Homepage

thunderbird vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the thunderbird package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • H
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<91.9.1-r0
  • M
CVE-2022-29913

<91.9.0-r0
  • C
Use After Free

<91.6.2-r0
  • H
Out-of-bounds Write

<91.6.2-r0
  • H
Out-of-bounds Write

<91.8.0-r0
  • M
Cross-site Scripting (XSS)

<91.4.0-r0
  • M
CVE-2021-4126

<91.4.1-r0
  • H
Out-of-bounds Write

<91.3.2-r0
  • M
Origin Validation Error

<91.3.2-r0
  • M
Out-of-bounds Read

<91.8.0-r0
  • M
Cleartext Storage of Sensitive Information

<91.3.2-r0
  • M
Files or Directories Accessible to External Parties

<91.3.2-r0
  • M
Missing Release of Resource after Effective Lifetime

<91.3.2-r0
  • H
Out-of-Bounds

<91.3.2-r0
  • M
Authentication Bypass

<78.9.0-r0
  • H
CVE-2021-23978

<78.9.0-r0
  • M
CVE-2020-35111

<78.6.1-r0
  • H
CVE-2020-35112

<78.6.1-r0
  • H
Cleartext Transmission of Sensitive Information

<68.9.0-r0
  • M
Information Exposure

<68.9.0-r0
  • C
Race Condition

<91.3.2-r0
  • H
Out-of-bounds Write

<68.7.0-r0
  • M
CVE-2020-26978

<78.6.1-r0
  • H
Insufficient Verification of Data Authenticity

<68.9.0-r0
  • H
CVE-2023-5724

<115.4.1-r0
  • M
CVE-2022-1520

<91.9.0-r0
  • H
Double Free

<68.7.0-r0
  • H
Incorrect Default Permissions

<91.9.0-r0
  • M
CVE-2023-5732

<115.4.1-r0
  • M
Open Redirect

<91.9.0-r0
  • C
CVE-2022-26384

<91.7.0-r0
  • M
Improper Certificate Validation

<91.8.0-r0
  • H
Use After Free

<91.5.0-r0
  • L
CVE-2022-26388

<91.7.0-r0
  • M
CVE-2022-22739

<91.5.0-r0
  • H
Integer Overflow or Wraparound

<91.3.2-r0
  • H
Out-of-bounds Write

<91.3.2-r0
  • H
Out-of-bounds Write

<91.3.2-r0
  • H
CVE-2021-38501

<91.3.2-r0
  • M
Improper Restriction of Rendered UI Layers or Frames

<91.3.2-r0
  • H
Out-of-bounds Write

<91.3.2-r0
  • M
Incorrect Authorization

<91.6.0-r0
  • M
CVE-2021-38502

<91.3.2-r0
  • H
Missing Initialization of Resource

<91.3.2-r0
  • H
CVE-2021-38500

<91.3.2-r0
  • H
Operation on a Resource after Expiration or Release

<91.3.2-r0
  • M
Authentication Bypass

<91.10.0-r0
  • H
CVE-2022-31739

<91.10.0-r0
  • H
Use After Free

<91.3.2-r0
  • M
Information Exposure

<91.6.0-r0
  • H
Arbitrary Command Injection

<78.7.0-r0
  • H
Use After Free

<78.5.1-r0
  • M
Information Exposure

<78.9.0-r0
  • C
Out-of-bounds Write

<91.10.0-r0
  • M
CVE-2020-26976

<78.7.0-r0
  • H
Out-of-Bounds

<78.7.0-r0
  • H
Use After Free

<78.5.1-r0
  • C
CVE-2020-15683

<78.5.1-r0
  • H
Out-of-Bounds

<68.7.0-r0
  • M
Origin Validation Error

<68.8.0-r0
  • H
Use After Free

<68.6.0-r0
  • M
NULL Pointer Dereference

<68.5.0-r0
  • M
Cross-site Scripting (XSS)

<68.5.0-r0
  • H
Arbitrary Code Injection

<68.6.0-r0
  • M
CVE-2020-16012

<78.5.1-r0
  • L
CVE-2024-11692

<128.5.0-r0
  • L
CVE-2024-11695

<128.5.0-r0
  • M
CVE-2023-5725

<115.4.1-r0
  • M
Improper Restriction of Rendered UI Layers or Frames

<115.4.1-r0
  • M
CVE-2022-29916

<91.9.0-r0
  • M
Use After Free

<91.8.0-r0
  • C
Out-of-bounds Write

<91.9.0-r0
  • M
Use After Free

<91.8.0-r0
  • H
CVE-2022-22756

<91.6.0-r0
  • H
Race Condition

<91.5.0-r0
  • H
Incorrect Type Conversion or Cast

<91.4.0-r0
  • M
Improper Restriction of Rendered UI Layers or Frames

<91.4.0-r0
  • H
Time-of-check Time-of-use (TOCTOU)

<91.6.0-r0
  • M
Race Condition

<91.4.0-r0
  • M
Insufficient Verification of Data Authenticity

<91.3.2-r0
  • M
Incorrect Calculation

<91.3.2-r0
  • M
CVE-2022-22745

<91.5.0-r0
  • H
Inefficient Regular Expression Complexity

<91.8.0-r0
  • H
CVE-2022-22761

<91.6.0-r0
  • H
Improper Privilege Management

<91.3.2-r0
  • H
Interpretation Conflict

<91.3.2-r0
  • H
Out-of-bounds Write

<91.5.0-r0
  • L
Race Condition

<91.3.2-r0
  • M
Use After Free

<91.8.0-r0
  • H
Out-of-bounds Read

<91.3.2-r0
  • C
Incorrect Authorization

<91.3.2-r0
  • M
CVE-2021-38492

<91.3.2-r0
  • M
CVE-2022-22743

<91.5.0-r0
  • H
CVE-2022-22741

<91.5.0-r0
  • H
Use After Free

<91.7.0-r0
  • M
Improper Certificate Validation

<91.5.0-r0
  • M
CVE-2021-23969

<78.9.0-r0
  • M
CVE-2021-29957

<91.3.2-r0
  • H
Use After Free

<91.3.2-r0
  • M
Excessive Iteration

<91.4.0-r0
  • M
Improper Restriction of Rendered UI Layers or Frames

<91.9.0-r0
  • M
CVE-2022-26386

<91.7.0-r0
  • M
CVE-2022-26383

<91.7.0-r0
  • H
Use After Free

<91.3.2-r0
  • M
CVE-2022-29914

<91.9.0-r0
  • H
Improper Encoding or Escaping of Output

<91.5.0-r0
  • C
CVE-2022-22759

<91.6.0-r0
  • H
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<91.9.1-r0
  • H
HTTP Request Smuggling

<91.3.2-r0
  • M
CVE-2022-31742

<91.10.0-r0
  • H
CVE-2022-31740

<91.10.0-r0
  • M
Out-of-bounds Read

<91.5.0-r0
  • M
Inadequate Encryption Strength

<78.9.0-r0
  • H
Out-of-bounds Write

<78.6.1-r0
  • H
CVE-2021-23961

<91.3.2-r0
  • H
Out-of-Bounds

<78.9.0-r0
  • C
Out-of-bounds Write

<78.5.1-r0
  • C
Out-of-Bounds

<91.4.1-r0
  • H
Missing Initialization of Resource

<91.3.2-r0
  • M
Cross-site Scripting (XSS)

<78.5.1-r0
  • M
CVE-2021-23953

<78.7.0-r0
  • M
CVE-2021-43541

<91.4.0-r0
  • H
Use After Free

<91.6.2-r0
  • M
Origin Validation Error

<91.3.2-r0
  • H
Use After Free

<78.6.1-r0
  • H
CVE-2021-23960

<78.7.0-r0
  • H
Use After Free

<91.4.0-r0
  • H
Arbitrary Argument Injection

<91.3.2-r0
  • H
Out-of-bounds Write

<91.8.0-r0
  • H
CVE-2022-22763

<91.6.0-r0
  • C
Buffer Overflow

<68.8.0-r0
  • C
XML Injection

<91.5.0-r0
  • M
Improper Restriction of Rendered UI Layers or Frames

<91.8.0-r0
  • H
Out-of-bounds Write

<91.6.0-r0
  • H
Out-of-Bounds

<91.3.2-r0
  • H
Out-of-bounds Write

<78.5.1-r0
  • M
Race Condition

<91.5.0-r0
  • H
Race Condition

<91.3.2-r0
  • M
Cross-site Scripting (XSS)

<78.5.1-r0
  • C
Out-of-Bounds

<68.7.0-r0
  • H
Access of Resource Using Incompatible Type ('Type Confusion')

<78.7.0-r0
  • H
Race Condition

<68.8.0-r0
  • M
Improper Restriction of Rendered UI Layers or Frames

<91.3.2-r0
  • H
Use After Free

<91.3.2-r0
  • H
Out-of-bounds Write

<91.5.0-r0
  • M
CVE-2022-22748

<91.5.0-r0
  • M
Information Exposure

<91.4.0-r0
  • M
Improper Restriction of Rendered UI Layers or Frames

<91.3.2-r0
  • C
Out-of-bounds Write

<91.4.0-r0
  • M
Improper Privilege Management

<91.3.2-r0
  • H
CVE-2021-29981

<91.3.2-r0
  • H
Use After Free

<78.5.1-r0
  • M
Improper Certificate Validation

<91.10.0-r0
  • M
Information Exposure

<91.4.0-r0
  • M
Improper Restriction of Rendered UI Layers or Frames

<78.5.1-r0
  • H
Out-of-Bounds

<68.10.0-r0
  • M
Exposure of Resource to Wrong Sphere

<91.3.2-r0
  • H
Out-of-bounds Write

<78.5.1-r0
  • H
Out-of-Bounds

<91.3.2-r0
  • M
Improper Certificate Validation

<68.10.0-r0
  • H
CVE-2021-38510

<91.3.2-r0
  • H
Use of Uninitialized Resource

<91.10.0-r0
  • H
CVE-2020-26973

<78.6.1-r0
  • H
CVE-2023-6208

<115.5.0-r0
  • M
Use After Free

<115.5.0-r0
  • M
Improper Restriction of Excessive Authentication Attempts

<91.3.2-r0
  • L
CVE-2024-3864

<115.10.1-r0
  • M
CVE-2023-5726

<115.4.1-r0
  • M
CVE-2022-34478

<102.1.0-r0
  • M
Use After Free

<68.9.0-r0
  • C
Out-of-Bounds

<68.6.0-r0
  • C
Use After Free

<102.1.0-r0
  • L
CVE-2024-11697

<128.5.0-r0
  • L
CVE-2024-11699

<128.5.0-r0
  • H
Use After Free

<91.3.2-r0
  • H
Use After Free

<91.3.2-r0
  • C
CVE-2022-31736

<91.10.0-r0
  • M
Improper Cross-boundary Removal of Sensitive Data

<78.5.1-r0
  • M
Information Exposure

<68.8.0-r0
  • M
Information Exposure

<78.9.0-r0
  • C
Out-of-bounds Read

<91.10.0-r0
  • M
Out-of-bounds Read

<68.10.0-r0
  • H
Out-of-Bounds

<78.9.0-r0
  • M
Cross-site Scripting (XSS)

<78.5.1-r0
  • H
Out-of-Bounds

<68.9.0-r0
  • M
Cleartext Storage of Sensitive Information

<68.5.0-r0
  • M
CVE-2020-26961

<78.5.1-r0
  • H
CVE-2021-29984

<91.3.2-r0
  • H
Arbitrary Code Injection

<68.8.0-r0
  • H
Out-of-bounds Write

<78.6.1-r0
  • M
Improper Privilege Management

<91.4.0-r0
  • M
Out-of-bounds Read

<68.6.0-r0
  • H
Out-of-bounds Write

<115.5.0-r0
  • M
CVE-2022-34472

<102.1.0-r0
  • M
Information Exposure

<68.6.0-r0
  • M
Information Exposure

<78.6.1-r0
  • H
Use After Free

<78.5.1-r0
  • C
Out-of-Bounds

<68.8.0-r0
  • M
Use of Uninitialized Resource

<68.5.0-r0
  • M
Improper Restriction of Rendered UI Layers or Frames

<115.5.0-r0
  • H
Use After Free

<68.10.0-r0
  • H
Integer Overflow or Wraparound

<102.1.0-r0
  • M
CVE-2020-26966

<78.5.1-r0
  • H
Out-of-bounds Read

<68.6.0-r0
  • M
Improper Input Validation

<68.5.0-r0
  • M
Cross-site Scripting (XSS)

<102.0-r0
  • L
CVE-2024-11691

<128.5.0-r0
  • H
Out-of-bounds Write

<78.6.1-r0
  • L
CVE-2024-11694

<128.5.0-r0
  • H
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<102.0-r0
  • H
Use After Free

<102.0-r0
  • M
CVE-2023-5727

<115.4.1-r0
  • H
CVE-2022-34468

<102.1.0-r0
  • M
Authentication Bypass

<102.0-r0
  • M
Use of Uninitialized Resource

<68.5.0-r0
  • H
Out-of-Bounds

<68.5.0-r0
  • M
CVE-2022-34479

<102.1.0-r0
  • H
Use After Free

<68.6.0-r0
  • L
CVE-2024-11693

<128.5.0-r0
  • H
Use After Free

<115.5.0-r0
  • M
Directory Traversal

<115.5.0-r0
  • C
Out-of-bounds Write

<115.4.1-r0
  • H
Use After Free

<68.7.0-r0
  • L
CVE-2024-11696

<128.5.0-r0
  • M
Out-of-bounds Read

<115.5.0-r0
  • H
Use After Free

<68.10.0-r0
  • H
CVE-2023-5728

<115.4.1-r0