Homepage

thunderbird vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the thunderbird package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • H
CVE-2024-11699

<0:128.5.0-1.el8_10
  • H
CVE-2024-11697

<0:128.5.0-1.el8_10
  • H
CVE-2024-11696

<0:128.5.0-1.el8_10
  • H
CVE-2024-11695

<0:128.5.0-1.el8_10
  • H
CVE-2024-11694

<0:128.5.0-1.el8_10
  • H
CVE-2024-11692

<0:128.5.0-1.el8_10
  • H
CVE-2024-11159

<0:128.5.0-1.el8_10
  • M
Out-of-bounds Write

<0:128.4.0-1.el8_10
  • M
CVE-2024-10466

<0:128.4.0-1.el8_10
  • M
Authentication Bypass

<0:128.4.0-1.el8_10
  • M
Out-of-bounds Read

<0:128.4.0-1.el8_10
  • M
Information Exposure

<0:128.4.0-1.el8_10
  • M
Authentication Bypass

<0:128.4.0-1.el8_10
  • M
Cross-site Scripting (XSS)

<0:128.4.0-1.el8_10
  • M
CVE-2024-10460

<0:128.4.0-1.el8_10
  • M
Use After Free

<0:128.4.0-1.el8_10
  • M
CVE-2024-10458

<0:128.4.0-1.el8_10
  • H
CVE-2024-9403

<0:128.3.0-1.el8_10
  • H
CVE-2024-9402

<0:128.3.0-1.el8_10
  • H
CVE-2024-9401

<0:128.3.0-1.el8_10
  • H
CVE-2024-9400

<0:128.3.0-1.el8_10
  • H
CVE-2024-9399

<0:128.3.0-1.el8_10
  • H
CVE-2024-9398

<0:128.3.0-1.el8_10
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:128.3.0-1.el8_10
  • H
CVE-2024-9396

<0:128.3.0-1.el8_10
  • H
CVE-2024-9394

<0:128.3.0-1.el8_10
  • H
CVE-2024-9393

<0:128.3.0-1.el8_10
  • H
CVE-2024-9392

<0:128.3.0-1.el8_10
  • H
Use After Free

<0:128.3.1-1.el8_10
  • H
Use After Free

<0:128.2.0-1.el8_10
  • H
Out-of-bounds Write

<0:128.2.0-1.el8_10
  • H
Open Redirect

<0:128.2.0-1.el8_10
  • H
Access of Resource Using Incompatible Type ('Type Confusion')

<0:128.2.0-1.el8_10
  • H
Out-of-bounds Write

<0:128.2.0-1.el8_10
  • H
CVE-2024-8382

<0:128.2.0-1.el8_10
  • H
Access of Resource Using Incompatible Type ('Type Confusion')

<0:128.2.0-1.el8_10
  • H
CVE-2024-7652

<0:128.2.0-1.el8_10
  • H
CVE-2024-6604

<0:115.13.0-3.el8_10
  • H
CVE-2024-6603

<0:115.13.0-3.el8_10
  • H
CVE-2024-6601

<0:115.13.0-3.el8_10
  • H
CVE-2024-5702

<0:115.12.1-1.el8_10
  • H
CVE-2024-5700

<0:115.12.1-1.el8_10
  • H
CVE-2024-5696

<0:115.12.1-1.el8_10
  • H
CVE-2024-5693

<0:115.12.1-1.el8_10
  • H
CVE-2024-5691

<0:115.12.1-1.el8_10
  • H
Information Exposure

<0:115.12.1-1.el8_10
  • H
CVE-2024-5688

<0:115.12.1-1.el8_10
  • M
CVE-2024-4777

<0:115.11.0-1.el8_10
  • M
CVE-2024-4770

<0:115.11.0-1.el8_10
  • M
CVE-2024-4769

<0:115.11.0-1.el8_10
  • M
CVE-2024-4768

<0:115.11.0-1.el8_10
  • M
CVE-2024-4767

<0:115.11.0-1.el8_10
  • M
CVE-2024-4367

<0:115.11.0-1.el8_10
  • L
CVE-2024-3302

<0:115.10.0-2.el8_9
  • M
CVE-2024-2614

<0:115.9.0-1.el8_9
  • M
CVE-2024-2612

<0:115.9.0-1.el8_9
  • M
CVE-2024-2611

<0:115.9.0-1.el8_9
  • M
CVE-2024-2610

<0:115.9.0-1.el8_9
  • M
CVE-2024-2608

<0:115.9.0-1.el8_9
  • M
CVE-2024-2607

<0:115.9.0-1.el8_9
  • M
CVE-2024-1936

<0:115.9.0-1.el8_9
  • M
Unchecked Return Value

<0:115.9.0-1.el8_9
  • M
CVE-2023-5388

<0:115.9.0-1.el8_9
  • H
CVE-2024-0755

<0:115.7.0-1.el8_9
  • H
CVE-2024-0753

<0:115.7.0-1.el8_9
  • H
Improper Privilege Management

<0:115.7.0-1.el8_9
  • H
CVE-2024-0750

<0:115.7.0-1.el8_9
  • H
Origin Validation Error

<0:115.7.0-1.el8_9
  • H
CVE-2024-0747

<0:115.7.0-1.el8_9
  • H
CVE-2024-0746

<0:115.7.0-1.el8_9
  • H
CVE-2024-0742

<0:115.7.0-1.el8_9
  • H
Out-of-bounds Write

<0:115.7.0-1.el8_9
  • H
Out-of-bounds Write

<0:115.6.0-1.el8_9
  • H
CVE-2023-6863

<0:115.6.0-1.el8_9
  • H
Use After Free

<0:115.6.0-1.el8_9
  • H
Out-of-bounds Write

<0:115.6.0-1.el8_9
  • H
CVE-2023-6860

<0:115.6.0-1.el8_9
  • H
Use After Free

<0:115.6.0-1.el8_9
  • H
Out-of-bounds Write

<0:115.6.0-1.el8_9
  • H
Race Condition

<0:115.6.0-1.el8_9
  • H
Out-of-bounds Write

<0:115.6.0-1.el8_9
  • H
CVE-2023-50762

<0:115.6.0-1.el8_9
  • H
CVE-2023-50761

<0:115.6.0-1.el8_9
  • H
Out-of-bounds Write

<0:115.5.0-1.el8_9
  • H
Directory Traversal

<0:115.5.0-1.el8_9
  • H
CVE-2023-6208

<0:115.5.0-1.el8_9
  • H
Use After Free

<0:115.5.0-1.el8_9
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:115.5.0-1.el8_9
  • H
Use After Free

<0:115.5.0-1.el8_9
  • H
Out-of-bounds Read

<0:115.5.0-1.el8_9
  • H
Out-of-bounds Write

<0:102.15.1-1.el8_8
  • H
Out-of-bounds Write

<0:102.15.0-1.el8_8
  • H
Out-of-bounds Write

<0:102.15.0-1.el8_8
  • H
CVE-2023-4583

<0:102.15.0-1.el8_8
  • H
CVE-2023-4581

<0:102.15.0-1.el8_8
  • H
Missing Encryption of Sensitive Data

<0:102.15.0-1.el8_8
  • H
Allocation of Resources Without Limits or Throttling

<0:102.15.0-1.el8_8
  • H
CVE-2023-4577

<0:102.15.0-1.el8_8
  • H
Use After Free

<0:102.15.0-1.el8_8
  • H
Use After Free

<0:102.15.0-1.el8_8
  • H
Use After Free

<0:102.15.0-1.el8_8
  • H
Link Following

<0:102.15.0-1.el8_8
  • H
CVE-2023-4051

<0:102.15.0-1.el8_8
  • H
Out-of-bounds Write

<0:115.3.1-1.el8_8
  • H
Out-of-bounds Write

<0:115.3.1-1.el8_8
  • H
Use After Free

<0:115.3.1-1.el8_8
  • H
Out-of-bounds Write

<0:115.3.1-1.el8_8
  • H
Use After Free

<0:115.3.1-1.el8_8
  • H
Out-of-bounds Write

<0:102.15.1-1.el8_8
  • H
Out-of-bounds Write

<0:102.14.0-1.el8_8
  • H
Out-of-bounds Write

<0:102.14.0-1.el8_8
  • H
CVE-2023-4055

<0:102.14.0-1.el8_8
  • H
Out-of-bounds Write

<0:102.14.0-1.el8_8
  • H
Race Condition

<0:102.14.0-1.el8_8
  • H
Out-of-bounds Read

<0:102.14.0-1.el8_8
  • H
CVE-2023-4047

<0:102.14.0-1.el8_8
  • H
CVE-2023-4046

<0:102.14.0-1.el8_8
  • H
Origin Validation Error

<0:102.14.0-1.el8_8
  • H
CVE-2023-3417

<0:102.14.0-1.el8_8
  • H
Out-of-bounds Write

<0:102.13.0-2.el8_8
  • H
CVE-2023-37208

<0:102.13.0-2.el8_8
  • H
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

<0:102.13.0-2.el8_8
  • H
Use After Free

<0:102.13.0-2.el8_8
  • H
Use After Free

<0:102.13.0-2.el8_8
  • H
Out-of-bounds Write

<0:102.12.0-1.el8_8
  • H
Improper Certificate Validation

<0:102.12.0-1.el8_8
  • H
Out-of-bounds Write

<0:102.11.0-1.el8_7
  • H
Use of Uninitialized Resource

<0:102.11.0-1.el8_7
  • H
CVE-2023-32212

<0:102.11.0-1.el8_7
  • H
CVE-2023-32211

<0:102.11.0-1.el8_7
  • H
Authentication Bypass

<0:102.11.0-1.el8_7
  • H
Out-of-bounds Read

<0:102.11.0-1.el8_7
  • H
CVE-2023-32205

<0:102.11.0-1.el8_7
  • H
CVE-2023-29550

<0:102.10.0-2.el8_7
  • H
CVE-2023-29548

<0:102.10.0-2.el8_7
  • H
Improper Encoding or Escaping of Output

<0:102.10.0-2.el8_7
  • H
NULL Pointer Dereference

<0:102.10.0-2.el8_7
  • H
Use After Free

<0:102.10.0-2.el8_7
  • H
CVE-2023-29535

<0:102.10.0-2.el8_7
  • H
CVE-2023-29533

<0:102.10.0-2.el8_7
  • H
Resource Exhaustion

<0:102.10.0-2.el8_7
  • H
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<0:102.10.0-2.el8_7
  • H
Out-of-bounds Write

<0:102.10.0-2.el8_7
  • H
Improper Certificate Validation

<0:102.10.0-2.el8_7
  • H
Out-of-bounds Write

<0:102.9.0-1.el8_7
  • H
CVE-2023-28164

<0:102.9.0-1.el8_7
  • H
Incorrect Type Conversion or Cast

<0:102.9.0-1.el8_7
  • H
CVE-2023-25752

<0:102.9.0-1.el8_7
  • H
CVE-2023-25751

<0:102.9.0-1.el8_7
  • H
Resource Exhaustion

<0:102.8.0-2.el8_7
  • H
Out-of-bounds Write

<0:102.8.0-2.el8_7
  • H
Out-of-bounds Write

<0:102.8.0-2.el8_7
  • H
Authentication Bypass

<0:102.8.0-2.el8_7
  • H
CVE-2023-25742

<0:102.8.0-2.el8_7
  • H
Use After Free

<0:102.8.0-2.el8_7
  • H
CVE-2023-25737

<0:102.8.0-2.el8_7
  • H
Use After Free

<0:102.8.0-2.el8_7
  • H
Out-of-bounds Write

<0:102.8.0-2.el8_7
  • H
CVE-2023-25730

<0:102.8.0-2.el8_7
  • H
CVE-2023-25729

<0:102.8.0-2.el8_7
  • H
CVE-2023-25728

<0:102.8.0-2.el8_7
  • H
CVE-2023-0767

<0:102.8.0-2.el8_7
  • H
Improper Certificate Validation

<0:102.7.1-2.el8_7
  • H
Out-of-bounds Write

<0:78.11.0-1.el8_4
  • H
CVE-2021-29957

<0:78.11.0-1.el8_4
  • H
Cleartext Storage of Sensitive Information

<0:78.11.0-1.el8_4
  • H
Out-of-bounds Write

<0:91.3.0-2.el8
  • H
Out-of-bounds Write

<0:78.12.0-3.el8_4
  • H
Out-of-bounds Write

<0:78.12.0-3.el8_4
  • H
Use After Free

<0:78.12.0-3.el8_4
  • H
Files or Directories Accessible to External Parties

<0:78.12.0-3.el8_4
  • H
Out-of-bounds Write

<0:78.14.0-1.el8_4
  • H
CVE-2021-38502

<0:91.2.0-1.el8_4
  • H
Out-of-bounds Write

<0:78.13.0-1.el8
  • H
Out-of-bounds Read

<0:78.13.0-1.el8
  • H
Race Condition

<0:78.13.0-1.el8
  • H
Use After Free

<0:78.13.0-1.el8
  • H
Out-of-bounds Write

<0:78.13.0-1.el8
  • H
Missing Initialization of Resource

<0:78.13.0-1.el8
  • H
CVE-2021-38501

<0:91.2.0-1.el8_4
  • H
CVE-2021-38500

<0:91.2.0-1.el8_4
  • H
Use After Free

<0:91.2.0-1.el8_4
  • H
Origin Validation Error

<0:91.2.0-1.el8_4
  • H
Use After Free

<0:91.2.0-1.el8_4
  • H
Race Condition

<0:91.2.0-1.el8_4
  • H
Use After Free

<0:91.3.0-2.el8
  • H
Out-of-bounds Write

<0:91.3.0-2.el8
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:91.3.0-2.el8
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:91.3.0-2.el8
  • H
Origin Validation Error

<0:91.3.0-2.el8
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:91.3.0-2.el8
  • H
Use After Free

<0:91.3.0-2.el8
  • H
Incorrect Authorization

<0:91.3.0-2.el8
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:91.4.0-2.el8_5
  • H
Excessive Iteration

<0:91.4.0-2.el8_5
  • H
Cross-site Scripting (XSS)

<0:91.4.0-2.el8_5
  • H
Information Exposure

<0:91.4.0-2.el8_5
  • H
CVE-2021-43541

<0:91.4.0-2.el8_5
  • H
Use After Free

<0:91.4.0-2.el8_5
  • H
Race Condition

<0:91.4.0-2.el8_5
  • H
Incorrect Type Conversion or Cast

<0:91.4.0-2.el8_5
  • H
Information Exposure

<0:91.4.0-2.el8_5
  • H
Improper Privilege Management

<0:91.4.0-2.el8_5
  • H
Out-of-bounds Write

<0:91.4.0-2.el8_5
  • H
Out-of-bounds Write

<0:91.5.0-1.el8_5
  • H
CVE-2022-22748

<0:91.5.0-1.el8_5
  • H
Improper Certificate Validation

<0:91.5.0-1.el8_5
  • H
CVE-2022-22745

<0:91.5.0-1.el8_5
  • H
CVE-2022-22743

<0:91.5.0-1.el8_5
  • H
Out-of-bounds Read

<0:91.5.0-1.el8_5
  • H
CVE-2022-22741

<0:91.5.0-1.el8_5
  • H
Use After Free

<0:91.5.0-1.el8_5
  • H
CVE-2022-22739

<0:91.5.0-1.el8_5
  • H
Out-of-bounds Write

<0:91.5.0-1.el8_5
  • H
Race Condition

<0:91.5.0-1.el8_5
  • H
XML Injection

<0:91.5.0-1.el8_5
  • H
Out-of-bounds Write

<0:91.6.0-1.el8_5
  • H
CVE-2022-22763

<0:91.6.0-1.el8_5
  • H
CVE-2022-22761

<0:91.6.0-1.el8_5
  • H
Information Exposure

<0:91.6.0-1.el8_5
  • H
CVE-2022-22759

<0:91.6.0-1.el8_5
  • H
CVE-2022-22756

<0:91.6.0-1.el8_5
  • H
Incorrect Authorization

<0:91.6.0-1.el8_5
  • H
Improper Certificate Validation

<0:91.8.0-1.el8_5
  • H
Use After Free

<0:91.7.0-2.el8_5
  • H
Use After Free

<0:91.7.0-2.el8_5
  • H
Time-of-check Time-of-use (TOCTOU)

<0:91.7.0-2.el8_5
  • H
CVE-2022-26386

<0:91.7.0-2.el8_5
  • H
CVE-2022-26384

<0:91.7.0-2.el8_5
  • H
CVE-2022-26383

<0:91.7.0-2.el8_5
  • H
Use After Free

<0:91.7.0-2.el8_5
  • H
Integer Overflow or Wraparound

<0:91.7.0-2.el8_5
  • H
Exposure of Resource to Wrong Sphere

<0:91.7.0-2.el8_5
  • H
Improper Encoding or Escaping of Output

<0:91.7.0-2.el8_5
  • H
Out-of-bounds Write

<0:91.7.0-2.el8_5
  • H
Out-of-bounds Write

<0:91.8.0-1.el8_5
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:91.8.0-1.el8_5
  • H
Out-of-bounds Read

<0:91.8.0-1.el8_5
  • H
Use After Free

<0:91.8.0-1.el8_5
  • H
Out-of-bounds Write

<0:91.8.0-1.el8_5
  • H
Inefficient Regular Expression Complexity

<0:91.8.0-1.el8_5
  • H
Use After Free

<0:91.8.0-1.el8_5
  • H
Use After Free

<0:91.8.0-1.el8_5
  • H
Out-of-bounds Write

<0:102.7.1-1.el8_7
  • H
CVE-2023-23603

<0:102.7.1-1.el8_7
  • H
Improper Check for Unusual or Exceptional Conditions

<0:102.7.1-1.el8_7
  • H
Origin Validation Error

<0:102.7.1-1.el8_7
  • H
Improper Encoding or Escaping of Output

<0:102.7.1-1.el8_7
  • H
CVE-2023-23598

<0:102.7.1-1.el8_7
  • H
CVE-2022-46877

<0:102.7.1-1.el8_7
  • H
CVE-2022-46871

<0:102.7.1-1.el8_7
  • H
Use After Free

<0:102.6.0-2.el8_7
  • H
Out-of-bounds Write

<0:102.6.0-2.el8_7
  • H
Use After Free

<0:102.6.0-2.el8_7
  • H
Out-of-bounds Write

<0:102.6.0-2.el8_7
  • H
CVE-2022-46874

<0:102.6.0-2.el8_7
  • H
CVE-2022-46872

<0:102.6.0-2.el8_7
  • H
CVE-2022-45414

<0:102.6.0-2.el8_7
  • H
Out-of-bounds Write

<0:91.9.0-3.el8_5
  • H
CVE-2022-29916

<0:91.9.0-3.el8_5
  • H
CVE-2022-29914

<0:91.9.0-3.el8_5
  • H
CVE-2022-29913

<0:91.9.0-3.el8_5
  • H
Open Redirect

<0:91.9.0-3.el8_5
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:91.9.0-3.el8_5
  • H
Incorrect Default Permissions

<0:91.9.0-3.el8_5
  • H
CVE-2022-1520

<0:91.9.0-3.el8_5
  • H
Out-of-bounds Write

<0:102.3.0-3.el8_6
  • H
Use After Free

<0:102.3.0-3.el8_6
  • H
Insecure Storage of Sensitive Information

<0:102.3.0-3.el8_6
  • H
Arbitrary Code Injection

<0:102.3.0-3.el8_6
  • H
CVE-2022-40957

<0:102.3.0-3.el8_6
  • H
Cross-site Scripting (XSS)

<0:102.3.0-3.el8_6
  • H
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<0:102.3.0-3.el8_6
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:102.3.0-3.el8_6
  • H
Cross-site Scripting (XSS)

<0:102.3.0-3.el8_6
  • H
Externally Controlled Reference to a Resource in Another Sphere

<0:102.3.0-3.el8_6
  • C
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<0:91.9.1-1.el8_6
  • C
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<0:91.9.1-1.el8_6
  • H
Out-of-bounds Read

<0:91.10.0-1.el8_6
  • H
CVE-2022-31742

<0:91.10.0-1.el8_6
  • H
Use of Uninitialized Resource

<0:91.10.0-1.el8_6
  • H
CVE-2022-31740

<0:91.10.0-1.el8_6
  • H
Authentication Bypass

<0:91.10.0-1.el8_6
  • H
Out-of-bounds Write

<0:91.10.0-1.el8_6
  • H
CVE-2022-31736

<0:91.10.0-1.el8_6
  • H
Improper Certificate Validation

<0:91.10.0-1.el8_6
  • H
Improper Authentication

<0:102.4.0-1.el8_6.0.1
  • H
Improper Authentication

<0:102.4.0-1.el8_6.0.1
  • H
Improper Authentication

<0:102.4.0-1.el8_6.0.1
  • H
CVE-2022-39236

<0:102.4.0-1.el8_6.0.1
  • H
Out-of-bounds Write

<0:102.4.0-1.el8_6.0.1
  • H
CVE-2022-42929

<0:102.4.0-1.el8_6.0.1
  • H
NULL Pointer Dereference

<0:102.4.0-1.el8_6.0.1
  • H
Origin Validation Error

<0:102.4.0-1.el8_6.0.1
  • H
Out-of-bounds Write

<0:102.5.0-2.el8_7
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:102.5.0-2.el8_7
  • H
Improper Restriction of Rendered UI Layers or Frames

<0:102.5.0-2.el8_7
  • H
Information Exposure

<0:102.5.0-2.el8_7
  • H
Link Following

<0:102.5.0-2.el8_7
  • H
Cross-site Scripting (XSS)

<0:102.5.0-2.el8_7
  • H
CVE-2022-45410

<0:102.5.0-2.el8_7
  • H
Use After Free

<0:102.5.0-2.el8_7
  • H
CVE-2022-45408

<0:102.5.0-2.el8_7
  • H
Use After Free

<0:102.5.0-2.el8_7
  • H
Use After Free

<0:102.5.0-2.el8_7
  • H
CVE-2022-45404

<0:102.5.0-2.el8_7
  • H
Information Exposure

<0:102.5.0-2.el8_7
  • H
CVE-2022-36319

<0:91.12.0-1.el8_6
  • H
Race Condition

<0:91.12.0-1.el8_6
  • H
Out-of-bounds Write

<0:91.12.0-1.el8_6
  • H
Out-of-bounds Write

<0:91.13.0-1.el8_6
  • H
Out-of-bounds Write

<0:91.13.0-1.el8_6
  • H
Use After Free

<0:91.13.0-1.el8_6
  • H
Improper Preservation of Permissions

<0:91.13.0-1.el8_6
  • H
Origin Validation Error

<0:91.13.0-1.el8_6
  • H
Use After Free

<0:102.3.0-4.el8_6
  • H
Use After Free

<0:91.11.0-2.el8_6
  • H
Integer Overflow or Wraparound

<0:91.11.0-2.el8_6
  • H
CVE-2022-34479

<0:91.11.0-2.el8_6
  • H
CVE-2022-34472

<0:91.11.0-2.el8_6
  • H
Use After Free

<0:91.11.0-2.el8_6
  • H
CVE-2022-34468

<0:91.11.0-2.el8_6
  • H
Cross-site Scripting (XSS)

<0:91.11.0-2.el8_6
  • H
Authentication Bypass

<0:91.11.0-2.el8_6
  • H
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<0:91.11.0-2.el8_6