thunderbird vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the thunderbird package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
H Use After Free	<0:128.3.1-1.0.1.el9_4
H CVE-2024-9394	<0:128.3.0-1.0.1.el9_4
H CVE-2024-9392	<0:128.3.0-1.0.1.el9_4
H CVE-2024-9403	<0:128.3.0-1.0.1.el9_4
H CVE-2024-9393	<0:128.3.0-1.0.1.el9_4
H Improper Restriction of Rendered UI Layers or Frames	<0:128.3.0-1.0.1.el9_4
H CVE-2024-9396	<0:128.3.0-1.0.1.el9_4
H CVE-2024-9402	<0:128.3.0-1.0.1.el9_4
H CVE-2024-9401	<0:128.3.0-1.0.1.el9_4
H CVE-2024-9398	<0:128.3.0-1.0.1.el9_4
H CVE-2024-9400	<0:128.3.0-1.0.1.el9_4
H CVE-2024-9399	<0:128.3.0-1.0.1.el9_4
H CVE-2024-8382	<0:128.2.0-1.0.2.el9_4
H Out-of-bounds Write	<0:128.2.0-1.0.2.el9_4
H Access of Resource Using Incompatible Type ('Type Confusion')	<0:128.2.0-1.0.2.el9_4
H Access of Resource Using Incompatible Type ('Type Confusion')	<0:128.2.0-1.0.2.el9_4
H Out-of-bounds Write	<0:128.2.0-1.0.2.el9_4
H CVE-2024-7652	<0:128.2.0-1.0.2.el9_4
H Use After Free	<0:128.2.0-1.0.2.el9_4
H Open Redirect	<0:128.2.0-1.0.2.el9_4
H Incorrect Default Permissions	<0:115.14.0-1.0.1.el9_4
H Improper Handling of Exceptional Conditions	<0:115.14.0-1.0.1.el9_4
H Use After Free	<0:115.14.0-1.0.1.el9_4
H Out-of-bounds Write	<0:115.14.0-1.0.1.el9_4
H Access of Resource Using Incompatible Type ('Type Confusion')	<0:115.14.0-1.0.1.el9_4
H Out-of-bounds Read	<0:115.14.0-1.0.1.el9_4
H Use of Uninitialized Resource	<0:115.14.0-1.0.1.el9_4
H CVE-2024-7529	<0:115.14.0-1.0.1.el9_4
H CVE-2024-7518	<0:115.14.0-1.0.1.el9_4
H Use After Free	<0:115.14.0-1.0.1.el9_4
H CVE-2024-6601	<0:115.13.0-3.0.1.el9_4
H CVE-2024-6604	<0:115.13.0-3.0.1.el9_4
H CVE-2024-6603	<0:115.13.0-3.0.1.el9_4
H CVE-2024-5688	<0:115.12.1-1.0.1.el9_4
H Information Exposure	<0:115.12.1-1.0.1.el9_4
H CVE-2024-5702	<0:115.12.1-1.0.1.el9_4
H CVE-2024-5700	<0:115.12.1-1.0.1.el9_4
H CVE-2024-5693	<0:115.12.1-1.0.1.el9_4
H CVE-2024-5691	<0:115.12.1-1.0.1.el9_4
H CVE-2024-5696	<0:115.12.1-1.0.1.el9_4
H CVE-2024-4777	<0:115.11.0-1.0.1.el9_4
H CVE-2024-4768	<0:115.11.0-1.0.1.el9_4
H CVE-2024-4767	<0:115.11.0-1.0.1.el9_4
H CVE-2024-4770	<0:115.11.0-1.0.1.el9_4
H CVE-2024-4367	<0:115.11.0-1.0.1.el9_4
H CVE-2024-4769	<0:115.11.0-1.0.1.el9_4
L CVE-2024-3302	<0:115.10.0-2.0.1.el9_3
M CVE-2024-2612	<0:115.9.0-1.0.1.el9_3
M CVE-2024-2607	<0:115.9.0-1.0.1.el9_3
M CVE-2024-2610	<0:115.9.0-1.0.1.el9_3
M CVE-2024-2611	<0:115.9.0-1.0.1.el9_3
M CVE-2023-5388	<0:115.9.0-1.0.1.el9_3
M CVE-2024-1936	<0:115.9.0-1.0.1.el9_3
M Unchecked Return Value	<0:115.9.0-1.0.1.el9_3
M CVE-2024-2608	<0:115.9.0-1.0.1.el9_3
M CVE-2024-2614	<0:115.9.0-1.0.1.el9_3
H CVE-2024-1551	<0:115.8.0-1.0.1.el9_3
H CVE-2024-1547	<0:115.8.0-1.0.1.el9_3
H CVE-2024-1549	<0:115.8.0-1.0.1.el9_3
H CVE-2024-1552	<0:115.8.0-1.0.1.el9_3
H CVE-2024-1546	<0:115.8.0-1.0.1.el9_3
H CVE-2024-1550	<0:115.8.0-1.0.1.el9_3
H CVE-2024-1553	<0:115.8.0-1.0.1.el9_3
H CVE-2024-1548	<0:115.8.0-1.0.1.el9_3
H CVE-2024-0742	<0:115.7.0-1.0.1.el9_3
H Origin Validation Error	<0:115.7.0-1.0.1.el9_3
H CVE-2024-0747	<0:115.7.0-1.0.1.el9_3
H Out-of-bounds Write	<0:115.7.0-1.0.1.el9_3
H CVE-2024-0750	<0:115.7.0-1.0.1.el9_3
H CVE-2024-0746	<0:115.7.0-1.0.1.el9_3
H CVE-2024-0753	<0:115.7.0-1.0.1.el9_3
H Improper Privilege Management	<0:115.7.0-1.0.1.el9_3
H CVE-2024-0755	<0:115.7.0-1.0.1.el9_3
H CVE-2023-6863	<0:115.6.0-1.0.1.el9_3
H Out-of-bounds Write	<0:115.6.0-1.0.1.el9_3
H Race Condition	<0:115.6.0-1.0.1.el9_3
H Out-of-bounds Write	<0:115.6.0-1.0.1.el9_3
H Out-of-bounds Write	<0:115.6.0-1.0.1.el9_3
H CVE-2023-6860	<0:115.6.0-1.0.1.el9_3
H Out-of-bounds Write	<0:115.6.0-1.0.1.el9_3
H CVE-2023-50761	<0:115.6.0-1.0.1.el9_3
H Use After Free	<0:115.6.0-1.0.1.el9_3
H CVE-2023-50762	<0:115.6.0-1.0.1.el9_3
H Use After Free	<0:115.6.0-1.0.1.el9_3
H Use After Free	<0:115.5.0-1.0.1.el9_3
H Improper Restriction of Rendered UI Layers or Frames	<0:115.5.0-1.0.1.el9_3
H Out-of-bounds Write	<0:115.5.0-1.0.1.el9_3
H CVE-2023-6208	<0:115.5.0-1.0.1.el9_3
H Directory Traversal	<0:115.5.0-1.0.1.el9_3
H Use After Free	<0:115.5.0-1.0.1.el9_3
H Out-of-bounds Read	<0:115.5.0-1.0.1.el9_3
H CVE-2023-5732	<0:115.4.1-1.0.1.el9_2
H CVE-2023-5725	<0:115.4.1-1.0.1.el9_2
H CVE-2023-5728	<0:115.4.1-1.0.1.el9_2
H CVE-2023-5724	<0:115.4.1-1.0.1.el9_2
H Out-of-bounds Write	<0:115.4.1-1.0.1.el9_2
H Improper Restriction of Rendered UI Layers or Frames	<0:115.4.1-1.0.1.el9_2
H Improper Handling of Exceptional Conditions	<0:115.4.1-1.0.1.el9_2
H Use After Free	<0:115.3.1-1.0.1.el9_2
H Out-of-bounds Write	<0:115.3.1-1.0.1.el9_2
H Out-of-bounds Write	<0:115.3.1-1.0.1.el9_2
H Out-of-bounds Write	<0:115.3.1-1.0.1.el9_2
H Use After Free	<0:115.3.1-1.0.1.el9_2
H Out-of-bounds Write	<0:102.15.1-1.0.1.el9_2
H Use After Free	<0:102.15.0-1.0.1.el9_2
H CVE-2023-4581	<0:102.15.0-1.0.1.el9_2
H CVE-2023-4577	<0:102.15.0-1.0.1.el9_2
H Out-of-bounds Write	<0:102.15.0-1.0.1.el9_2
H Allocation of Resources Without Limits or Throttling	<0:102.15.0-1.0.1.el9_2
H CVE-2023-4583	<0:102.15.0-1.0.1.el9_2
H Link Following	<0:102.15.0-1.0.1.el9_2
H Use After Free	<0:102.15.0-1.0.1.el9_2
H Out-of-bounds Write	<0:102.15.0-1.0.1.el9_2
H CVE-2023-4051	<0:102.15.0-1.0.1.el9_2
H Missing Encryption of Sensitive Data	<0:102.15.0-1.0.1.el9_2
H Use After Free	<0:102.15.0-1.0.1.el9_2
H CVE-2023-3417	<0:102.14.0-1.0.1.el9_2
H CVE-2023-4047	<0:102.14.0-1.0.1.el9_2
H Race Condition	<0:102.14.0-1.0.1.el9_2
H Out-of-bounds Write	<0:102.14.0-1.0.1.el9_2
H Out-of-bounds Read	<0:102.14.0-1.0.1.el9_2
H CVE-2023-4055	<0:102.14.0-1.0.1.el9_2
H Out-of-bounds Write	<0:102.14.0-1.0.1.el9_2
H CVE-2023-4046	<0:102.14.0-1.0.1.el9_2
H Origin Validation Error	<0:102.14.0-1.0.1.el9_2
H Out-of-bounds Write	<0:102.14.0-1.0.1.el9_2
H Out-of-bounds Write	<0:102.13.0-2.0.1.el9_2
H CVE-2023-37208	<0:102.13.0-2.0.1.el9_2
H Use After Free	<0:102.13.0-2.0.1.el9_2
H Use After Free	<0:102.13.0-2.0.1.el9_2
H Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')	<0:102.13.0-2.0.1.el9_2
H Improper Certificate Validation	<0:102.12.0-1.0.1.el9_2
H Out-of-bounds Write	<0:102.12.0-1.0.1.el9_2
H Out-of-bounds Read	<0:102.11.0-1.0.1.el9_2
H Authentication Bypass	<0:102.11.0-1.0.1.el9_2
H CVE-2023-32205	<0:102.11.0-1.0.1.el9_2
H CVE-2023-32211	<0:102.11.0-1.0.1.el9_2
H CVE-2023-32212	<0:102.11.0-1.0.1.el9_2
H Out-of-bounds Write	<0:102.11.0-1.0.1.el9_2
H Use of Uninitialized Resource	<0:102.11.0-1.0.1.el9_2
H Improper Certificate Validation	<0:102.10.0-2.0.1.el9_1
H Resource Exhaustion	<0:102.10.0-2.0.1.el9_1
H Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	<0:102.10.0-2.0.1.el9_1
H Out-of-bounds Write	<0:102.10.0-2.0.1.el9_1
H CVE-2023-29548	<0:102.10.0-2.0.1.el9_1
H NULL Pointer Dereference	<0:102.10.0-2.0.1.el9_1
H CVE-2023-29535	<0:102.10.0-2.0.1.el9_1
H Improper Encoding or Escaping of Output	<0:102.10.0-2.0.1.el9_1
H Use After Free	<0:102.10.0-2.0.1.el9_1
H CVE-2023-29533	<0:102.10.0-2.0.1.el9_1
H CVE-2023-29550	<0:102.10.0-2.0.1.el9_1
H Out-of-bounds Write	<0:102.9.0-1.0.1.el9_1
H Incorrect Type Conversion or Cast	<0:102.9.0-1.0.1.el9_1
H CVE-2023-28164	<0:102.9.0-1.0.1.el9_1
H CVE-2023-25751	<0:102.9.0-1.0.1.el9_1
H CVE-2023-25752	<0:102.9.0-1.0.1.el9_1
H CVE-2023-25742	<0:102.8.0-2.0.1.el9_1
H Resource Exhaustion	<0:102.8.0-2.0.1.el9_1
H CVE-2023-0767	<0:102.8.0-2.0.1.el9_1
H Out-of-bounds Write	<0:102.8.0-2.0.1.el9_1
H Out-of-bounds Write	<0:102.8.0-2.0.1.el9_1
H Authentication Bypass	<0:102.8.0-2.0.1.el9_1
H Use After Free	<0:102.8.0-2.0.1.el9_1
H CVE-2023-25730	<0:102.8.0-2.0.1.el9_1
H Out-of-bounds Write	<0:102.8.0-2.0.1.el9_1
H CVE-2023-25728	<0:102.8.0-2.0.1.el9_1
H Use After Free	<0:102.8.0-2.0.1.el9_1
H CVE-2023-25737	<0:102.8.0-2.0.1.el9_1
H CVE-2023-25729	<0:102.8.0-2.0.1.el9_1
H Improper Certificate Validation	<0:102.7.1-2.0.1.el9_1
H Improper Encoding or Escaping of Output	<0:102.7.1-1.0.1.el9_1
H Origin Validation Error	<0:102.7.1-1.0.1.el9_1
H CVE-2022-46877	<0:102.7.1-1.0.1.el9_1
H Out-of-bounds Write	<0:102.7.1-1.0.1.el9_1
H CVE-2023-23598	<0:102.7.1-1.0.1.el9_1
H CVE-2023-23603	<0:102.7.1-1.0.1.el9_1
H Improper Check for Unusual or Exceptional Conditions	<0:102.7.1-1.0.1.el9_1
H CVE-2022-46871	<0:102.7.1-1.0.1.el9_1
H Out-of-bounds Write	<0:102.6.0-2.0.1.el9_1
H CVE-2022-45414	<0:102.6.0-2.0.1.el9_1
H CVE-2022-46872	<0:102.6.0-2.0.1.el9_1
H CVE-2022-46874	<0:102.6.0-2.0.1.el9_1
H Use After Free	<0:102.6.0-2.0.1.el9_1
H Use After Free	<0:102.6.0-2.0.1.el9_1
H Out-of-bounds Write	<0:102.6.0-2.0.1.el9_1
H Link Following	<0:102.5.0-2.0.1.el9_1
H CVE-2022-45410	<0:102.5.0-2.0.1.el9_1
H Improper Restriction of Rendered UI Layers or Frames	<0:102.5.0-2.0.1.el9_1
H Improper Restriction of Rendered UI Layers or Frames	<0:102.5.0-2.0.1.el9_1
H Information Exposure	<0:102.5.0-2.0.1.el9_1
H Use After Free	<0:102.5.0-2.0.1.el9_1
H Cross-site Scripting (XSS)	<0:102.5.0-2.0.1.el9_1
H Information Exposure	<0:102.5.0-2.0.1.el9_1
H Use After Free	<0:102.5.0-2.0.1.el9_1
H Out-of-bounds Write	<0:102.5.0-2.0.1.el9_1
H Use After Free	<0:102.5.0-2.0.1.el9_1
H CVE-2022-45408	<0:102.5.0-2.0.1.el9_1
H CVE-2022-45404	<0:102.5.0-2.0.1.el9_1
H Improper Authentication	<0:102.4.0-1.el9_0
H CVE-2022-39236	<0:102.4.0-1.el9_0
H Improper Authentication	<0:102.4.0-1.el9_0
H Improper Authentication	<0:102.4.0-1.el9_0
H NULL Pointer Dereference	<0:102.4.0-1.el9_0
H Origin Validation Error	<0:102.4.0-1.el9_0
H Out-of-bounds Write	<0:102.4.0-1.el9_0
H CVE-2022-42929	<0:102.4.0-1.el9_0
H Use After Free	<0:102.3.0-4.0.1.el9_0
H Insecure Storage of Sensitive Information	<0:102.3.0-3.0.1.el9_0
H Arbitrary Code Injection	<0:102.3.0-3.0.1.el9_0
H Improper Restriction of Rendered UI Layers or Frames	<0:102.3.0-3.0.1.el9_0
H Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	<0:102.3.0-3.0.1.el9_0
H Out-of-bounds Write	<0:102.3.0-3.0.1.el9_0
H Externally Controlled Reference to a Resource in Another Sphere	<0:102.3.0-3.0.1.el9_0
H Cross-site Scripting (XSS)	<0:102.3.0-3.0.1.el9_0
H CVE-2022-40957	<0:102.3.0-3.0.1.el9_0
H Use After Free	<0:102.3.0-3.0.1.el9_0
H Cross-site Scripting (XSS)	<0:102.3.0-3.0.1.el9_0
H Out-of-bounds Write	<0:91.13.0-1.0.1.el9_0
H Origin Validation Error	<0:91.13.0-1.0.1.el9_0
H Out-of-bounds Write	<0:91.13.0-1.0.1.el9_0
H Use After Free	<0:91.13.0-1.0.1.el9_0
H Improper Preservation of Permissions	<0:91.13.0-1.0.1.el9_0
H Race Condition	<0:91.12.0-1.0.1.el9_0
H Out-of-bounds Write	<0:91.12.0-1.0.1.el9_0
H CVE-2022-36319	<0:91.12.0-1.0.1.el9_0
H CVE-2022-34472	<0:91.11.0-2.0.1.el9_0
H Use After Free	<0:91.11.0-2.0.1.el9_0
H Authentication Bypass	<0:91.11.0-2.0.1.el9_0
H Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	<0:91.11.0-2.0.1.el9_0
H Cross-site Scripting (XSS)	<0:91.11.0-2.0.1.el9_0
H CVE-2022-34468	<0:91.11.0-2.0.1.el9_0
H Use After Free	<0:91.11.0-2.0.1.el9_0
H Integer Overflow or Wraparound	<0:91.11.0-2.0.1.el9_0
H CVE-2022-34479	<0:91.11.0-2.0.1.el9_0
H Improper Certificate Validation	<0:91.10.0-1.0.1.el9_0
H Out-of-bounds Read	<0:91.10.0-1.0.1.el9_0
H Authentication Bypass	<0:91.10.0-1.0.1.el9_0
H Out-of-bounds Write	<0:91.10.0-1.0.1.el9_0
H CVE-2022-31742	<0:91.10.0-1.0.1.el9_0
H CVE-2022-31740	<0:91.10.0-1.0.1.el9_0
H CVE-2022-31736	<0:91.10.0-1.0.1.el9_0
H Use of Uninitialized Resource	<0:91.10.0-1.0.1.el9_0
C Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	<0:91.9.1-1.0.1.el9_0
C Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	<0:91.9.1-1.0.1.el9_0
H CVE-2022-29913	<0:91.9.0-3.0.1.el9_0
H CVE-2022-1520	<0:91.9.0-3.0.1.el9_0
H CVE-2022-29914	<0:91.9.0-3.0.1.el9_0
H Open Redirect	<0:91.9.0-3.0.1.el9_0
H CVE-2022-29916	<0:91.9.0-3.0.1.el9_0
H Out-of-bounds Write	<0:91.9.0-3.0.1.el9_0
H Improper Restriction of Rendered UI Layers or Frames	<0:91.9.0-3.0.1.el9_0
H Incorrect Default Permissions	<0:91.9.0-3.0.1.el9_0