Homepage

thunderbird vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the thunderbird package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • C
Use After Free

<91.6.2-r0
  • H
Out-of-bounds Write

<91.6.2-r0
  • H
CVE-2022-22741

<91.5.0-r0
  • M
Race Condition

<91.5.0-r0
  • M
Improper Restriction of Rendered UI Layers or Frames

<91.3.2-r0
  • M
Race Condition

<91.4.0-r0
  • M
Insufficient Verification of Data Authenticity

<91.3.2-r0
  • H
Out-of-Bounds

<91.3.2-r0
  • M
Improper Restriction of Excessive Authentication Attempts

<91.3.2-r0
  • H
HTTP Request Smuggling

<91.3.2-r0
  • M
Improper Privilege Management

<91.3.2-r0
  • M
Improper Restriction of Rendered UI Layers or Frames

<91.9.0-r0
  • H
Use After Free

<91.3.2-r0
  • M
Incorrect Calculation

<91.3.2-r0
  • H
Out-of-bounds Write

<91.3.2-r0
  • H
Interpretation Conflict

<91.3.2-r0
  • H
Use After Free

<91.3.2-r0
  • C
CVE-2022-31736

<91.10.0-r0
  • M
Information Exposure

<91.4.0-r0
  • H
CVE-2021-38500

<91.3.2-r0
  • M
Authentication Bypass

<78.9.0-r0
  • M
Inadequate Encryption Strength

<78.9.0-r0
  • M
CVE-2021-23969

<78.9.0-r0
  • H
Use After Free

<78.6.1-r0
  • M
Improper Restriction of Rendered UI Layers or Frames

<78.5.1-r0
  • M
Use After Free

<68.9.0-r0
  • H
Out-of-bounds Write

<78.6.1-r0
  • H
Out-of-bounds Write

<78.5.1-r0
  • H
CVE-2021-23978

<78.9.0-r0
  • M
Origin Validation Error

<68.8.0-r0
  • H
Cleartext Transmission of Sensitive Information

<68.9.0-r0
  • C
Buffer Overflow

<68.8.0-r0
  • H
Out-of-Bounds

<68.10.0-r0
  • H
CVE-2023-5724

<115.4.1-r0
  • M
CVE-2023-5726

<115.4.1-r0
  • M
Improper Certificate Validation

<68.10.0-r0
  • M
CVE-2023-5732

<115.4.1-r0
  • C
Out-of-bounds Write

<115.4.1-r0
  • M
Improper Restriction of Rendered UI Layers or Frames

<91.8.0-r0
  • M
CVE-2022-29916

<91.9.0-r0
  • H
Inefficient Regular Expression Complexity

<91.8.0-r0
  • M
CVE-2022-1520

<91.9.0-r0
  • H
Out-of-bounds Write

<91.8.0-r0
  • M
Use After Free

<91.8.0-r0
  • M
Use After Free

<91.8.0-r0
  • M
CVE-2022-29914

<91.9.0-r0
  • H
Out-of-bounds Write

<91.5.0-r0
  • C
Out-of-bounds Write

<91.9.0-r0
  • H
Out-of-bounds Write

<91.6.0-r0
  • H
CVE-2022-22763

<91.6.0-r0
  • H
Use After Free

<91.7.0-r0
  • H
Out-of-bounds Write

<91.5.0-r0
  • H
CVE-2021-29984

<91.3.2-r0
  • H
Use After Free

<91.5.0-r0
  • M
Open Redirect

<91.9.0-r0
  • H
Out-of-bounds Write

<91.8.0-r0
  • H
Out-of-bounds Read

<91.3.2-r0
  • M
Incorrect Authorization

<91.6.0-r0
  • H
Out-of-bounds Write

<91.3.2-r0
  • H
Improper Privilege Management

<91.3.2-r0
  • M
Excessive Iteration

<91.4.0-r0
  • M
CVE-2021-4126

<91.4.1-r0
  • H
Incorrect Type Conversion or Cast

<91.4.0-r0
  • C
XML Injection

<91.5.0-r0
  • H
Use After Free

<91.6.2-r0
  • M
Out-of-bounds Read

<91.5.0-r0
  • H
Out-of-Bounds

<91.3.2-r0
  • H
Incorrect Default Permissions

<91.9.0-r0
  • C
Out-of-bounds Write

<91.4.0-r0
  • H
Race Condition

<91.3.2-r0
  • H
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<91.9.1-r0
  • M
Improper Restriction of Rendered UI Layers or Frames

<91.3.2-r0
  • H
Use of Uninitialized Resource

<91.10.0-r0
  • H
Race Condition

<91.5.0-r0
  • H
Arbitrary Argument Injection

<91.3.2-r0
  • M
CVE-2022-31742

<91.10.0-r0
  • H
Out-of-Bounds

<78.9.0-r0
  • H
Out-of-bounds Write

<91.3.2-r0
  • M
Information Exposure

<78.9.0-r0
  • M
Files or Directories Accessible to External Parties

<91.3.2-r0
  • M
Exposure of Resource to Wrong Sphere

<91.3.2-r0
  • C
Out-of-Bounds

<91.4.1-r0
  • H
Access of Resource Using Incompatible Type ('Type Confusion')

<78.7.0-r0
  • M
Out-of-bounds Read

<91.8.0-r0
  • H
CVE-2021-23960

<78.7.0-r0
  • H
CVE-2020-26973

<78.6.1-r0
  • M
Cross-site Scripting (XSS)

<78.5.1-r0
  • M
Improper Restriction of Rendered UI Layers or Frames

<91.3.2-r0
  • M
Authentication Bypass

<91.10.0-r0
  • M
CVE-2021-38502

<91.3.2-r0
  • M
Origin Validation Error

<91.3.2-r0
  • M
CVE-2021-29957

<91.3.2-r0
  • H
Out-of-Bounds

<68.9.0-r0
  • C
Out-of-Bounds

<68.7.0-r0
  • H
Use After Free

<91.3.2-r0
  • M
CVE-2022-26386

<91.7.0-r0
  • H
Use After Free

<78.5.1-r0
  • M
Information Exposure

<68.9.0-r0
  • H
Use After Free

<78.5.1-r0
  • H
CVE-2022-22756

<91.6.0-r0
  • L
CVE-2022-26388

<91.7.0-r0
  • M
CVE-2020-26978

<78.6.1-r0
  • H
Out-of-bounds Write

<78.6.1-r0
  • H
Integer Overflow or Wraparound

<91.3.2-r0
  • H
Use After Free

<91.3.2-r0
  • M
CVE-2022-22743

<91.5.0-r0
  • M
Cross-site Scripting (XSS)

<68.5.0-r0
  • H
CVE-2022-22761

<91.6.0-r0
  • M
Cleartext Storage of Sensitive Information

<68.5.0-r0
  • H
Use After Free

<78.5.1-r0
  • L
CVE-2024-11697

<128.5.0-r0
  • L
CVE-2024-11699

<128.5.0-r0
  • H
Time-of-check Time-of-use (TOCTOU)

<91.6.0-r0
  • M
CVE-2022-22739

<91.5.0-r0
  • M
CVE-2021-43541

<91.4.0-r0
  • L
CVE-2024-11696

<128.5.0-r0
  • C
Out-of-Bounds

<68.6.0-r0
  • H
Out-of-bounds Write

<91.3.2-r0
  • M
CVE-2020-35111

<78.6.1-r0
  • M
Cross-site Scripting (XSS)

<91.4.0-r0
  • H
Out-of-bounds Write

<78.5.1-r0
  • M
Missing Release of Resource after Effective Lifetime

<91.3.2-r0
  • L
CVE-2024-11695

<128.5.0-r0
  • H
Arbitrary Code Injection

<68.6.0-r0
  • M
Out-of-bounds Read

<115.5.0-r0
  • H
CVE-2023-5728

<115.4.1-r0
  • H
CVE-2021-38510

<91.3.2-r0
  • M
Directory Traversal

<115.5.0-r0
  • M
Improper Restriction of Rendered UI Layers or Frames

<115.4.1-r0
  • M
Information Exposure

<78.6.1-r0
  • M
Cross-site Scripting (XSS)

<102.1.0-r0
  • M
Cross-site Scripting (XSS)

<78.5.1-r0
  • H
CVE-2021-29981

<91.3.2-r0
  • C
Out-of-bounds Write

<78.5.1-r0
  • H
Missing Initialization of Resource

<91.3.2-r0
  • H
Use After Free

<68.7.0-r0
  • M
CVE-2020-16012

<78.5.1-r0
  • C
Race Condition

<91.3.2-r0
  • H
Out-of-Bounds

<68.7.0-r0
  • M
Authentication Bypass

<102.1.0-r0
  • H
Operation on a Resource after Expiration or Release

<91.3.2-r0
  • M
Origin Validation Error

<91.3.2-r0
  • H
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<102.1.0-r0
  • H
Out-of-bounds Write

<68.7.0-r0
  • M
Information Exposure

<68.6.0-r0
  • M
Use of Uninitialized Resource

<68.5.0-r0
  • H
Out-of-bounds Write

<78.6.1-r0
  • M
Out-of-bounds Read

<68.6.0-r0
  • H
Out-of-Bounds

<78.9.0-r0
  • M
Improper Certificate Validation

<91.10.0-r0
  • M
Improper Input Validation

<68.5.0-r0
  • H
Use After Free

<78.5.1-r0
  • H
Out-of-bounds Read

<68.6.0-r0
  • M
Information Exposure

<78.9.0-r0
  • H
Out-of-bounds Write

<115.5.0-r0
  • M
CVE-2020-26961

<78.5.1-r0
  • M
Improper Cross-boundary Removal of Sensitive Data

<78.5.1-r0
  • H
Double Free

<68.7.0-r0
  • H
Insufficient Verification of Data Authenticity

<68.9.0-r0
  • M
Use After Free

<115.5.0-r0
  • L
CVE-2024-11693

<128.5.0-r0
  • M
Cross-site Scripting (XSS)

<78.5.1-r0
  • H
Use After Free

<91.3.2-r0
  • L
CVE-2024-3864

<115.10.1-r0
  • M
NULL Pointer Dereference

<68.5.0-r0
  • H
Use After Free

<68.6.0-r0
  • H
Use After Free

<68.10.0-r0
  • H
Missing Initialization of Resource

<91.3.2-r0
  • M
Use of Uninitialized Resource

<68.5.0-r0
  • C
Use After Free

<102.1.0-r0
  • H
CVE-2023-6208

<115.5.0-r0
  • H
Use After Free

<115.5.0-r0
  • H
CVE-2020-35112

<78.6.1-r0
  • H
Out-of-Bounds

<68.5.0-r0
  • M
CVE-2023-5727

<115.4.1-r0
  • M
CVE-2022-34472

<102.0-r0
  • M
CVE-2023-5725

<115.4.1-r0
  • M
CVE-2022-34479

<102.1.0-r0
  • H
Integer Overflow or Wraparound

<102.0-r0
  • M
CVE-2022-29913

<91.9.0-r0
  • C
CVE-2022-26384

<91.7.0-r0
  • M
Improper Certificate Validation

<91.8.0-r0
  • M
Information Exposure

<91.6.0-r0
  • C
CVE-2022-22759

<91.6.0-r0
  • M
CVE-2022-22748

<91.5.0-r0
  • M
CVE-2022-26383

<91.7.0-r0
  • H
Improper Encoding or Escaping of Output

<91.5.0-r0
  • M
Improper Privilege Management

<91.4.0-r0
  • M
Improper Certificate Validation

<91.5.0-r0
  • H
Use After Free

<91.4.0-r0
  • M
CVE-2022-22745

<91.5.0-r0
  • H
Out-of-Bounds

<91.3.2-r0
  • H
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<91.9.1-r0
  • M
Improper Restriction of Rendered UI Layers or Frames

<91.4.0-r0
  • H
CVE-2021-38501

<91.3.2-r0
  • M
CVE-2021-38492

<91.3.2-r0
  • M
Information Exposure

<91.4.0-r0
  • L
Race Condition

<91.3.2-r0
  • M
Use After Free

<91.8.0-r0
  • C
Out-of-bounds Write

<91.10.0-r0
  • H
CVE-2022-31739

<91.10.0-r0
  • H
CVE-2022-31740

<91.10.0-r0
  • C
Out-of-bounds Read

<91.10.0-r0
  • C
Incorrect Authorization

<91.3.2-r0
  • M
CVE-2020-26976

<78.7.0-r0
  • H
Arbitrary Command Injection

<78.7.0-r0
  • H
Out-of-Bounds

<78.7.0-r0
  • M
Cleartext Storage of Sensitive Information

<91.3.2-r0
  • M
CVE-2020-26966

<78.5.1-r0
  • H
Use After Free

<91.3.2-r0
  • H
Race Condition

<68.8.0-r0
  • M
CVE-2021-23953

<78.7.0-r0
  • C
CVE-2020-15683

<78.5.1-r0
  • H
Arbitrary Code Injection

<68.8.0-r0
  • M
Information Exposure

<68.8.0-r0
  • H
CVE-2021-23961

<91.3.2-r0
  • H
Use After Free

<68.6.0-r0
  • H
Use After Free

<68.10.0-r0
  • M
Out-of-bounds Read

<68.10.0-r0
  • L
CVE-2024-11694

<128.5.0-r0
  • L
CVE-2024-11691

<128.5.0-r0
  • L
CVE-2024-11692

<128.5.0-r0
  • M
Improper Restriction of Rendered UI Layers or Frames

<115.5.0-r0
  • C
Out-of-Bounds

<68.8.0-r0
  • H
Use After Free

<102.1.0-r0
  • M
CVE-2022-34478

<102.0-r0
  • H
CVE-2022-34468

<102.1.0-r0