Homepage

thunderbird vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the thunderbird package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • H
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<91.9.1-r0
  • H
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<91.9.1-r0
  • M
Improper Certificate Validation

<91.8.0-r0
  • M
Out-of-bounds Read

<91.8.0-r0
  • M
Improper Restriction of Rendered UI Layers or Frames

<91.9.0-r0
  • M
Use After Free

<91.8.0-r0
  • H
Out-of-bounds Write

<91.8.0-r0
  • C
CVE-2022-26384

<91.7.0-r0
  • H
Use After Free

<91.6.2-r0
  • L
CVE-2022-26388

<91.7.0-r0
  • M
CVE-2022-22748

<91.5.0-r0
  • M
Use After Free

<91.8.0-r0
  • H
CVE-2022-22763

<91.6.0-r0
  • M
CVE-2022-22739

<91.5.0-r0
  • M
Improper Certificate Validation

<91.5.0-r0
  • C
CVE-2022-22759

<91.6.0-r0
  • H
Incorrect Type Conversion or Cast

<91.4.0-r0
  • M
CVE-2022-22745

<91.5.0-r0
  • M
Improper Privilege Management

<91.4.0-r0
  • M
Race Condition

<91.4.0-r0
  • M
CVE-2022-22743

<91.5.0-r0
  • H
Out-of-bounds Write

<91.5.0-r0
  • H
Out-of-Bounds

<91.3.2-r0
  • H
Interpretation Conflict

<91.3.2-r0
  • M
Improper Restriction of Rendered UI Layers or Frames

<91.8.0-r0
  • H
Out-of-Bounds

<91.3.2-r0
  • M
Use After Free

<91.8.0-r0
  • M
CVE-2022-26386

<91.7.0-r0
  • M
Files or Directories Accessible to External Parties

<91.3.2-r0
  • H
CVE-2022-22761

<91.6.0-r0
  • L
Race Condition

<91.3.2-r0
  • M
Missing Release of Resource after Effective Lifetime

<91.3.2-r0
  • H
CVE-2021-29984

<91.3.2-r0
  • M
Improper Restriction of Rendered UI Layers or Frames

<91.4.0-r0
  • M
CVE-2021-29957

<91.3.2-r0
  • H
Race Condition

<91.3.2-r0
  • H
Use After Free

<91.5.0-r0
  • H
Improper Encoding or Escaping of Output

<91.5.0-r0
  • H
CVE-2022-22756

<91.6.0-r0
  • H
Inefficient Regular Expression Complexity

<91.8.0-r0
  • H
CVE-2021-38501

<91.3.2-r0
  • H
Out-of-bounds Write

<91.5.0-r0
  • C
Out-of-bounds Write

<91.9.0-r0
  • M
Cleartext Storage of Sensitive Information

<91.3.2-r0
  • M
Out-of-bounds Read

<91.5.0-r0
  • H
Incorrect Default Permissions

<91.9.0-r0
  • C
Out-of-bounds Write

<91.4.0-r0
  • C
Use After Free

<91.6.2-r0
  • H
Out-of-bounds Write

<91.3.2-r0
  • M
Improper Restriction of Rendered UI Layers or Frames

<91.3.2-r0
  • H
Out-of-bounds Write

<91.6.0-r0
  • H
Out-of-bounds Write

<91.8.0-r0
  • C
Out-of-bounds Write

<91.10.0-r0
  • H
Out-of-bounds Write

<91.6.2-r0
  • M
Incorrect Authorization

<91.6.0-r0
  • H
Out-of-Bounds

<91.3.2-r0
  • M
CVE-2022-29914

<91.9.0-r0
  • H
Improper Privilege Management

<91.3.2-r0
  • M
Information Exposure

<78.9.0-r0
  • H
CVE-2021-29981

<91.3.2-r0
  • M
Improper Privilege Management

<91.3.2-r0
  • M
Insufficient Verification of Data Authenticity

<91.3.2-r0
  • C
Out-of-bounds Read

<91.10.0-r0
  • H
CVE-2022-31740

<91.10.0-r0
  • M
Exposure of Resource to Wrong Sphere

<91.3.2-r0
  • H
Out-of-Bounds

<78.9.0-r0
  • H
Out-of-bounds Write

<78.6.1-r0
  • M
Improper Restriction of Excessive Authentication Attempts

<91.3.2-r0
  • M
CVE-2020-16012

<78.5.1-r0
  • H
CVE-2021-23961

<91.3.2-r0
  • M
CVE-2020-26976

<78.7.0-r0
  • H
Use After Free

<91.3.2-r0
  • H
Out-of-bounds Write

<78.6.1-r0
  • H
Out-of-bounds Read

<91.3.2-r0
  • M
Inadequate Encryption Strength

<78.9.0-r0
  • H
CVE-2021-38500

<91.3.2-r0
  • M
CVE-2020-26961

<78.5.1-r0
  • M
Improper Cross-boundary Removal of Sensitive Data

<78.5.1-r0
  • M
CVE-2020-35111

<78.6.1-r0
  • M
CVE-2020-26966

<78.5.1-r0
  • H
CVE-2022-31739

<91.10.0-r0
  • H
Out-of-Bounds

<78.9.0-r0
  • H
CVE-2020-35112

<78.6.1-r0
  • M
Information Exposure

<68.9.0-r0
  • H
Cleartext Transmission of Sensitive Information

<68.9.0-r0
  • M
Information Exposure

<78.9.0-r0
  • H
CVE-2021-23960

<78.7.0-r0
  • C
CVE-2022-31736

<91.10.0-r0
  • H
Use After Free

<78.6.1-r0
  • M
Origin Validation Error

<68.8.0-r0
  • H
Out-of-bounds Write

<78.6.1-r0
  • H
Race Condition

<91.5.0-r0
  • H
Integer Overflow or Wraparound

<91.3.2-r0
  • M
Use of Uninitialized Resource

<68.5.0-r0
  • M
Improper Input Validation

<68.5.0-r0
  • M
Out-of-bounds Write

<78.5.1-r0
  • H
Use After Free

<78.5.1-r0
  • M
NULL Pointer Dereference

<68.5.0-r0
  • H
Out-of-Bounds

<68.5.0-r0
  • C
Out-of-Bounds

<68.8.0-r0
  • M
Use of Uninitialized Resource

<68.5.0-r0
  • H
Out-of-Bounds

<78.7.0-r0
  • M
Improper Certificate Validation

<91.10.0-r0
  • H
CVE-2020-26973

<78.6.1-r0
  • H
Race Condition

<68.8.0-r0
  • H
CVE-2022-34468

<102.1.0-r0
  • H
Use After Free

<78.5.1-r0
  • H
Out-of-Bounds

<68.7.0-r0
  • H
Arbitrary Command Injection

<78.7.0-r0
  • M
Cross-site Scripting (XSS)

<78.5.1-r0
  • H
Access of Resource Using Incompatible Type ('Type Confusion')

<78.7.0-r0
  • H
Use After Free

<68.10.0-r0
  • H
Out-of-bounds Read

<68.6.0-r0
  • L
CVE-2024-11696

<128.5.0-r0
  • M
Out-of-bounds Read

<68.6.0-r0
  • C
CVE-2020-15683

<78.5.1-r0
  • L
CVE-2024-11699

<128.5.0-r0
  • C
Use After Free

<102.1.0-r0
  • H
Out-of-bounds Write

<78.5.1-r0
  • M
CVE-2022-29913

<91.9.0-r0
  • M
CVE-2022-26383

<91.7.0-r0
  • M
Cross-site Scripting (XSS)

<78.5.1-r0
  • H
Arbitrary Code Injection

<68.8.0-r0
  • H
Out-of-bounds Write

<68.7.0-r0
  • M
Out-of-bounds Read

<115.5.0-r0
  • H
Use After Free

<78.5.1-r0
  • H
Arbitrary Code Injection

<68.6.0-r0
  • H
CVE-2023-5724

<115.4.1-r0
  • M
Information Exposure

<68.8.0-r0
  • H
Use After Free

<68.10.0-r0
  • M
Open Redirect

<91.9.0-r0
  • H
Double Free

<68.7.0-r0
  • M
CVE-2022-1520

<91.9.0-r0
  • M
Cross-site Scripting (XSS)

<68.5.0-r0
  • M
CVE-2022-29916

<91.9.0-r0
  • M
Out-of-bounds Read

<68.10.0-r0
  • M
Information Exposure

<91.6.0-r0
  • H
Out-of-Bounds

<68.10.0-r0
  • L
CVE-2024-11692

<128.5.0-r0
  • M
Improper Certificate Validation

<68.10.0-r0
  • L
CVE-2024-3864

<115.10.1-r0
  • L
CVE-2024-11695

<128.5.0-r0
  • M
CVE-2023-5727

<115.4.1-r0
  • H
CVE-2022-22741

<91.5.0-r0
  • M
CVE-2023-5725

<115.4.1-r0
  • H
Use After Free

<91.7.0-r0
  • H
CVE-2023-5728

<115.4.1-r0
  • C
XML Injection

<91.5.0-r0
  • L
CVE-2024-11691

<128.5.0-r0
  • M
CVE-2023-5726

<115.4.1-r0
  • H
Integer Overflow or Wraparound

<102.0-r0
  • M
CVE-2021-43541

<91.4.0-r0
  • H
Out-of-bounds Write

<91.3.2-r0
  • M
Information Exposure

<91.4.0-r0
  • M
Excessive Iteration

<91.4.0-r0
  • M
Directory Traversal

<115.5.0-r0
  • M
Information Exposure

<91.4.0-r0
  • H
Arbitrary Argument Injection

<91.3.2-r0
  • M
Incorrect Calculation

<91.3.2-r0
  • M
Origin Validation Error

<91.3.2-r0
  • H
Missing Initialization of Resource

<91.3.2-r0
  • H
Use After Free

<91.4.0-r0
  • H
Time-of-check Time-of-use (TOCTOU)

<91.6.0-r0
  • H
Use After Free

<91.3.2-r0
  • H
Use After Free

<102.1.0-r0
  • M
CVE-2021-4126

<91.4.1-r0
  • M
Origin Validation Error

<91.3.2-r0
  • M
Race Condition

<91.5.0-r0
  • C
Out-of-Bounds

<91.4.1-r0
  • H
Use After Free

<91.3.2-r0
  • H
Missing Initialization of Resource

<91.3.2-r0
  • M
Improper Restriction of Rendered UI Layers or Frames

<91.3.2-r0
  • C
Incorrect Authorization

<91.3.2-r0
  • M
Cross-site Scripting (XSS)

<91.4.0-r0
  • M
CVE-2021-38502

<91.3.2-r0
  • H
CVE-2021-38510

<91.3.2-r0
  • H
Use After Free

<91.3.2-r0
  • M
CVE-2021-38492

<91.3.2-r0
  • H
HTTP Request Smuggling

<91.3.2-r0
  • H
Use After Free

<91.3.2-r0
  • M
Improper Restriction of Rendered UI Layers or Frames

<91.3.2-r0
  • H
Out-of-bounds Write

<91.3.2-r0
  • H
Out-of-bounds Write

<91.3.2-r0
  • C
Race Condition

<91.3.2-r0
  • M
CVE-2021-23969

<78.9.0-r0
  • M
CVE-2020-26978

<78.6.1-r0
  • H
Operation on a Resource after Expiration or Release

<91.3.2-r0
  • M
Authentication Bypass

<78.9.0-r0
  • M
Authentication Bypass

<91.10.0-r0
  • H
CVE-2021-23978

<78.9.0-r0
  • M
Information Exposure

<78.6.1-r0
  • M
CVE-2022-31742

<91.10.0-r0
  • H
Use of Uninitialized Resource

<91.10.0-r0
  • M
Use After Free

<68.9.0-r0
  • M
CVE-2021-23953

<78.7.0-r0
  • M
Improper Restriction of Rendered UI Layers or Frames

<78.5.1-r0
  • H
Out-of-bounds Write

<78.5.1-r0
  • H
Out-of-Bounds

<68.9.0-r0
  • M
Cross-site Scripting (XSS)

<78.5.1-r0
  • H
Use After Free

<68.6.0-r0
  • H
Insufficient Verification of Data Authenticity

<68.9.0-r0
  • C
Buffer Overflow

<68.8.0-r0
  • H
Use After Free

<68.7.0-r0
  • H
Use After Free

<78.5.1-r0
  • M
Information Exposure

<68.6.0-r0
  • C
Out-of-Bounds

<68.7.0-r0
  • L
CVE-2024-11697

<128.5.0-r0
  • C
Out-of-Bounds

<68.6.0-r0
  • L
CVE-2024-11693

<128.5.0-r0
  • M
Use After Free

<115.5.0-r0
  • M
Improper Restriction of Rendered UI Layers or Frames

<115.5.0-r0
  • M
Cleartext Storage of Sensitive Information

<68.5.0-r0
  • H
CVE-2023-6208

<115.5.0-r0
  • H
Use After Free

<68.6.0-r0
  • H
Out-of-bounds Write

<115.5.0-r0
  • H
Use After Free

<91.3.2-r0
  • M
CVE-2023-5732

<115.4.1-r0
  • H
Use After Free

<115.5.0-r0
  • M
CVE-2022-34478

<102.0-r0
  • L
CVE-2024-11694

<128.5.0-r0
  • M
Authentication Bypass

<102.1.0-r0
  • C
Out-of-bounds Write

<115.4.1-r0
  • M
Cross-site Scripting (XSS)

<102.1.0-r0
  • M
CVE-2022-34472

<102.1.0-r0
  • M
CVE-2022-34479

<102.1.0-r0
  • M
Improper Restriction of Rendered UI Layers or Frames

<115.4.1-r0
  • H
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<102.1.0-r0