thunderbird vulnerabilities

Known vulnerabilities in the thunderbird package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
L Improper Encoding or Escaping of Output	*
M Resource Exhaustion	*
M Arbitrary Code Injection	<0:128.13.0-3.el10_0
M Incorrect Default Permissions	<0:128.13.0-3.el10_0
M Cross-site Scripting (XSS)	<0:128.13.0-3.el10_0
H Out-of-Bounds	<0:128.13.0-3.el10_0
M Protection Mechanism Failure	<0:128.13.0-3.el10_0
H Use of Uninitialized Variable	<0:128.13.0-3.el10_0
L NULL Pointer Dereference	<0:128.13.0-3.el10_0
H Insufficient Protection Against Instruction Skipping Via Fault Injection	<0:128.13.0-3.el10_0
H Out-of-Bounds	<0:128.13.0-3.el10_0
M Integer Overflow or Wraparound	*
L Missing Synchronization	*
L NULL Pointer Dereference	*
L User Interface (UI) Misrepresentation of Critical Information	*
L Out-of-bounds Read	*
L Double Free	*
L Race Condition	*
L Improper Validation of Specified Quantity in Input	*
L Open Redirect	*
L Uncontrolled Memory Allocation	*
L Improper Check for Unusual or Exceptional Conditions	*
L Information Exposure	*
M Exposure of System Data to an Unauthorized Control Sphere	*
M Information Exposure	*
M User Interface (UI) Misrepresentation of Critical Information	*
M Use After Free	*
M Out-of-Bounds	*
M Buffer Overflow	*
M User Interface (UI) Misrepresentation of Critical Information	*
M Use After Free	*
M Buffer Overflow	*
M Out-of-Bounds	*
M Use After Free	*
M Open Redirect	*
M Out-of-Bounds	*
M Improper Restriction of Rendered UI Layers or Frames	*
H Buffer Overflow	*
H Buffer Overflow	*
H Buffer Overflow	*
H Use After Free	*
H Buffer Overflow	*
H Arbitrary Code Injection	*
H Arbitrary Code Injection	*
H Buffer Overflow	*
H Buffer Overflow	*
H Buffer Overflow	*
H Buffer Overflow	*
M HTTP Request Smuggling	*
L HTTP Request Smuggling	*
L Improper Input Validation	*
L Improper Resource Shutdown or Release	*
L Use After Free	*
L Reachable Assertion	*
L Information Exposure	*
M User Interface (UI) Misrepresentation of Critical Information	*
H Buffer Overflow	*
L Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)	*
L Information Exposure	*
M Double Free	*
L Product UI does not Warn User of Unsafe Actions	*
M Cross-site Scripting (XSS)	*
M Improper Validation of Integrity Check Value	*
M User Interface (UI) Misrepresentation of Critical Information	*
H Buffer Overflow	*
M Incomplete Filtering of Special Elements	*
M Buffer Overflow	<0:128.10.0-1.el10_0
M Out-of-bounds Read	<0:128.10.0-1.el10_0
H Insufficient Compartmentalization	<0:128.10.0-1.el10_0
H Arbitrary Code Injection	<0:128.10.0-1.el10_0
H Buffer Overflow	<0:128.10.0-1.el10_0
L User Interface (UI) Misrepresentation of Critical Information	<0:128.10.0-1.el10_0
M Origin Validation Error	<0:128.9.0-2.el10_0
H Use After Free	<0:128.9.0-2.el10_0
H Buffer Overflow	<0:128.9.0-2.el10_0
H Information Exposure	<0:128.10.0-1.el10_0
H Insufficient Granularity of Access Control	<0:128.10.0-1.el10_0
M Heap-based Buffer Overflow	*
M CVE-2025-48068	*
L Race Condition	*

Vulnerability

Vulnerable Version

Improper Encoding or Escaping of Output