.5.0-r0
H Out-of-bounds Write	<91.5.0-r0
H Improper Encoding or Escaping of Output	<91.5.0-r0
H Race Condition	<91.5.0-r0
H Out-of-bounds Write	<91.5.0-r0
M CVE-2022-22739	<91.5.0-r0
M Race Condition	<91.5.0-r0
C Out-of-Bounds	<91.4.1-r0
M Improper Restriction of Rendered UI Layers or Frames	<91.4.0-r0
M CVE-2021-43541	<91.4.0-r0
H Use After Free	<91.4.0-r0
H Incorrect Type Conversion or Cast	<91.4.0-r0
M Information Exposure	<91.4.0-r0
M Race Condition	<91.4.0-r0
M Excessive Iteration	<91.4.0-r0
M Cross-site Scripting (XSS)	<91.4.0-r0
M Information Exposure	<91.4.0-r0
H HTTP Request Smuggling	<91.3.2-r0
M Improper Restriction of Rendered UI Layers or Frames	<91.3.2-r0
M Improper Restriction of Excessive Authentication Attempts	<91.3.2-r0
H Use After Free	<91.3.2-r0
M Origin Validation Error	<91.3.2-r0
M Missing Release of Resource after Effective Lifetime	<91.3.2-r0
H CVE-2021-29981	<91.3.2-r0
M Improper Restriction of Rendered UI Layers or Frames	<91.3.2-r0
M Origin Validation Error	<91.3.2-r0
H CVE-2021-38510	<91.3.2-r0
M Improper Restriction of Rendered UI Layers or Frames	<91.3.2-r0
C Race Condition	<91.3.2-r0
M Exposure of Resource to Wrong Sphere	<91.3.2-r0
C Incorrect Authorization	<91.3.2-r0
H Use After Free	<91.3.2-r0
H Out-of-Bounds	<91.3.2-r0
H CVE-2021-38501	<91.3.2-r0
H Use After Free	<91.3.2-r0
H CVE-2021-38500	<91.3.2-r0
M CVE-2021-38492	<91.3.2-r0
H Missing Initialization of Resource	<91.3.2-r0
H Interpretation Conflict	<91.3.2-r0
H Race Condition	<91.3.2-r0
H Use After Free	<91.3.2-r0
H Out-of-bounds Write	<91.3.2-r0
H Out-of-Bounds	<91.3.2-r0
H CVE-2021-29984	<91.3.2-r0
H Use After Free	<91.3.2-r0
H Out-of-bounds Write	<91.3.2-r0
H Out-of-bounds Write	<91.3.2-r0
H Out-of-Bounds	<91.3.2-r0
M Incorrect Calculation	<91.3.2-r0
H Integer Overflow or Wraparound	<91.3.2-r0
H Arbitrary Argument Injection	<91.3.2-r0
H Improper Privilege Management	<91.3.2-r0
M Insufficient Verification of Data Authenticity	<91.3.2-r0
H Operation on a Resource after Expiration or Release	<91.3.2-r0
H Missing Initialization of Resource	<91.3.2-r0
H Out-of-Bounds	<78.9.0-r0
M Authentication Bypass	<78.9.0-r0
M Inadequate Encryption Strength	<78.9.0-r0
H Out-of-Bounds	<78.9.0-r0
H CVE-2021-23978	<78.9.0-r0
M Information Exposure	<78.9.0-r0
M Information Exposure	<78.9.0-r0
M CVE-2021-23969	<78.9.0-r0
H CVE-2021-23961	<91.3.2-r0
H CVE-2021-23960	<78.7.0-r0
H Out-of-Bounds	<78.7.0-r0
H Access of Resource Using Incompatible Type ('Type Confusion')	<78.7.0-r0
M CVE-2021-23953	<78.7.0-r0
M CVE-2020-26976	<78.7.0-r0
H Use After Free	<78.6.1-r0
H CVE-2020-35112	<78.6.1-r0
H Out-of-bounds Write	<78.6.1-r0
M CVE-2020-26978	<78.6.1-r0
M CVE-2020-35111	<78.6.1-r0
H Out-of-bounds Write	<78.6.1-r0
H Out-of-bounds Write	<78.6.1-r0
M Information Exposure	<78.6.1-r0
H CVE-2020-26973	<78.6.1-r0
H Out-of-bounds Write	<78.5.1-r0
M Improper Cross-boundary Removal of Sensitive Data	<78.5.1-r0
M CVE-2020-26966	<78.5.1-r0
M CVE-2020-26961	<78.5.1-r0
H Use After Free	<78.5.1-r0
H Use After Free	<78.5.1-r0
M Cross-site Scripting (XSS)	<78.5.1-r0
M Cross-site Scripting (XSS)	<78.5.1-r0
M Improper Restriction of Rendered UI Layers or Frames	<78.5.1-r0
M Cross-site Scripting (XSS)	<78.5.1-r0
H Use After Free	<78.5.1-r0
M CVE-2020-16012	<78.5.1-r0
H Use After Free	<78.5.1-r0
C CVE-2020-15683	<78.5.1-r0
M Out-of-bounds Write	<78.5.1-r0
M Improper Input Validation	<68.5.0-r0
M Cross-site Scripting (XSS)	<68.5.0-r0
H Out-of-Bounds	<68.5.0-r0
M Information Exposure	<68.9.0-r0
M Use After Free	<68.9.0-r0
H Insufficient Verification of Data Authenticity	<68.9.0-r0
H Out-of-Bounds	<68.9.0-r0
M Out-of-bounds Read	<68.6.0-r0
H Use After Free	<68.6.0-r0
H Out-of-bounds Read	<68.6.0-r0
H Use After Free	<68.6.0-r0
H Arbitrary Code Injection	<68.6.0-r0
M Information Exposure	<68.6.0-r0
C Out-of-Bounds	<68.6.0-r0
H Out-of-Bounds	<68.7.0-r0
H Out-of-bounds Write	<68.7.0-r0
C Out-of-Bounds	<68.7.0-r0
H Use After Free	<68.7.0-r0
H Double Free	<68.7.0-r0
H Out-of-Bounds	<68.10.0-r0
M Out-of-bounds Read	<68.10.0-r0
H Use After Free	<68.10.0-r0
H Use After Free	<68.10.0-r0
M Improper Certificate Validation	<68.10.0-r0
H Race Condition	<68.8.0-r0
M Information Exposure	<68.8.0-r0
H Arbitrary Code Injection	<68.8.0-r0
C Out-of-Bounds	<68.8.0-r0
C Buffer Overflow	<68.8.0-r0