Homepage

thunderbird vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the thunderbird package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • L
CVE-2024-3864

<115.10.1-r0
  • M
Improper Restriction of Rendered UI Layers or Frames

<91.8.0-r0
  • H
Use After Free

<91.7.0-r0
  • H
CVE-2022-22756

<91.6.0-r0
  • H
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<91.9.1-r0
  • C
CVE-2022-26384

<91.7.0-r0
  • M
CVE-2022-29916

<91.9.0-r0
  • H
Improper Encoding or Escaping of Output

<91.5.0-r0
  • M
Improper Certificate Validation

<91.8.0-r0
  • H
Race Condition

<91.5.0-r0
  • H
CVE-2021-38510

<91.3.2-r0
  • M
Improper Restriction of Rendered UI Layers or Frames

<91.9.0-r0
  • M
CVE-2022-26383

<91.7.0-r0
  • M
CVE-2022-22739

<91.5.0-r0
  • M
CVE-2022-29913

<91.9.0-r0
  • H
Missing Initialization of Resource

<91.3.2-r0
  • H
Out-of-bounds Write

<91.8.0-r0
  • H
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<91.9.1-r0
  • C
Out-of-bounds Write

<91.9.0-r0
  • H
CVE-2022-22763

<91.6.0-r0
  • M
Out-of-bounds Read

<91.8.0-r0
  • M
Use After Free

<91.8.0-r0
  • M
Missing Release of Resource after Effective Lifetime

<91.3.2-r0
  • H
Out-of-bounds Write

<91.8.0-r0
  • C
CVE-2022-22759

<91.6.0-r0
  • C
XML Injection

<91.5.0-r0
  • M
CVE-2021-43541

<91.4.0-r0
  • M
Incorrect Calculation

<91.3.2-r0
  • H
Incorrect Default Permissions

<91.9.0-r0
  • H
Out-of-bounds Write

<91.6.0-r0
  • M
Information Exposure

<91.6.0-r0
  • M
CVE-2022-22745

<91.5.0-r0
  • H
Use After Free

<91.5.0-r0
  • M
CVE-2022-22748

<91.5.0-r0
  • H
CVE-2022-22761

<91.6.0-r0
  • H
Incorrect Type Conversion or Cast

<91.4.0-r0
  • M
Insufficient Verification of Data Authenticity

<91.3.2-r0
  • H
Out-of-bounds Write

<91.6.2-r0
  • H
Time-of-check Time-of-use (TOCTOU)

<91.6.0-r0
  • C
Use After Free

<91.6.2-r0
  • H
Use After Free

<91.3.2-r0
  • M
Improper Restriction of Rendered UI Layers or Frames

<91.4.0-r0
  • M
CVE-2021-4126

<91.4.1-r0
  • H
Use After Free

<91.3.2-r0
  • C
Out-of-bounds Read

<91.10.0-r0
  • M
Cross-site Scripting (XSS)

<91.4.0-r0
  • M
CVE-2021-38492

<91.3.2-r0
  • H
Use After Free

<91.3.2-r0
  • M
Improper Privilege Management

<91.3.2-r0
  • M
Incorrect Authorization

<91.6.0-r0
  • H
CVE-2021-38501

<91.3.2-r0
  • H
Operation on a Resource after Expiration or Release

<91.3.2-r0
  • M
Excessive Iteration

<91.4.0-r0
  • M
Improper Restriction of Rendered UI Layers or Frames

<91.3.2-r0
  • H
Improper Privilege Management

<91.3.2-r0
  • M
Improper Cross-boundary Removal of Sensitive Data

<78.5.1-r0
  • H
Interpretation Conflict

<91.3.2-r0
  • L
Race Condition

<91.3.2-r0
  • H
Use After Free

<78.5.1-r0
  • H
Arbitrary Argument Injection

<91.3.2-r0
  • M
Improper Restriction of Excessive Authentication Attempts

<91.3.2-r0
  • M
Improper Restriction of Rendered UI Layers or Frames

<91.3.2-r0
  • C
Race Condition

<91.3.2-r0
  • M
Use After Free

<68.9.0-r0
  • H
Use After Free

<78.5.1-r0
  • H
Use of Uninitialized Resource

<91.10.0-r0
  • H
Out-of-Bounds

<78.9.0-r0
  • M
Open Redirect

<91.9.0-r0
  • C
CVE-2020-15683

<78.5.1-r0
  • H
Out-of-bounds Write

<91.3.2-r0
  • M
Origin Validation Error

<91.3.2-r0
  • H
Use After Free

<91.3.2-r0
  • H
CVE-2021-23960

<78.7.0-r0
  • M
Improper Restriction of Rendered UI Layers or Frames

<91.3.2-r0
  • M
Race Condition

<91.5.0-r0
  • M
Information Exposure

<68.9.0-r0
  • C
Incorrect Authorization

<91.3.2-r0
  • H
Out-of-bounds Write

<68.7.0-r0
  • H
Out-of-Bounds

<78.7.0-r0
  • H
Use After Free

<68.7.0-r0
  • H
CVE-2021-23961

<91.3.2-r0
  • H
Out-of-bounds Write

<91.3.2-r0
  • M
Information Exposure

<91.4.0-r0
  • M
Authentication Bypass

<91.10.0-r0
  • M
Improper Certificate Validation

<91.10.0-r0
  • M
Information Exposure

<78.9.0-r0
  • M
Cross-site Scripting (XSS)

<78.5.1-r0
  • M
Use After Free

<91.8.0-r0
  • H
Out-of-Bounds

<78.9.0-r0
  • M
Origin Validation Error

<91.3.2-r0
  • H
Race Condition

<68.8.0-r0
  • H
Arbitrary Command Injection

<78.7.0-r0
  • H
Integer Overflow or Wraparound

<91.3.2-r0
  • M
CVE-2021-23969

<78.9.0-r0
  • M
Out-of-bounds Read

<91.5.0-r0
  • M
CVE-2020-16012

<78.5.1-r0
  • C
CVE-2022-31736

<91.10.0-r0
  • H
Out-of-bounds Write

<91.3.2-r0
  • H
CVE-2021-29981

<91.3.2-r0
  • H
CVE-2023-6208

<115.5.0-r0
  • H
Out-of-bounds Write

<78.6.1-r0
  • M
Exposure of Resource to Wrong Sphere

<91.3.2-r0
  • H
Access of Resource Using Incompatible Type ('Type Confusion')

<78.7.0-r0
  • H
HTTP Request Smuggling

<91.3.2-r0
  • H
CVE-2022-22741

<91.5.0-r0
  • M
Improper Restriction of Rendered UI Layers or Frames

<115.5.0-r0
  • H
Out-of-bounds Write

<91.5.0-r0
  • M
CVE-2022-31742

<91.10.0-r0
  • M
Cross-site Scripting (XSS)

<78.5.1-r0
  • H
Out-of-Bounds

<68.9.0-r0
  • H
Out-of-bounds Write

<91.3.2-r0
  • H
Out-of-Bounds

<68.7.0-r0
  • M
CVE-2021-23953

<78.7.0-r0
  • C
Out-of-Bounds

<91.4.1-r0
  • M
Cleartext Storage of Sensitive Information

<91.3.2-r0
  • M
CVE-2022-22743

<91.5.0-r0
  • H
CVE-2020-35112

<78.6.1-r0
  • H
CVE-2020-26973

<78.6.1-r0
  • H
Use After Free

<91.4.0-r0
  • M
Improper Certificate Validation

<91.5.0-r0
  • H
Out-of-bounds Write

<78.6.1-r0
  • H
Out-of-bounds Write

<78.5.1-r0
  • M
Out-of-bounds Read

<68.6.0-r0
  • M
Improper Privilege Management

<91.4.0-r0
  • H
Out-of-bounds Write

<91.5.0-r0
  • M
Improper Restriction of Rendered UI Layers or Frames

<78.5.1-r0
  • H
CVE-2021-29984

<91.3.2-r0
  • M
Information Exposure

<91.4.0-r0
  • M
Cross-site Scripting (XSS)

<68.5.0-r0
  • M
CVE-2021-38502

<91.3.2-r0
  • H
Arbitrary Code Injection

<68.8.0-r0
  • M
Cross-site Scripting (XSS)

<78.5.1-r0
  • C
Buffer Overflow

<68.8.0-r0
  • M
Inadequate Encryption Strength

<78.9.0-r0
  • C
Out-of-bounds Write

<91.4.0-r0
  • M
Out-of-bounds Write

<78.5.1-r0
  • H
Insufficient Verification of Data Authenticity

<68.9.0-r0
  • H
Out-of-bounds Write

<78.5.1-r0
  • H
Out-of-bounds Read

<68.6.0-r0
  • M
CVE-2020-26966

<78.5.1-r0
  • C
Out-of-Bounds

<68.8.0-r0
  • M
NULL Pointer Dereference

<68.5.0-r0
  • H
Use After Free

<68.10.0-r0
  • H
Cleartext Transmission of Sensitive Information

<68.9.0-r0
  • H
Use After Free

<68.6.0-r0
  • M
Information Exposure

<68.8.0-r0
  • H
Out-of-bounds Read

<91.3.2-r0
  • M
Out-of-bounds Read

<68.10.0-r0
  • H
CVE-2022-34468

<102.0-r0
  • M
Cleartext Storage of Sensitive Information

<68.5.0-r0
  • M
CVE-2023-5727

<115.4.1-r0
  • H
Out-of-Bounds

<68.10.0-r0
  • M
Improper Restriction of Rendered UI Layers or Frames

<115.4.1-r0
  • M
Use After Free

<115.5.0-r0
  • C
Out-of-Bounds

<68.6.0-r0
  • M
CVE-2020-26961

<78.5.1-r0
  • H
CVE-2023-5728

<115.4.1-r0
  • M
Improper Certificate Validation

<68.10.0-r0
  • H
Out-of-Bounds

<68.5.0-r0
  • M
Authentication Bypass

<102.0-r0
  • H
CVE-2022-31740

<91.10.0-r0
  • H
CVE-2021-23978

<78.9.0-r0
  • H
CVE-2021-38500

<91.3.2-r0
  • M
Race Condition

<91.4.0-r0
  • C
Out-of-bounds Write

<115.4.1-r0
  • H
Use After Free

<91.3.2-r0
  • M
CVE-2023-5726

<115.4.1-r0
  • H
Out-of-bounds Write

<78.6.1-r0
  • H
CVE-2023-5724

<115.4.1-r0
  • M
CVE-2022-34472

<102.1.0-r0
  • H
Integer Overflow or Wraparound

<102.1.0-r0
  • H
Use After Free

<78.6.1-r0
  • H
Use After Free

<78.5.1-r0
  • M
Information Exposure

<78.6.1-r0
  • H
Use After Free

<68.10.0-r0
  • M
CVE-2020-26976

<78.7.0-r0
  • H
Double Free

<68.7.0-r0
  • M
Use of Uninitialized Resource

<68.5.0-r0
  • C
Out-of-Bounds

<68.7.0-r0
  • M
Origin Validation Error

<68.8.0-r0
  • M
Directory Traversal

<115.5.0-r0
  • H
Out-of-bounds Write

<115.5.0-r0
  • M
Cross-site Scripting (XSS)

<102.1.0-r0
  • M
CVE-2023-5725

<115.4.1-r0
  • H
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<102.0-r0
  • M
Out-of-bounds Read

<115.5.0-r0
  • M
CVE-2022-34479

<102.0-r0
  • M
CVE-2022-34478

<102.1.0-r0
  • H
Use After Free

<102.0-r0
  • M
CVE-2022-29914

<91.9.0-r0
  • M
CVE-2022-26386

<91.7.0-r0
  • M
Use After Free

<91.8.0-r0
  • M
CVE-2022-1520

<91.9.0-r0
  • L
CVE-2022-26388

<91.7.0-r0
  • H
Use After Free

<91.6.2-r0
  • H
Inefficient Regular Expression Complexity

<91.8.0-r0
  • H
Out-of-Bounds

<91.3.2-r0
  • H
Out-of-Bounds

<91.3.2-r0
  • M
Files or Directories Accessible to External Parties

<91.3.2-r0
  • H
Use After Free

<91.3.2-r0
  • H
Out-of-Bounds

<91.3.2-r0
  • M
CVE-2021-29957

<91.3.2-r0
  • H
Race Condition

<91.3.2-r0
  • M
CVE-2020-35111

<78.6.1-r0
  • H
Missing Initialization of Resource

<91.3.2-r0
  • M
Authentication Bypass

<78.9.0-r0
  • H
Use After Free

<78.5.1-r0
  • M
CVE-2020-26978

<78.6.1-r0
  • M
Information Exposure

<78.9.0-r0
  • C
Out-of-bounds Write

<91.10.0-r0
  • M
Information Exposure

<68.6.0-r0
  • M
Improper Input Validation

<68.5.0-r0
  • H
CVE-2022-31739

<91.10.0-r0
  • M
CVE-2023-5732

<115.4.1-r0
  • H
Use After Free

<115.5.0-r0
  • H
Arbitrary Code Injection

<68.6.0-r0
  • H
Use After Free

<68.6.0-r0
  • M
Use of Uninitialized Resource

<68.5.0-r0
  • C
Use After Free

<102.1.0-r0