Homepage

thunderbird vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the thunderbird package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • L
CVE-2024-11695

<128.5.0-r0
  • L
CVE-2024-11694

<128.5.0-r0
  • L
CVE-2024-11697

<128.5.0-r0
  • L
CVE-2024-11693

<128.5.0-r0
  • L
CVE-2024-11696

<128.5.0-r0
  • L
CVE-2024-11692

<128.5.0-r0
  • L
CVE-2024-11699

<128.5.0-r0
  • L
CVE-2024-11691

<128.5.0-r0
  • H
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<91.9.1-r0
  • H
Out-of-bounds Write

<91.8.0-r0
  • H
Inefficient Regular Expression Complexity

<91.8.0-r0
  • H
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<91.9.1-r0
  • M
CVE-2022-29916

<91.9.0-r0
  • M
Improper Restriction of Rendered UI Layers or Frames

<91.8.0-r0
  • M
Improper Certificate Validation

<91.8.0-r0
  • H
CVE-2022-22763

<91.6.0-r0
  • M
CVE-2022-29913

<91.9.0-r0
  • H
Incorrect Default Permissions

<91.9.0-r0
  • H
Out-of-bounds Write

<91.6.0-r0
  • M
CVE-2022-26386

<91.7.0-r0
  • H
Use After Free

<91.6.2-r0
  • M
CVE-2022-26383

<91.7.0-r0
  • M
Improper Certificate Validation

<91.5.0-r0
  • H
Time-of-check Time-of-use (TOCTOU)

<91.6.0-r0
  • M
Out-of-bounds Read

<91.5.0-r0
  • H
Out-of-bounds Write

<91.5.0-r0
  • C
XML Injection

<91.5.0-r0
  • H
Out-of-bounds Write

<91.5.0-r0
  • M
Information Exposure

<91.6.0-r0
  • M
Information Exposure

<91.4.0-r0
  • L
CVE-2022-26388

<91.7.0-r0
  • M
Improper Restriction of Rendered UI Layers or Frames

<91.3.2-r0
  • H
CVE-2021-29981

<91.3.2-r0
  • H
Out-of-bounds Write

<91.3.2-r0
  • M
CVE-2021-43541

<91.4.0-r0
  • H
Race Condition

<91.3.2-r0
  • H
Missing Initialization of Resource

<91.3.2-r0
  • H
Race Condition

<91.5.0-r0
  • H
Integer Overflow or Wraparound

<91.3.2-r0
  • H
CVE-2021-38510

<91.3.2-r0
  • M
Excessive Iteration

<91.4.0-r0
  • M
Cleartext Storage of Sensitive Information

<91.3.2-r0
  • C
Out-of-bounds Write

<91.9.0-r0
  • H
Improper Encoding or Escaping of Output

<91.5.0-r0
  • M
Missing Release of Resource after Effective Lifetime

<91.3.2-r0
  • H
Use After Free

<91.3.2-r0
  • M
CVE-2022-22743

<91.5.0-r0
  • C
Out-of-Bounds

<91.4.1-r0
  • H
Out-of-Bounds

<91.3.2-r0
  • M
CVE-2022-29914

<91.9.0-r0
  • L
Race Condition

<91.3.2-r0
  • H
CVE-2021-38501

<91.3.2-r0
  • H
CVE-2021-23961

<91.3.2-r0
  • C
CVE-2022-26384

<91.7.0-r0
  • M
Origin Validation Error

<91.3.2-r0
  • M
Out-of-bounds Read

<91.8.0-r0
  • H
Out-of-bounds Write

<91.8.0-r0
  • C
Out-of-bounds Read

<91.10.0-r0
  • M
Information Exposure

<91.4.0-r0
  • H
Use After Free

<91.7.0-r0
  • H
Interpretation Conflict

<91.3.2-r0
  • M
Improper Certificate Validation

<91.10.0-r0
  • H
CVE-2021-23978

<78.9.0-r0
  • M
Incorrect Authorization

<91.6.0-r0
  • M
Authentication Bypass

<78.9.0-r0
  • C
CVE-2022-31736

<91.10.0-r0
  • H
CVE-2021-23960

<78.7.0-r0
  • M
CVE-2020-35111

<78.6.1-r0
  • H
Out-of-bounds Write

<78.6.1-r0
  • H
CVE-2020-35112

<78.6.1-r0
  • H
CVE-2022-22756

<91.6.0-r0
  • M
CVE-2021-23969

<78.9.0-r0
  • M
CVE-2020-26978

<78.6.1-r0
  • M
Origin Validation Error

<91.3.2-r0
  • H
CVE-2022-22761

<91.6.0-r0
  • H
Out-of-Bounds

<91.3.2-r0
  • M
Information Exposure

<78.9.0-r0
  • M
CVE-2021-29957

<91.3.2-r0
  • H
Access of Resource Using Incompatible Type ('Type Confusion')

<78.7.0-r0
  • M
CVE-2020-26966

<78.5.1-r0
  • M
Inadequate Encryption Strength

<78.9.0-r0
  • H
Use After Free

<91.3.2-r0
  • M
Exposure of Resource to Wrong Sphere

<91.3.2-r0
  • H
Use After Free

<78.5.1-r0
  • M
Origin Validation Error

<68.8.0-r0
  • M
Improper Restriction of Rendered UI Layers or Frames

<91.9.0-r0
  • H
Use After Free

<78.6.1-r0
  • M
Improper Privilege Management

<91.3.2-r0
  • H
CVE-2021-38500

<91.3.2-r0
  • H
Out-of-Bounds

<78.7.0-r0
  • C
CVE-2020-15683

<78.5.1-r0
  • H
CVE-2020-26973

<78.6.1-r0
  • M
CVE-2020-26976

<78.7.0-r0
  • M
Improper Cross-boundary Removal of Sensitive Data

<78.5.1-r0
  • H
Out-of-bounds Read

<68.6.0-r0
  • C
Buffer Overflow

<68.8.0-r0
  • H
Use After Free

<91.3.2-r0
  • C
Out-of-bounds Write

<91.4.0-r0
  • H
Out-of-bounds Write

<91.3.2-r0
  • M
Files or Directories Accessible to External Parties

<91.3.2-r0
  • H
Use After Free

<68.6.0-r0
  • H
Out-of-bounds Read

<91.3.2-r0
  • M
Cross-site Scripting (XSS)

<78.5.1-r0
  • H
Race Condition

<68.8.0-r0
  • M
Directory Traversal

<115.5.0-r0
  • M
CVE-2021-38492

<91.3.2-r0
  • H
Use After Free

<91.3.2-r0
  • C
Race Condition

<91.3.2-r0
  • H
Use After Free

<78.5.1-r0
  • M
Incorrect Calculation

<91.3.2-r0
  • M
Use After Free

<91.8.0-r0
  • H
Use After Free

<91.3.2-r0
  • M
CVE-2022-31742

<91.10.0-r0
  • H
Use After Free

<68.10.0-r0
  • H
CVE-2023-5724

<115.4.1-r0
  • H
Out-of-bounds Write

<78.5.1-r0
  • M
Information Exposure

<68.8.0-r0
  • M
CVE-2022-1520

<91.9.0-r0
  • M
CVE-2021-38502

<91.3.2-r0
  • M
Open Redirect

<91.9.0-r0
  • M
Out-of-bounds Read

<68.6.0-r0
  • M
Use After Free

<91.8.0-r0
  • C
Use After Free

<91.6.2-r0
  • M
Use After Free

<91.8.0-r0
  • H
Arbitrary Code Injection

<68.8.0-r0
  • M
Race Condition

<91.5.0-r0
  • C
Out-of-Bounds

<68.6.0-r0
  • M
CVE-2023-5727

<115.4.1-r0
  • H
Arbitrary Command Injection

<78.7.0-r0
  • M
Cleartext Storage of Sensitive Information

<68.5.0-r0
  • C
Out-of-Bounds

<68.7.0-r0
  • M
Out-of-bounds Write

<78.5.1-r0
  • M
Cross-site Scripting (XSS)

<78.5.1-r0
  • H
Out-of-bounds Write

<91.6.2-r0
  • H
Use After Free

<78.5.1-r0
  • M
Use of Uninitialized Resource

<68.5.0-r0
  • M
Use After Free

<115.5.0-r0
  • H
Use After Free

<91.5.0-r0
  • M
CVE-2020-16012

<78.5.1-r0
  • C
CVE-2022-22759

<91.6.0-r0
  • M
CVE-2022-22739

<91.5.0-r0
  • H
CVE-2022-22741

<91.5.0-r0
  • H
CVE-2023-6208

<115.5.0-r0
  • H
Out-of-Bounds

<68.10.0-r0
  • H
Cleartext Transmission of Sensitive Information

<68.9.0-r0
  • H
CVE-2022-34468

<102.0-r0
  • M
CVE-2021-4126

<91.4.1-r0
  • M
Information Exposure

<68.9.0-r0
  • M
Improper Restriction of Rendered UI Layers or Frames

<91.4.0-r0
  • M
Use After Free

<68.9.0-r0
  • C
Out-of-Bounds

<68.8.0-r0
  • M
Cross-site Scripting (XSS)

<91.4.0-r0
  • M
CVE-2021-23953

<78.7.0-r0
  • M
NULL Pointer Dereference

<68.5.0-r0
  • H
Use After Free

<115.5.0-r0
  • M
Race Condition

<91.4.0-r0
  • M
Improper Restriction of Rendered UI Layers or Frames

<115.5.0-r0
  • H
Out-of-Bounds

<91.3.2-r0
  • M
CVE-2022-22748

<91.5.0-r0
  • H
Out-of-Bounds

<68.9.0-r0
  • M
CVE-2022-22745

<91.5.0-r0
  • M
Improper Restriction of Excessive Authentication Attempts

<91.3.2-r0
  • H
Out-of-bounds Write

<91.3.2-r0
  • M
Improper Input Validation

<68.5.0-r0
  • H
Improper Privilege Management

<91.3.2-r0
  • M
Authentication Bypass

<102.0-r0
  • H
Use After Free

<91.4.0-r0
  • M
Out-of-bounds Read

<115.5.0-r0
  • M
Improper Restriction of Rendered UI Layers or Frames

<91.3.2-r0
  • M
Information Exposure

<68.6.0-r0
  • H
Incorrect Type Conversion or Cast

<91.4.0-r0
  • H
Out-of-bounds Write

<91.3.2-r0
  • L
CVE-2024-3864

<115.10.1-r0
  • H
CVE-2021-29984

<91.3.2-r0
  • M
Out-of-bounds Read

<68.10.0-r0
  • M
Improper Restriction of Rendered UI Layers or Frames

<91.3.2-r0
  • M
CVE-2022-34479

<102.0-r0
  • M
CVE-2023-5726

<115.4.1-r0
  • H
Use After Free

<91.3.2-r0
  • H
Integer Overflow or Wraparound

<102.0-r0
  • M
Cross-site Scripting (XSS)

<102.1.0-r0
  • H
Arbitrary Argument Injection

<91.3.2-r0
  • H
Use After Free

<68.10.0-r0
  • H
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<102.1.0-r0
  • M
Improper Privilege Management

<91.4.0-r0
  • M
Insufficient Verification of Data Authenticity

<91.3.2-r0
  • C
Incorrect Authorization

<91.3.2-r0
  • H
HTTP Request Smuggling

<91.3.2-r0
  • C
Out-of-bounds Write

<91.10.0-r0
  • H
Out-of-Bounds

<78.9.0-r0
  • H
Use of Uninitialized Resource

<91.10.0-r0
  • H
CVE-2022-31740

<91.10.0-r0
  • M
Authentication Bypass

<91.10.0-r0
  • H
Out-of-bounds Write

<78.6.1-r0
  • H
Out-of-bounds Write

<78.5.1-r0
  • H
Missing Initialization of Resource

<91.3.2-r0
  • H
Out-of-bounds Write

<78.6.1-r0
  • H
Operation on a Resource after Expiration or Release

<91.3.2-r0
  • M
Information Exposure

<78.9.0-r0
  • M
CVE-2020-26961

<78.5.1-r0
  • H
Use After Free

<78.5.1-r0
  • H
Out-of-Bounds

<78.9.0-r0
  • H
CVE-2022-31739

<91.10.0-r0
  • M
Improper Restriction of Rendered UI Layers or Frames

<78.5.1-r0
  • M
Information Exposure

<78.6.1-r0
  • H
Insufficient Verification of Data Authenticity

<68.9.0-r0
  • H
Double Free

<68.7.0-r0
  • H
Out-of-bounds Write

<68.7.0-r0
  • H
Out-of-Bounds

<68.7.0-r0
  • H
Use After Free

<68.7.0-r0
  • H
Use After Free

<68.6.0-r0
  • H
Out-of-Bounds

<68.5.0-r0
  • M
Use of Uninitialized Resource

<68.5.0-r0
  • H
Arbitrary Code Injection

<68.6.0-r0
  • M
Cross-site Scripting (XSS)

<78.5.1-r0
  • H
Out-of-bounds Write

<115.5.0-r0
  • C
Out-of-bounds Write

<115.4.1-r0
  • M
Improper Restriction of Rendered UI Layers or Frames

<115.4.1-r0
  • M
Improper Certificate Validation

<68.10.0-r0
  • H
CVE-2023-5728

<115.4.1-r0
  • M
Cross-site Scripting (XSS)

<68.5.0-r0
  • M
CVE-2023-5732

<115.4.1-r0
  • M
CVE-2023-5725

<115.4.1-r0
  • H
Use After Free

<102.0-r0
  • M
CVE-2022-34472

<102.0-r0
  • M
CVE-2022-34478

<102.0-r0
  • C
Use After Free

<102.0-r0