Homepage

thunderbird vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the thunderbird package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • H
CVE-2024-11699

<0:128.5.0-1.el9_5.alma.1
  • H
CVE-2024-11697

<0:128.5.0-1.el9_5.alma.1
  • H
CVE-2024-11696

<0:128.5.0-1.el9_5.alma.1
  • H
CVE-2024-11695

<0:128.5.0-1.el9_5.alma.1
  • H
CVE-2024-11694

<0:128.5.0-1.el9_5.alma.1
  • H
CVE-2024-11692

<0:128.5.0-1.el9_5.alma.1
  • H
CVE-2024-11159

<0:128.5.0-1.el9_5.alma.1
  • M
Out-of-bounds Write

<0:128.4.0-1.el9_4.alma.1
  • M
CVE-2024-10466

<0:128.4.0-1.el9_4.alma.1
  • M
Authentication Bypass

<0:128.4.0-1.el9_4.alma.1
  • M
Out-of-bounds Read

<0:128.4.0-1.el9_4.alma.1
  • M
Information Exposure

<0:128.4.0-1.el9_4.alma.1
  • M
Authentication Bypass

<0:128.4.0-1.el9_4.alma.1
  • M
Cross-site Scripting (XSS)

<0:128.4.0-1.el9_4.alma.1
  • M
CVE-2024-10460

<0:128.4.0-1.el9_4.alma.1
  • M
Use After Free

<0:128.4.0-1.el9_4.alma.1
  • M
CVE-2024-10458

<0:128.4.0-1.el9_4.alma.1
  • H
Use After Free

<0:128.3.1-1.el9_4.alma.1
  • H
CVE-2024-9403

<0:128.3.0-1.el9_4.alma.1
  • H
CVE-2024-9402

<0:128.3.0-1.el9_4.alma.1
  • H
CVE-2024-9401

<0:128.3.0-1.el9_4.alma.1
  • H
CVE-2024-9400

<0:128.3.0-1.el9_4.alma.1
  • H
CVE-2024-9399

<0:128.3.0-1.el9_4.alma.1
  • H
CVE-2024-9398

<0:128.3.0-1.el9_4.alma.1
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:128.3.0-1.el9_4.alma.1
  • H
CVE-2024-9396

<0:128.3.0-1.el9_4.alma.1
  • H
CVE-2024-9394

<0:128.3.0-1.el9_4.alma.1
  • H
CVE-2024-9393

<0:128.3.0-1.el9_4.alma.1
  • H
CVE-2024-9392

<0:128.3.0-1.el9_4.alma.1
  • H
Use After Free

<0:128.2.0-1.el9_4.alma.1
  • H
Out-of-bounds Write

<0:128.2.0-1.el9_4.alma.1
  • H
Open Redirect

<0:128.2.0-1.el9_4.alma.1
  • H
Access of Resource Using Incompatible Type ('Type Confusion')

<0:128.2.0-1.el9_4.alma.1
  • H
Out-of-bounds Write

<0:128.2.0-1.el9_4.alma.1
  • H
CVE-2024-8382

<0:128.2.0-1.el9_4.alma.1
  • H
Access of Resource Using Incompatible Type ('Type Confusion')

<0:128.2.0-1.el9_4.alma.1
  • H
CVE-2024-7652

<0:128.2.0-1.el9_4.alma.1
  • H
CVE-2024-7529

<0:115.14.0-1.el9_4.alma.1
  • H
Use After Free

<0:115.14.0-1.el9_4.alma.1
  • H
Use After Free

<0:115.14.0-1.el9_4.alma.1
  • H
Use of Uninitialized Resource

<0:115.14.0-1.el9_4.alma.1
  • H
Incorrect Default Permissions

<0:115.14.0-1.el9_4.alma.1
  • H
Out-of-bounds Read

<0:115.14.0-1.el9_4.alma.1
  • H
Improper Handling of Exceptional Conditions

<0:115.14.0-1.el9_4.alma.1
  • H
Access of Resource Using Incompatible Type ('Type Confusion')

<0:115.14.0-1.el9_4.alma.1
  • H
Out-of-bounds Write

<0:115.14.0-1.el9_4.alma.1
  • H
CVE-2024-7518

<0:115.14.0-1.el9_4.alma.1
  • H
CVE-2024-6604

<0:115.13.0-3.el9_4.alma.1
  • H
CVE-2024-6603

<0:115.13.0-3.el9_4.alma.1
  • H
CVE-2024-6601

<0:115.13.0-3.el9_4.alma.1
  • H
CVE-2024-5702

<0:115.12.1-1.el9_4.alma.1
  • H
CVE-2024-5700

<0:115.12.1-1.el9_4.alma.1
  • H
CVE-2024-5696

<0:115.12.1-1.el9_4.alma.1
  • H
CVE-2024-5693

<0:115.12.1-1.el9_4.alma.1
  • H
CVE-2024-5691

<0:115.12.1-1.el9_4.alma.1
  • H
Information Exposure

<0:115.12.1-1.el9_4.alma.1
  • H
CVE-2024-5688

<0:115.12.1-1.el9_4.alma.1
  • H
CVE-2024-4777

<0:115.11.0-1.el9_4.alma.1
  • H
CVE-2024-4770

<0:115.11.0-1.el9_4.alma.1
  • H
CVE-2024-4769

<0:115.11.0-1.el9_4.alma.1
  • H
CVE-2024-4768

<0:115.11.0-1.el9_4.alma.1
  • H
CVE-2024-4767

<0:115.11.0-1.el9_4.alma.1
  • H
CVE-2024-4367

<0:115.11.0-1.el9_4.alma.1
  • L
CVE-2024-3864

<0:115.10.0-2.el9_3.alma.1
  • L
CVE-2024-3861

<0:115.10.0-2.el9_3.alma.1
  • L
CVE-2024-3859

<0:115.10.0-2.el9_3.alma.1
  • L
CVE-2024-3857

<0:115.10.0-2.el9_3.alma.1
  • L
CVE-2024-3854

<0:115.10.0-2.el9_3.alma.1
  • L
CVE-2024-3852

<0:115.10.0-2.el9_3.alma.1
  • L
CVE-2024-3302

<0:115.10.0-2.el9_3.alma.1
  • L
CVE-2024-2609

<0:115.10.0-2.el9_3.alma.1
  • M
CVE-2024-2614

<0:115.9.0-1.el9_3.alma.1
  • M
CVE-2024-2612

<0:115.9.0-1.el9_3.alma.1
  • M
CVE-2024-2611

<0:115.9.0-1.el9_3.alma.1
  • M
CVE-2024-2610

<0:115.9.0-1.el9_3.alma.1
  • M
CVE-2024-2608

<0:115.9.0-1.el9_3.alma.1
  • M
CVE-2024-2607

<0:115.9.0-1.el9_3.alma.1
  • M
CVE-2024-1936

<0:115.9.0-1.el9_3.alma.1
  • M
Unchecked Return Value

<0:115.9.0-1.el9_3.alma.1
  • M
CVE-2023-5388

<0:115.9.0-1.el9_3.alma.1
  • H
CVE-2024-1553

<0:115.8.0-1.el9_3.alma
  • H
Incorrect Conversion between Numeric Types

<0:115.8.0-1.el9_3.alma
  • H
CVE-2024-1551

<0:115.8.0-1.el9_3.alma
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:115.8.0-1.el9_3.alma
  • H
CVE-2024-1549

<0:115.8.0-1.el9_3.alma
  • H
CVE-2024-1548

<0:115.8.0-1.el9_3.alma
  • H
CVE-2024-1547

<0:115.8.0-1.el9_3.alma
  • H
CVE-2024-1546

<0:115.8.0-1.el9_3.alma
  • H
CVE-2024-0755

<0:115.7.0-1.el9_3.alma
  • H
CVE-2024-0753

<0:115.7.0-1.el9_3.alma
  • H
Improper Privilege Management

<0:115.7.0-1.el9_3.alma
  • H
CVE-2024-0750

<0:115.7.0-1.el9_3.alma
  • H
Origin Validation Error

<0:115.7.0-1.el9_3.alma
  • H
CVE-2024-0747

<0:115.7.0-1.el9_3.alma
  • H
CVE-2024-0746

<0:115.7.0-1.el9_3.alma
  • H
CVE-2024-0742

<0:115.7.0-1.el9_3.alma
  • H
Out-of-bounds Write

<0:115.7.0-1.el9_3.alma
  • H
Out-of-bounds Write

<0:115.6.0-1.el9_3.alma
  • H
CVE-2023-6863

<0:115.6.0-1.el9_3.alma
  • H
Use After Free

<0:115.6.0-1.el9_3.alma
  • H
Out-of-bounds Write

<0:115.6.0-1.el9_3.alma
  • H
CVE-2023-6860

<0:115.6.0-1.el9_3.alma
  • H
Use After Free

<0:115.6.0-1.el9_3.alma
  • H
Out-of-bounds Write

<0:115.6.0-1.el9_3.alma
  • H
Race Condition

<0:115.6.0-1.el9_3.alma
  • H
Out-of-bounds Write

<0:115.6.0-1.el9_3.alma
  • H
CVE-2023-50762

<0:115.6.0-1.el9_3.alma
  • H
CVE-2023-50761

<0:115.6.0-1.el9_3.alma
  • H
Out-of-bounds Write

<0:115.5.0-1.el9_3.alma
  • H
Directory Traversal

<0:115.5.0-1.el9_3.alma
  • H
CVE-2023-6208

<0:115.5.0-1.el9_3.alma
  • H
Use After Free

<0:115.5.0-1.el9_3.alma
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:115.5.0-1.el9_3.alma
  • H
Use After Free

<0:115.5.0-1.el9_3.alma
  • H
Out-of-bounds Read

<0:115.5.0-1.el9_3.alma
  • H
CVE-2023-5732

<0:115.4.1-1.el9_2.alma
  • H
Out-of-bounds Write

<0:115.4.1-1.el9_2.alma
  • H
CVE-2023-5728

<0:115.4.1-1.el9_2.alma
  • H
CVE-2023-5725

<0:115.4.1-1.el9_2.alma
  • H
CVE-2023-5724

<0:115.4.1-1.el9_2.alma
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:115.4.1-1.el9_2.alma
  • H
Improper Handling of Exceptional Conditions

<0:115.4.1-1.el9_2.alma
  • H
Out-of-bounds Write

<0:115.3.1-1.el9_2.alma
  • H
Out-of-bounds Write

<0:115.3.1-1.el9_2.alma
  • H
Use After Free

<0:115.3.1-1.el9_2.alma
  • H
Out-of-bounds Write

<0:115.3.1-1.el9_2.alma
  • H
Use After Free

<0:115.3.1-1.el9_2.alma
  • H
Out-of-bounds Write

<0:102.15.1-1.el9_2.alma
  • H
Out-of-bounds Write

<0:102.15.0-1.el9_2.alma
  • H
Out-of-bounds Write

<0:102.15.0-1.el9_2.alma
  • H
CVE-2023-4583

<0:102.15.0-1.el9_2.alma
  • H
CVE-2023-4581

<0:102.15.0-1.el9_2.alma
  • H
Missing Encryption of Sensitive Data

<0:102.15.0-1.el9_2.alma
  • H
Allocation of Resources Without Limits or Throttling

<0:102.15.0-1.el9_2.alma
  • H
CVE-2023-4577

<0:102.15.0-1.el9_2.alma
  • H
Use After Free

<0:102.15.0-1.el9_2.alma
  • H
Use After Free

<0:102.15.0-1.el9_2.alma
  • H
Use After Free

<0:102.15.0-1.el9_2.alma
  • H
Link Following

<0:102.15.0-1.el9_2.alma
  • H
CVE-2023-4051

<0:102.15.0-1.el9_2.alma
  • H
CVE-2023-3417

<0:102.14.0-1.el9_2.alma
  • H
Out-of-bounds Write

<0:102.14.0-1.el9_2.alma
  • H
Out-of-bounds Write

<0:102.14.0-1.el9_2.alma
  • H
CVE-2023-4055

<0:102.14.0-1.el9_2.alma
  • H
Out-of-bounds Write

<0:102.14.0-1.el9_2.alma
  • H
Race Condition

<0:102.14.0-1.el9_2.alma
  • H
Out-of-bounds Read

<0:102.14.0-1.el9_2.alma
  • H
CVE-2023-4047

<0:102.14.0-1.el9_2.alma
  • H
CVE-2023-4046

<0:102.14.0-1.el9_2.alma
  • H
Origin Validation Error

<0:102.14.0-1.el9_2.alma
  • H
Out-of-bounds Write

<0:102.13.0-2.el9_2.alma
  • H
CVE-2023-37208

<0:102.13.0-2.el9_2.alma
  • H
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

<0:102.13.0-2.el9_2.alma
  • H
Use After Free

<0:102.13.0-2.el9_2.alma
  • H
Use After Free

<0:102.13.0-2.el9_2.alma
  • H
Out-of-bounds Write

<0:102.12.0-1.el9_2.alma
  • H
Improper Certificate Validation

<0:102.12.0-1.el9_2.alma
  • H
Use After Free

<0:91.11.0-2.el9_0.alma
  • H
Integer Overflow or Wraparound

<0:91.11.0-2.el9_0.alma
  • H
CVE-2022-34479

<0:91.11.0-2.el9_0.alma
  • H
CVE-2022-34472

<0:91.11.0-2.el9_0.alma
  • H
Use After Free

<0:91.11.0-2.el9_0.alma
  • H
CVE-2022-34468

<0:91.11.0-2.el9_0.alma
  • H
Cross-site Scripting (XSS)

<0:91.11.0-2.el9_0.alma
  • H
Authentication Bypass

<0:91.11.0-2.el9_0.alma
  • H
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<0:91.11.0-2.el9_0.alma
  • H
Out-of-bounds Write

<0:102.5.0-2.el9_1.alma
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:102.5.0-2.el9_1.alma
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:102.5.0-2.el9_1.alma
  • H
Information Exposure

<0:102.5.0-2.el9_1.alma
  • H
Link Following

<0:102.5.0-2.el9_1.alma
  • H
Cross-site Scripting (XSS)

<0:102.5.0-2.el9_1.alma
  • H
CVE-2022-45410

<0:102.5.0-2.el9_1.alma
  • H
Use After Free

<0:102.5.0-2.el9_1.alma
  • H
CVE-2022-45408

<0:102.5.0-2.el9_1.alma
  • H
Use After Free

<0:102.5.0-2.el9_1.alma
  • H
Use After Free

<0:102.5.0-2.el9_1.alma
  • H
CVE-2022-45404

<0:102.5.0-2.el9_1.alma
  • H
Information Exposure

<0:102.5.0-2.el9_1.alma
  • H
Resource Exhaustion

<0:102.8.0-2.el9_1.alma
  • H
Out-of-bounds Write

<0:102.7.1-1.el9_1.alma
  • H
CVE-2023-23603

<0:102.7.1-1.el9_1.alma
  • H
Improper Check for Unusual or Exceptional Conditions

<0:102.7.1-1.el9_1.alma
  • H
Origin Validation Error

<0:102.7.1-1.el9_1.alma
  • H
Improper Encoding or Escaping of Output

<0:102.7.1-1.el9_1.alma
  • H
CVE-2023-23598

<0:102.7.1-1.el9_1.alma
  • H
CVE-2022-46877

<0:102.7.1-1.el9_1.alma
  • H
CVE-2022-46871

<0:102.7.1-1.el9_1.alma
  • H
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<0:102.3.0-3.el9_0.alma
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:102.3.0-3.el9_0.alma
  • H
Cross-site Scripting (XSS)

<0:102.3.0-3.el9_0.alma
  • H
Externally Controlled Reference to a Resource in Another Sphere

<0:102.3.0-3.el9_0.alma
  • H
CVE-2022-45414

<0:102.6.0-2.el9_1.alma
  • H
Improper Authentication

<0:102.4.0-1.el9_0.alma
  • H
Improper Authentication

<0:102.4.0-1.el9_0.alma
  • H
Improper Authentication

<0:102.4.0-1.el9_0.alma
  • H
CVE-2022-39236

<0:102.4.0-1.el9_0.alma
  • H
Use After Free

<0:102.6.0-2.el9_1.alma
  • H
Out-of-bounds Write

<0:102.6.0-2.el9_1.alma
  • H
Use After Free

<0:102.6.0-2.el9_1.alma
  • H
Out-of-bounds Write

<0:102.6.0-2.el9_1.alma
  • H
CVE-2022-46874

<0:102.6.0-2.el9_1.alma
  • H
CVE-2022-46872

<0:102.6.0-2.el9_1.alma
  • H
CVE-2023-29550

<0:102.10.0-2.el9_1.alma
  • H
CVE-2023-29548

<0:102.10.0-2.el9_1.alma
  • H
Improper Encoding or Escaping of Output

<0:102.10.0-2.el9_1.alma
  • H
NULL Pointer Dereference

<0:102.10.0-2.el9_1.alma
  • H
Use After Free

<0:102.10.0-2.el9_1.alma
  • H
CVE-2023-29535

<0:102.10.0-2.el9_1.alma
  • H
CVE-2023-29533

<0:102.10.0-2.el9_1.alma
  • H
Resource Exhaustion

<0:102.10.0-2.el9_1.alma
  • H
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<0:102.10.0-2.el9_1.alma
  • H
Out-of-bounds Write

<0:102.10.0-2.el9_1.alma
  • H
Improper Certificate Validation

<0:102.10.0-2.el9_1.alma
  • H
Out-of-bounds Write

<0:102.4.0-1.el9_0.alma
  • H
CVE-2022-42929

<0:102.4.0-1.el9_0.alma
  • H
NULL Pointer Dereference

<0:102.4.0-1.el9_0.alma
  • H
Origin Validation Error

<0:102.4.0-1.el9_0.alma
  • H
Out-of-bounds Write

<0:102.8.0-2.el9_1.alma
  • H
Out-of-bounds Write

<0:102.8.0-2.el9_1.alma
  • H
Authentication Bypass

<0:102.8.0-2.el9_1.alma
  • H
CVE-2023-25742

<0:102.8.0-2.el9_1.alma
  • H
Use After Free

<0:102.8.0-2.el9_1.alma
  • H
CVE-2023-25737

<0:102.8.0-2.el9_1.alma
  • H
Use After Free

<0:102.8.0-2.el9_1.alma
  • H
Out-of-bounds Write

<0:102.8.0-2.el9_1.alma
  • H
CVE-2023-25730

<0:102.8.0-2.el9_1.alma
  • H
CVE-2023-25729

<0:102.8.0-2.el9_1.alma
  • H
CVE-2023-25728

<0:102.8.0-2.el9_1.alma
  • H
Improper Certificate Validation

<0:102.7.1-2.el9_1.alma
  • H
Out-of-bounds Write

<0:102.9.0-1.el9_1.alma
  • H
CVE-2023-28164

<0:102.9.0-1.el9_1.alma
  • H
Incorrect Type Conversion or Cast

<0:102.9.0-1.el9_1.alma
  • H
CVE-2023-25752

<0:102.9.0-1.el9_1.alma
  • H
CVE-2023-25751

<0:102.9.0-1.el9_1.alma
  • H
Out-of-bounds Write

<0:102.3.0-3.el9_0.alma
  • H
Use After Free

<0:102.3.0-3.el9_0.alma
  • H
Insecure Storage of Sensitive Information

<0:102.3.0-3.el9_0.alma
  • H
Arbitrary Code Injection

<0:102.3.0-3.el9_0.alma
  • H
CVE-2022-40957

<0:102.3.0-3.el9_0.alma
  • H
Cross-site Scripting (XSS)

<0:102.3.0-3.el9_0.alma
  • H
CVE-2023-0767

<0:102.8.0-2.el9_1.alma
  • H
Out-of-bounds Write

<0:102.11.0-1.el9_2.alma
  • H
Use of Uninitialized Resource

<0:102.11.0-1.el9_2.alma
  • H
CVE-2023-32212

<0:102.11.0-1.el9_2.alma
  • H
CVE-2023-32211

<0:102.11.0-1.el9_2.alma
  • H
Authentication Bypass

<0:102.11.0-1.el9_2.alma
  • H
Out-of-bounds Read

<0:102.11.0-1.el9_2.alma
  • H
CVE-2023-32205

<0:102.11.0-1.el9_2.alma
  • H
Out-of-bounds Write

<0:91.13.0-1.el9_0.alma
  • H
Out-of-bounds Write

<0:91.13.0-1.el9_0.alma
  • H
Use After Free

<0:91.13.0-1.el9_0.alma
  • H
Improper Preservation of Permissions

<0:91.13.0-1.el9_0.alma
  • H
Origin Validation Error

<0:91.13.0-1.el9_0.alma