thunderbird vulnerabilities

Known vulnerabilities in the thunderbird package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
L Missing Synchronization	*
L NULL Pointer Dereference	*
L User Interface (UI) Misrepresentation of Critical Information	*
L Out-of-bounds Read	*
L Double Free	*
L Race Condition	*
L Improper Validation of Specified Quantity in Input	*
L Open Redirect	*
L Uncontrolled Memory Allocation	*
L Improper Check for Unusual or Exceptional Conditions	*
L Information Exposure	*
M Exposure of System Data to an Unauthorized Control Sphere	*
M Information Exposure	*
M User Interface (UI) Misrepresentation of Critical Information	*
M Use After Free	*
M Out-of-Bounds	*
M Buffer Overflow	*
M User Interface (UI) Misrepresentation of Critical Information	*
M Use After Free	*
M Buffer Overflow	*
M Out-of-Bounds	*
M Use After Free	*
M Open Redirect	*
M Out-of-Bounds	*
M Improper Restriction of Rendered UI Layers or Frames	*
H Buffer Overflow	*
H Buffer Overflow	*
H Buffer Overflow	*
H Use After Free	*
H Buffer Overflow	*
H Arbitrary Code Injection	*
H Arbitrary Code Injection	*
H Buffer Overflow	*
H Buffer Overflow	*
H Buffer Overflow	*
H Buffer Overflow	*
M HTTP Request Smuggling	*
L HTTP Request Smuggling	*
M Information Exposure	<0:128.12.0-1.el10_0
M Cross-site Scripting (XSS)	<0:128.12.0-1.el10_0
H Use After Free	<0:128.12.0-1.el10_0
M Use of Incorrectly-Resolved Name or Reference	<0:128.12.0-1.el10_0
L Improper Input Validation	*
L Improper Resource Shutdown or Release	*
L Use After Free	*
L Reachable Assertion	*
H Double Free	<0:128.11.0-1.el10_0
L Information Exposure	*
M User Interface (UI) Misrepresentation of Critical Information	*
H Buffer Overflow	*
H Resource Exhaustion	<0:128.12.0-1.el10_0
M Allocation of Resources Without Limits or Throttling	*
L Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)	*
L Information Exposure	*
M Double Free	*
L Product UI does not Warn User of Unsafe Actions	*
M Cross-site Scripting (XSS)	*
M Improper Validation of Integrity Check Value	*
M User Interface (UI) Misrepresentation of Critical Information	*
H Buffer Overflow	*
M Incomplete Filtering of Special Elements	*
M Buffer Overflow	<0:128.10.0-1.el10_0
M Out-of-bounds Read	<0:128.10.0-1.el10_0
H Insufficient Compartmentalization	<0:128.10.0-1.el10_0
H Arbitrary Code Injection	<0:128.10.0-1.el10_0
H Buffer Overflow	<0:128.10.0-1.el10_0
L User Interface (UI) Misrepresentation of Critical Information	<0:128.10.0-1.el10_0
M Origin Validation Error	<0:128.9.0-2.el10_0
H Use After Free	<0:128.9.0-2.el10_0
H Buffer Overflow	<0:128.9.0-2.el10_0
H Information Exposure	<0:128.10.0-1.el10_0
H Insufficient Granularity of Access Control	<0:128.10.0-1.el10_0
M Heap-based Buffer Overflow	*
H Authentication Bypass	<0:128.10.1-1.el10_0
L Authentication Bypass	<0:128.10.1-1.el10_0
H Authentication Bypass	<0:128.10.1-1.el10_0
H Information Exposure	<0:128.10.1-1.el10_0
H Out-of-bounds Write	<0:128.11.0-1.el10_0
H Out-of-bounds Write	<0:128.11.0-1.el10_0
L Improper Restriction of Rendered UI Layers or Frames	<0:128.11.0-1.el10_0
M Out-of-Bounds	<0:128.11.0-1.el10_0
M Inclusion of Functionality from Untrusted Control Sphere	<0:128.11.0-1.el10_0
M Inclusion of Functionality from Untrusted Control Sphere	<0:128.11.0-1.el10_0
M Improper Encoding or Escaping of Output	<0:128.11.0-1.el10_0
M Out-of-Bounds	<0:128.11.0-1.el10_0
M Improper Validation of Unsafe Equivalence in Input	*
M CVE-2025-48068	*
L Race Condition	*

Vulnerability

Vulnerable Version

Missing Synchronization