thunderbird vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the thunderbird package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
M Authentication Bypass	<1:91.11.0+build2-0ubuntu0.21.10.1
L Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	<1:91.11.0+build2-0ubuntu0.21.10.1
L CVE-2022-34472	<1:91.11.0+build2-0ubuntu0.21.10.1
L CVE-2022-34468	<1:91.11.0+build2-0ubuntu0.21.10.1
L Use After Free	<1:91.11.0+build2-0ubuntu0.21.10.1
L CVE-2022-34479	<1:91.11.0+build2-0ubuntu0.21.10.1
L Integer Overflow or Wraparound	<1:91.11.0+build2-0ubuntu0.21.10.1
L Use After Free	<1:91.11.0+build2-0ubuntu0.21.10.1
L CVE-2022-31742	<1:91.11.0+build2-0ubuntu0.21.10.1
L Use After Free	*
L Authentication Bypass	<1:91.11.0+build2-0ubuntu0.21.10.1
M Improper Certificate Validation	<1:91.11.0+build2-0ubuntu0.21.10.1
L Cross-site Scripting (XSS)	<1:91.11.0+build2-0ubuntu0.21.10.1
L Out-of-bounds Read	<1:91.11.0+build2-0ubuntu0.21.10.1
L Use of Uninitialized Resource	<1:91.11.0+build2-0ubuntu0.21.10.1
L CVE-2022-31740	<1:91.11.0+build2-0ubuntu0.21.10.1
L Out-of-bounds Write	<1:91.11.0+build2-0ubuntu0.21.10.1
L CVE-2022-31736	<1:91.11.0+build2-0ubuntu0.21.10.1
L Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	<1:91.9.1+build1-0ubuntu0.21.10.1
L Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	<1:91.9.1+build1-0ubuntu0.21.10.1
L CVE-2022-1520	<1:91.9.1+build1-0ubuntu0.21.10.1
L Improper Restriction of Rendered UI Layers or Frames	<1:91.9.1+build1-0ubuntu0.21.10.1
M CVE-2022-29913	<1:91.9.1+build1-0ubuntu0.21.10.1
L CVE-2022-29914	<1:91.9.1+build1-0ubuntu0.21.10.1
L CVE-2022-29916	<1:91.9.1+build1-0ubuntu0.21.10.1
L Open Redirect	<1:91.9.1+build1-0ubuntu0.21.10.1
L Incorrect Default Permissions	<1:91.9.1+build1-0ubuntu0.21.10.1
L Out-of-bounds Write	<1:91.9.1+build1-0ubuntu0.21.10.1
L Out-of-bounds Write	<1:91.8.1+build1-0ubuntu0.21.10.1
M Improper Certificate Validation	<1:91.8.1+build1-0ubuntu0.21.10.1
L Use After Free	<1:91.8.1+build1-0ubuntu0.21.10.1
L Out-of-bounds Read	<1:91.8.1+build1-0ubuntu0.21.10.1
L Improper Restriction of Rendered UI Layers or Frames	<1:91.8.1+build1-0ubuntu0.21.10.1
L Use After Free	<1:91.8.1+build1-0ubuntu0.21.10.1
L Out-of-bounds Write	<1:91.8.1+build1-0ubuntu0.21.10.1
L Use After Free	<1:91.8.1+build1-0ubuntu0.21.10.1
L Use After Free	*
M Inefficient Regular Expression Complexity	<1:91.8.1+build1-0ubuntu0.21.10.1
L Use After Free	<1:91.7.0+build2-0ubuntu0.21.10.1
L CVE-2022-26386	<1:91.7.0+build2-0ubuntu0.21.10.1
L CVE-2022-26383	<1:91.7.0+build2-0ubuntu0.21.10.1
L CVE-2022-26384	<1:91.7.0+build2-0ubuntu0.21.10.1
L Time-of-check Time-of-use (TOCTOU)	<1:91.7.0+build2-0ubuntu0.21.10.1
L Uncontrolled Recursion	*
L Integer Overflow or Wraparound	*
M Out-of-bounds Write	<1:91.7.0+build2-0ubuntu0.21.10.1
L Integer Overflow or Wraparound	*
L Improper Encoding or Escaping of Output	*
L Exposure of Resource to Wrong Sphere	*
L CVE-2022-22763	<1:91.7.0+build2-0ubuntu0.21.10.1
L CVE-2022-22756	<1:91.7.0+build2-0ubuntu0.21.10.1
L Incorrect Authorization	<1:91.7.0+build2-0ubuntu0.21.10.1
L Out-of-bounds Write	<1:91.7.0+build2-0ubuntu0.21.10.1
L CVE-2022-22759	<1:91.7.0+build2-0ubuntu0.21.10.1
L Information Exposure	<1:91.7.0+build2-0ubuntu0.21.10.1
L CVE-2022-22761	<1:91.7.0+build2-0ubuntu0.21.10.1
L Integer Overflow or Wraparound	*
L Integer Overflow or Wraparound	*
L Out-of-bounds Write	<1:91.5.0+build1-0ubuntu0.21.10.1
L Out-of-bounds Read	<1:91.5.0+build1-0ubuntu0.21.10.1
L CVE-2022-22748	<1:91.5.0+build1-0ubuntu0.21.10.1
L Race Condition	<1:91.5.0+build1-0ubuntu0.21.10.1
L CVE-2022-22743	<1:91.5.0+build1-0ubuntu0.21.10.1
L CVE-2022-22745	<1:91.5.0+build1-0ubuntu0.21.10.1
L Use After Free	<1:91.5.0+build1-0ubuntu0.21.10.1
L Out-of-bounds Write	<1:91.5.0+build1-0ubuntu0.21.10.1
L CVE-2022-22741	<1:91.5.0+build1-0ubuntu0.21.10.1
L Out-of-bounds Write	<1:91.5.0+build1-0ubuntu0.21.10.1
L CVE-2022-22739	<1:91.5.0+build1-0ubuntu0.21.10.1
L Improper Certificate Validation	<1:91.5.0+build1-0ubuntu0.21.10.1
L XML Injection	<1:91.5.0+build1-0ubuntu0.21.10.1
M CVE-2021-4126	<1:91.5.0+build1-0ubuntu0.21.10.1
M Out-of-Bounds	<1:91.5.0+build1-0ubuntu0.21.10.1
L Excessive Iteration	<1:91.5.0+build1-0ubuntu0.21.10.1
L Improper Restriction of Rendered UI Layers or Frames	<1:91.5.0+build1-0ubuntu0.21.10.1
L CVE-2021-43541	<1:91.5.0+build1-0ubuntu0.21.10.1
L Information Exposure	<1:91.5.0+build1-0ubuntu0.21.10.1
L Use After Free	<1:91.5.0+build1-0ubuntu0.21.10.1
L Incorrect Type Conversion or Cast	<1:91.5.0+build1-0ubuntu0.21.10.1
L Race Condition	<1:91.5.0+build1-0ubuntu0.21.10.1
L Improper Privilege Management	<1:91.5.0+build1-0ubuntu0.21.10.1
L Information Exposure	<1:91.5.0+build1-0ubuntu0.21.10.1
L Cross-site Scripting (XSS)	<1:91.5.0+build1-0ubuntu0.21.10.1
H Out-of-bounds Write	<1:91.3.1+build1-0ubuntu0.21.10.2
L Improper Restriction of Rendered UI Layers or Frames	<1:91.3.1+build1-0ubuntu0.21.10.1
L Origin Validation Error	<1:91.3.1+build1-0ubuntu0.21.10.1
L Use After Free	<1:91.3.1+build1-0ubuntu0.21.10.1
L Improper Restriction of Rendered UI Layers or Frames	<1:91.3.1+build1-0ubuntu0.21.10.1
L Improper Restriction of Rendered UI Layers or Frames	<1:91.3.1+build1-0ubuntu0.21.10.1
L Incorrect Authorization	<1:91.3.1+build1-0ubuntu0.21.10.1
M CVE-2021-38502	<1:91.3.1+build1-0ubuntu0.21.10.1
L CVE-2021-38500	<1:91.2.1+build1-0ubuntu0.21.10.1
L Origin Validation Error	<1:91.2.1+build1-0ubuntu0.21.10.1
L Use After Free	<1:91.2.1+build1-0ubuntu0.21.10.1
L Use After Free	<1:91.2.1+build1-0ubuntu0.21.10.1
L CVE-2021-38501	<1:91.2.1+build1-0ubuntu0.21.10.1
L CVE-2021-29984	<1:78.13.0+build1-0ubuntu2
L Interpretation Conflict	<1:78.13.0+build1-0ubuntu2
L Out-of-Bounds	<1:78.13.0+build1-0ubuntu2
L Missing Initialization of Resource	<1:78.13.0+build1-0ubuntu2
L Race Condition	<1:78.13.0+build1-0ubuntu2
L Use After Free	<1:78.13.0+build1-0ubuntu2
L Use After Free	<1:78.12.0+build2-0ubuntu1
L Out-of-bounds Write	<1:78.12.0+build2-0ubuntu1
M Files or Directories Accessible to External Parties	<1:78.12.0+build2-0ubuntu1
M Cleartext Storage of Sensitive Information	<1:78.11.0+build1-0ubuntu2
M CVE-2021-29957	<1:78.11.0+build1-0ubuntu2
L Out-of-bounds Write	<1:78.12.0+build2-0ubuntu1
L Out-of-Bounds	<1:78.11.0+build1-0ubuntu2
M CVE-2021-23991	<1:78.11.0+build1-0ubuntu2
M Improper Verification of Cryptographic Signature	<1:78.11.0+build1-0ubuntu2
M Use of a Broken or Risky Cryptographic Algorithm	<1:78.11.0+build1-0ubuntu2
L Uncontrolled Search Path Element	<1:78.11.0+build1-0ubuntu2
L Race Condition	<1:78.11.0+build1-0ubuntu2
L Incorrect Calculation	<1:78.11.0+build1-0ubuntu2
L Integer Overflow or Wraparound	<1:78.11.0+build1-0ubuntu2
L Missing Initialization of Resource	<1:78.11.0+build1-0ubuntu2
L Operation on a Resource after Expiration or Release	<1:78.11.0+build1-0ubuntu2
L Insufficient Verification of Data Authenticity	<1:78.11.0+build1-0ubuntu2
L Arbitrary Argument Injection	<1:78.11.0+build1-0ubuntu2
L Improper Privilege Management	<1:78.11.0+build1-0ubuntu2
L Authentication Bypass	<1:78.11.0+build1-0ubuntu2
L Out-of-Bounds	<1:78.11.0+build1-0ubuntu2
L Out-of-Bounds	<1:78.11.0+build1-0ubuntu2
L Inadequate Encryption Strength	<1:78.11.0+build1-0ubuntu2
M Arbitrary Command Injection	<1:78.7.0+build2-0ubuntu1
L CVE-2021-23953	<1:78.7.0+build2-0ubuntu1
L Access of Resource Using Incompatible Type ('Type Confusion')	<1:78.7.0+build2-0ubuntu1
L CVE-2021-23960	<1:78.7.0+build2-0ubuntu1
L CVE-2021-23961	<1:78.11.0+build1-0ubuntu2
L Out-of-Bounds	<1:78.7.0+build2-0ubuntu1
L Use After Free	<1:78.6.1+build1-0ubuntu1
L CVE-2020-26973	<1:78.6.0+build1-0ubuntu1
L Out-of-bounds Write	<1:78.6.0+build1-0ubuntu1
L Out-of-bounds Write	<1:78.6.0+build1-0ubuntu1
L CVE-2020-35111	<1:78.6.0+build1-0ubuntu1
L CVE-2020-26976	<1:78.8.0+build1-0ubuntu2
L CVE-2020-26978	<1:78.6.0+build1-0ubuntu1
L Out-of-bounds Write	<1:78.6.0+build1-0ubuntu1
L Information Exposure	<1:78.6.0+build1-0ubuntu1
M Out-of-bounds Write	<1:78.5.1+build1-0ubuntu1
L CVE-2020-16012	<1:78.5.0+build3-0ubuntu1
L Cross-site Scripting (XSS)	<1:78.5.0+build3-0ubuntu1
L Use After Free	<1:78.5.0+build3-0ubuntu1
M CVE-2020-26961	<1:78.5.0+build3-0ubuntu1
L Cross-site Scripting (XSS)	<1:78.5.0+build3-0ubuntu1
L Use After Free	<1:78.5.0+build3-0ubuntu1
L Cross-site Scripting (XSS)	<1:78.5.0+build3-0ubuntu1
L Improper Restriction of Rendered UI Layers or Frames	<1:78.5.0+build3-0ubuntu1
L Out-of-bounds Write	<1:78.5.0+build3-0ubuntu1
L Improper Cross-boundary Removal of Sensitive Data	<1:78.5.0+build3-0ubuntu1
L Use After Free	<1:78.4.3+build1-0ubuntu1
L CVE-2020-15683	<1:78.4.3+build1-0ubuntu1
L Use After Free	<1:78.4.3+build1-0ubuntu1
L Out-of-bounds Read	<1:68.10.0+build1-0ubuntu1
L Out-of-Bounds	<1:68.10.0+build1-0ubuntu1
L Use After Free	<1:68.10.0+build1-0ubuntu1
L Improper Certificate Validation	<1:68.10.0+build1-0ubuntu1
L Use After Free	<1:68.10.0+build1-0ubuntu1
L Out-of-Bounds	<1:68.9.0+build1-0ubuntu1
L Insufficient Verification of Data Authenticity	<1:68.9.0+build1-0ubuntu1
L Use After Free	<1:68.9.0+build1-0ubuntu1
L Race Condition	<1:68.8.0+build2-0ubuntu1
L Buffer Overflow	<1:68.8.0+build2-0ubuntu1
L Information Exposure	<1:68.8.0+build2-0ubuntu1
L Out-of-Bounds	<1:68.8.0+build2-0ubuntu1
L Out-of-Bounds	<1:68.7.0+build1-0ubuntu1
L Out-of-Bounds	<1:68.7.0+build1-0ubuntu1
M Out-of-bounds Write	<1:68.7.0+build1-0ubuntu1
L Information Exposure	<1:68.6.0+build2-0ubuntu1
L Use After Free	<1:68.6.0+build2-0ubuntu1
L Use After Free	<1:68.6.0+build2-0ubuntu1
L Arbitrary Code Injection	<1:68.6.0+build2-0ubuntu1
L Out-of-bounds Read	<1:68.6.0+build2-0ubuntu1
L Out-of-Bounds	<1:68.6.0+build2-0ubuntu1
M Out-of-bounds Read	<1:68.6.0+build2-0ubuntu1
L Cross-site Scripting (XSS)	<1:68.5.0+build1-0ubuntu1
L Out-of-Bounds	<1:68.5.0+build1-0ubuntu1
L Access of Resource Using Incompatible Type ('Type Confusion')	<1:68.4.1+build1-0ubuntu1
L Buffer Overflow	<1:68.4.1+build1-0ubuntu1
L Cross-site Scripting (XSS)	<1:68.4.1+build1-0ubuntu1
L Cross-site Scripting (XSS)	<1:68.4.1+build1-0ubuntu1
L Access of Resource Using Incompatible Type ('Type Confusion')	<1:68.4.1+build1-0ubuntu1
L Use After Free	<1:68.3.0+build2-0ubuntu1
L Use After Free	<1:68.3.0+build2-0ubuntu1
L Use After Free	<1:68.3.0+build2-0ubuntu1
L Buffer Overflow	<1:68.3.0+build2-0ubuntu1
L Buffer Overflow	<1:68.3.0+build2-0ubuntu1
L Origin Validation Error	<1:68.2.0+build1.1-0ubuntu1
L Race Condition	<1:68.2.0+build1.1-0ubuntu1
L Cross-site Scripting (XSS)	<1:68.2.0+build1.1-0ubuntu1
L Use After Free	<1:68.2.0+build1.1-0ubuntu1
L Out-of-bounds Write	<1:68.2.0+build1.1-0ubuntu1
L Use After Free	<1:68.2.0+build1.1-0ubuntu1
L Buffer Overflow	<1:68.2.0+build1.1-0ubuntu1
M Out-of-bounds Read	<1:68.2.0+build1.1-0ubuntu1
L Information Exposure	<1:68.1.0+build3-0ubuntu1
L Out-of-Bounds	<1:68.1.0+build3-0ubuntu1
L Use After Free	<1:68.1.0+build3-0ubuntu1
L Use After Free	<1:68.1.0+build3-0ubuntu1
L Inclusion of Functionality from Untrusted Control Sphere	<1:68.1.0+build3-0ubuntu1
L Cross-site Scripting (XSS)	<1:68.1.0+build3-0ubuntu1
L Arbitrary Code Injection	<60.8.0+build1-0ubuntu1
L Out-of-Bounds	<60.8.0+build1-0ubuntu1
L Use After Free	<60.8.0+build1-0ubuntu1
L Cross-site Request Forgery (CSRF)	<60.8.0+build1-0ubuntu1
L Cross-site Scripting (XSS)	<60.8.0+build1-0ubuntu1
L CVE-2019-11730	<60.8.0+build1-0ubuntu1
L Improper Encoding or Escaping of Output	<60.8.0+build1-0ubuntu1
L Out-of-bounds Read	<60.8.0+build1-0ubuntu1
L Out-of-Bounds	<60.8.0+build1-0ubuntu1
L CVE-2019-11711	<60.8.0+build1-0ubuntu1
L Access of Resource Using Incompatible Type ('Type Confusion')	<1:60.7.2+build1-0ubuntu1
L Access of Resource Using Incompatible Type ('Type Confusion')	<1:60.7.0+build1-0ubuntu3
L Origin Validation Error	<1:60.7.0+build1-0ubuntu3
L Out-of-Bounds	<1:60.7.0+build1-0ubuntu3
L Use After Free	<1:60.7.0+build1-0ubuntu3
L Use After Free	<1:60.7.0+build1-0ubuntu3
L Out-of-Bounds	<1:60.7.0+build1-0ubuntu3
L Improper Input Validation	<1:60.7.0+build1-0ubuntu3
L Use After Free	<1:60.7.0+build1-0ubuntu3
L Improper Input Validation	<1:60.7.0+build1-0ubuntu3
L Access of Resource Using Incompatible Type ('Type Confusion')	<60.6.1+build2-0ubuntu1
L Out-of-Bounds	<60.6.1+build2-0ubuntu1
L Out-of-Bounds	<60.6.1+build2-0ubuntu1
L Reachable Assertion	<60.6.1+build2-0ubuntu1
L Out-of-Bounds	<60.6.1+build2-0ubuntu1
L Out-of-Bounds	<60.6.1+build2-0ubuntu1
L Use After Free	<60.6.1+build2-0ubuntu1
L Use After Free	<60.6.1+build2-0ubuntu1
L Improper Input Validation	<60.6.1+build2-0ubuntu1
L Origin Validation Error	<1:60.7.0+build1-0ubuntu3
L Origin Validation Error	<1:60.2.1+build1-0ubuntu1
L Information Exposure	<1:60.7.0+build1-0ubuntu3
M Out-of-bounds Write	<1:60.5.1+build2-0ubuntu1
M Use After Free	<1:60.7.0+build1-0ubuntu3
L Out-of-Bounds	<1:60.5.1+build2-0ubuntu1
L Improper Authentication	<1:60.5.1+build2-0ubuntu1
M Use After Free	<1:60.5.1+build2-0ubuntu1
M CVE-2018-18506	<60.6.1+build2-0ubuntu1
L Out-of-Bounds	<1:60.4.0+build2-0ubuntu1
L Out-of-Bounds	<1:60.4.0+build2-0ubuntu1
L Out-of-bounds Write	<1:60.4.0+build2-0ubuntu1
L CVE-2018-12392	<1:60.4.0+build2-0ubuntu1
L Improper Input Validation	<1:60.4.0+build2-0ubuntu1
L Incorrect Type Conversion or Cast	<1:60.4.0+build2-0ubuntu1
L Out-of-Bounds	<1:60.2.1+build1-0ubuntu1
L Out-of-Bounds	<1:60.2.1+build1-0ubuntu1
L Out-of-Bounds	<1:60.2.1+build1-0ubuntu1
L Out-of-Bounds	<1:52.6.0+build1-0ubuntu1
L Improper Input Validation	<1:52.4.0+build1-0ubuntu2
L Out-of-Bounds	<1:52.7.0+build1-0ubuntu1
L Out-of-Bounds	<1:52.4.0+build1-0ubuntu2
L Out-of-Bounds	<1:52.7.0+build1-0ubuntu1
L Out-of-Bounds	<1:52.6.0+build1-0ubuntu1
L Use After Free	<1:52.4.0+build1-0ubuntu2
L Out-of-Bounds	<1:52.4.0+build1-0ubuntu2
L Out-of-Bounds	<1:52.2.1+build1-0ubuntu1
M CVE-2017-17689	<1:60.2.1+build1-0ubuntu1
L Use After Free	<1:60.5.1+build2-0ubuntu1