Homepage

thunderbird vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the thunderbird package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • M
Allocation of Resources Without Limits or Throttling

*
  • M
Allocation of Resources Without Limits or Throttling

*
  • M
Buffer Overflow

*
  • M
CVE-2025-50537

*
  • H
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

*
  • M
Integer Overflow or Wraparound

*
  • M
Out-of-bounds Read

*
  • M
CVE-2026-0886

*
  • M
CVE-2026-0885

*
  • M
CVE-2026-0887

*
  • M
Authentication Bypass

*
  • H
CVE-2026-0878

*
  • L
CVE-2026-0890

*
  • M
CVE-2026-0884

*
  • H
CVE-2026-0879

*
  • M
CVE-2026-0883

*
  • H
CVE-2026-0882

*
  • H
CVE-2026-0877

*
  • H
CVE-2026-0880

*
  • H
CVE-2026-0891

*
  • M
NULL Pointer Dereference

*
  • H
CVE-2025-14323

<0:140.6.0-1.el10_1
  • M
CVE-2025-14330

<0:140.6.0-1.el10_1
  • M
Out-of-bounds Write

<0:140.6.0-1.el10_1
  • H
CVE-2025-14322

<0:140.6.0-1.el10_1
  • M
CVE-2025-14329

<0:140.6.0-1.el10_1
  • H
CVE-2025-14324

<0:140.6.0-1.el10_1
  • M
CVE-2025-14328

<0:140.6.0-1.el10_1
  • H
Use After Free

<0:140.6.0-1.el10_1
  • M
Origin Validation Error

<0:140.6.0-1.el10_1
  • M
Exposure of Private Information ('Privacy Violation')

*
  • H
Cross-site Scripting (XSS)

*
  • M
Out-of-bounds Read

*
  • L
Algorithmic Complexity

*
  • M
Out-of-bounds Read

*
  • M
Cross-site Scripting (XSS)

<0:140.5.0-2.el10_1
  • M
Expired Pointer Dereference

<0:140.5.0-2.el10_1
  • M
Origin Validation Error

<0:140.5.0-2.el10_1
  • M
Trust Boundary Violation

<0:140.5.0-2.el10_1
  • H
Race Condition

<0:140.5.0-2.el10_1
  • L
Authentication Bypass

<0:140.5.0-2.el10_1
  • H
Out-of-bounds Write

<0:140.5.0-2.el10_1
  • M
Cross-site Scripting (XSS)

<0:140.5.0-2.el10_1
  • M
Expired Pointer Dereference

<0:140.5.0-2.el10_1
  • M
Interpretation Conflict

<0:140.4.0-2.el10_0
  • H
Out-of-bounds Read

<0:140.4.0-2.el10_0
  • H
Use After Free

<0:140.4.0-2.el10_0
  • H
Out-of-Bounds

<0:140.4.0-2.el10_0
  • H
Improper Access Control

<0:140.4.0-2.el10_0
  • H
Out-of-Bounds

<0:140.4.0-2.el10_0
  • H
Exposure of System Data to an Unauthorized Control Sphere

<0:140.4.0-2.el10_0
  • M
Out-of-bounds Read

<0:140.3.0-1.el10_0
  • M
Integer Overflow or Wraparound

<0:140.3.0-1.el10_0
  • M
CVE-2025-10529

<0:140.3.0-1.el10_0
  • H
Access of Uninitialized Pointer

<0:140.3.0-1.el10_0
  • H
CVE-2025-10537

<0:140.3.0-1.el10_0
  • L
CVE-2025-10536

<0:140.3.0-1.el10_0
  • H
Use After Free

<0:140.3.0-1.el10_0
  • M
Allocation of Resources Without Limits or Throttling

*
  • L
Resource Exhaustion

<0:128.14.0-3.el10_0
  • L
Improper Neutralization

*
  • M
Information Exposure Through Caching

*
  • M
Improper Input Validation

*
  • H
Out-of-Bounds

<0:128.14.0-3.el10_0
  • M
Improper Initialization

<0:128.14.0-3.el10_0
  • H
Out-of-Bounds

<0:128.14.0-3.el10_0
  • H
Information Exposure

<0:128.14.0-3.el10_0
  • L
Improper Encoding or Escaping of Output

*
  • M
Resource Exhaustion

*
  • M
Arbitrary Code Injection

<0:128.13.0-3.el10_0
  • M
Incorrect Default Permissions

<0:128.13.0-3.el10_0
  • M
Cross-site Scripting (XSS)

<0:128.13.0-3.el10_0
  • H
Out-of-Bounds

<0:128.13.0-3.el10_0
  • M
Protection Mechanism Failure

<0:128.13.0-3.el10_0
  • H
Use of Uninitialized Variable

<0:128.13.0-3.el10_0
  • L
NULL Pointer Dereference

<0:128.13.0-3.el10_0
  • H
Insufficient Protection Against Instruction Skipping Via Fault Injection

<0:128.13.0-3.el10_0
  • H
Out-of-Bounds

<0:128.13.0-3.el10_0
  • M
Integer Overflow or Wraparound

*
  • L
Missing Synchronization

*
  • L
NULL Pointer Dereference

*
  • L
User Interface (UI) Misrepresentation of Critical Information

*
  • L
Out-of-bounds Read

*
  • L
Double Free

*
  • L
Race Condition

*
  • L
Improper Validation of Specified Quantity in Input

*
  • L
Open Redirect

*
  • L
Uncontrolled Memory Allocation

*
  • L
Improper Check for Unusual or Exceptional Conditions

*
  • L
Information Exposure

*
  • M
Exposure of System Data to an Unauthorized Control Sphere

*
  • M
Information Exposure

*
  • M
User Interface (UI) Misrepresentation of Critical Information

*
  • M
Use After Free

*
  • M
Out-of-Bounds

*
  • M
Buffer Overflow

*
  • M
User Interface (UI) Misrepresentation of Critical Information

*
  • M
Use After Free

*
  • M
Buffer Overflow

*
  • M
Out-of-Bounds

*
  • M
Use After Free

*
  • M
Open Redirect

*
  • M
Out-of-Bounds

*
  • M
Improper Restriction of Rendered UI Layers or Frames

*
  • H
Buffer Overflow

*
  • H
Buffer Overflow

*
  • H
Buffer Overflow

*
  • H
Use After Free

*
  • H
Buffer Overflow

*
  • H
Arbitrary Code Injection

*
  • H
Arbitrary Code Injection

*
  • H
Buffer Overflow

*
  • H
Buffer Overflow

*
  • H
Buffer Overflow

*
  • H
Buffer Overflow

*
  • M
HTTP Request Smuggling

*
  • L
HTTP Request Smuggling

*
  • M
Information Exposure

<0:128.12.0-1.el10_0
  • M
Cross-site Scripting (XSS)

<0:128.12.0-1.el10_0
  • H
Use After Free

<0:128.12.0-1.el10_0
  • M
Use of Incorrectly-Resolved Name or Reference

<0:128.12.0-1.el10_0
  • L
Improper Input Validation

*
  • L
Improper Resource Shutdown or Release

*
  • L
Use After Free

*
  • L
Reachable Assertion

*
  • H
Double Free

<0:128.11.0-1.el10_0
  • L
Information Exposure

*
  • M
User Interface (UI) Misrepresentation of Critical Information

*
  • H
Buffer Overflow

*
  • H
Resource Exhaustion

<0:128.12.0-1.el10_0
  • M
Allocation of Resources Without Limits or Throttling

*
  • L
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

*
  • L
Information Exposure

*
  • M
Double Free

*
  • L
Product UI does not Warn User of Unsafe Actions

*
  • M
Cross-site Scripting (XSS)

*
  • M
Improper Validation of Integrity Check Value

*
  • M
User Interface (UI) Misrepresentation of Critical Information

*
  • H
Buffer Overflow

*
  • M
Incomplete Filtering of Special Elements

*
  • M
Buffer Overflow

<0:128.10.0-1.el10_0
  • M
Out-of-bounds Read

<0:128.10.0-1.el10_0
  • H
Insufficient Compartmentalization

<0:128.10.0-1.el10_0
  • H
Arbitrary Code Injection

<0:128.10.0-1.el10_0
  • H
Buffer Overflow

<0:128.10.0-1.el10_0
  • L
User Interface (UI) Misrepresentation of Critical Information

<0:128.10.0-1.el10_0
  • M
Origin Validation Error

<0:128.9.0-2.el10_0
  • H
Use After Free

<0:128.9.0-2.el10_0
  • H
Buffer Overflow

<0:128.9.0-2.el10_0
  • H
Information Exposure

<0:128.10.0-1.el10_0
  • H
Insufficient Granularity of Access Control

<0:128.10.0-1.el10_0
  • H
Authentication Bypass

<0:128.10.1-1.el10_0
  • L
Authentication Bypass

<0:128.10.1-1.el10_0
  • H
Authentication Bypass

<0:128.10.1-1.el10_0
  • H
Information Exposure

<0:128.10.1-1.el10_0
  • H
Out-of-bounds Write

<0:128.11.0-1.el10_0
  • H
Out-of-bounds Write

<0:128.11.0-1.el10_0
  • L
Improper Restriction of Rendered UI Layers or Frames

<0:128.11.0-1.el10_0
  • M
Out-of-Bounds

<0:128.11.0-1.el10_0
  • M
Inclusion of Functionality from Untrusted Control Sphere

<0:128.11.0-1.el10_0
  • M
Inclusion of Functionality from Untrusted Control Sphere

<0:128.11.0-1.el10_0
  • M
Improper Encoding or Escaping of Output

<0:128.11.0-1.el10_0
  • M
Out-of-Bounds

<0:128.11.0-1.el10_0
  • M
Improper Validation of Unsafe Equivalence in Input

*
  • M
CVE-2025-48068

*
  • L
Race Condition

*