Homepage

thunderbird vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the thunderbird package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • L
Use After Free

<1:60.5.1+build2-0ubuntu1
  • M
CVE-2017-17689

<1:60.2.1+build1-0ubuntu1
  • L
Out-of-Bounds

<1:52.2.1+build1-0ubuntu1
  • L
Improper Input Validation

<1:52.4.0+build1-0ubuntu2
  • L
Use After Free

<1:52.4.0+build1-0ubuntu2
  • L
Out-of-Bounds

<1:52.4.0+build1-0ubuntu2
  • L
Out-of-Bounds

<1:52.4.0+build1-0ubuntu2
  • L
Out-of-Bounds

<1:52.6.0+build1-0ubuntu1
  • L
Improper Input Validation

<1:60.4.0+build2-0ubuntu1
  • L
Out-of-Bounds

<1:60.2.1+build1-0ubuntu1
  • L
Incorrect Type Conversion or Cast

<1:60.4.0+build2-0ubuntu1
  • L
Out-of-Bounds

<1:60.4.0+build2-0ubuntu1
  • L
CVE-2018-12392

<1:60.4.0+build2-0ubuntu1
  • L
Out-of-Bounds

<1:60.4.0+build2-0ubuntu1
  • L
Out-of-bounds Write

<1:60.4.0+build2-0ubuntu1
  • L
Origin Validation Error

<1:60.2.1+build1-0ubuntu1
  • M
Use After Free

<1:60.5.1+build2-0ubuntu1
  • L
Out-of-Bounds

<1:60.5.1+build2-0ubuntu1
  • L
Information Exposure

<1:60.7.0+build1-0ubuntu3
  • L
Improper Authentication

<1:60.5.1+build2-0ubuntu1
  • M
CVE-2018-18506

<60.6.1+build2-0ubuntu1
  • L
Out-of-Bounds

<1:52.7.0+build1-0ubuntu1
  • L
Out-of-Bounds

<1:60.2.1+build1-0ubuntu1
  • L
Out-of-Bounds

<1:52.6.0+build1-0ubuntu1
  • L
Out-of-Bounds

<1:52.7.0+build1-0ubuntu1
  • L
Out-of-Bounds

<1:60.2.1+build1-0ubuntu1
  • L
Out-of-Bounds

<1:60.7.0+build1-0ubuntu3
  • L
Use After Free

<1:60.7.0+build1-0ubuntu3
  • L
Use After Free

<1:60.7.0+build1-0ubuntu3
  • L
Out-of-Bounds

<60.8.0+build1-0ubuntu1
  • L
CVE-2019-11711

<60.8.0+build1-0ubuntu1
  • L
Access of Resource Using Incompatible Type ('Type Confusion')

<1:60.7.2+build1-0ubuntu1
  • L
Cross-site Request Forgery (CSRF)

<60.8.0+build1-0ubuntu1
  • L
Improper Input Validation

<1:60.7.0+build1-0ubuntu3
  • L
Out-of-bounds Read

<60.8.0+build1-0ubuntu1
  • L
Use After Free

<60.8.0+build1-0ubuntu1
  • L
Improper Encoding or Escaping of Output

<60.8.0+build1-0ubuntu1
  • L
Cross-site Scripting (XSS)

<60.8.0+build1-0ubuntu1
  • L
Out-of-Bounds

<60.8.0+build1-0ubuntu1
  • L
CVE-2019-11730

<60.8.0+build1-0ubuntu1
  • L
Inclusion of Functionality from Untrusted Control Sphere

<1:68.1.0+build3-0ubuntu1
  • L
Out-of-Bounds

<1:68.1.0+build3-0ubuntu1
  • L
Information Exposure

<1:68.1.0+build3-0ubuntu1
  • L
Use After Free

<1:68.1.0+build3-0ubuntu1
  • L
Cross-site Scripting (XSS)

<1:68.1.0+build3-0ubuntu1
  • L
Use After Free

<1:68.2.0+build1.1-0ubuntu1
  • L
Buffer Overflow

<1:68.2.0+build1.1-0ubuntu1
  • L
Out-of-bounds Write

<1:68.2.0+build1.1-0ubuntu1
  • L
Race Condition

<1:68.2.0+build1.1-0ubuntu1
  • L
Use After Free

<1:68.1.0+build3-0ubuntu1
  • L
Origin Validation Error

<1:68.2.0+build1.1-0ubuntu1
  • L
Cross-site Scripting (XSS)

<1:68.2.0+build1.1-0ubuntu1
  • L
Use After Free

<1:68.2.0+build1.1-0ubuntu1
  • M
Out-of-bounds Read

<1:68.2.0+build1.1-0ubuntu1
  • L
Use After Free

<1:68.3.0+build2-0ubuntu1
  • L
Buffer Overflow

<1:68.3.0+build2-0ubuntu1
  • L
Buffer Overflow

<1:68.3.0+build2-0ubuntu1
  • L
Use After Free

<1:68.3.0+build2-0ubuntu1
  • L
Use After Free

<1:68.3.0+build2-0ubuntu1
  • L
Cross-site Scripting (XSS)

<1:68.4.1+build1-0ubuntu1
  • L
Access of Resource Using Incompatible Type ('Type Confusion')

<1:68.4.1+build1-0ubuntu1
  • L
Cross-site Scripting (XSS)

<1:68.4.1+build1-0ubuntu1
  • L
Buffer Overflow

<1:68.4.1+build1-0ubuntu1
  • L
Access of Resource Using Incompatible Type ('Type Confusion')

<1:68.4.1+build1-0ubuntu1
  • M
Out-of-bounds Read

<1:68.6.0+build2-0ubuntu1
  • M
Out-of-bounds Write

<1:60.5.1+build2-0ubuntu1
  • M
Use After Free

<1:60.7.0+build1-0ubuntu3
  • L
Improper Input Validation

<60.6.1+build2-0ubuntu1
  • L
Out-of-Bounds

<60.6.1+build2-0ubuntu1
  • L
Out-of-Bounds

<60.6.1+build2-0ubuntu1
  • L
Use After Free

<60.6.1+build2-0ubuntu1
  • L
Origin Validation Error

<1:60.7.0+build1-0ubuntu3
  • L
Reachable Assertion

<60.6.1+build2-0ubuntu1
  • L
Out-of-Bounds

<60.6.1+build2-0ubuntu1
  • L
Use After Free

<60.6.1+build2-0ubuntu1
  • L
Out-of-Bounds

<1:60.7.0+build1-0ubuntu3
  • L
Arbitrary Code Injection

<60.8.0+build1-0ubuntu1
  • L
Out-of-Bounds

<60.6.1+build2-0ubuntu1
  • L
Improper Input Validation

<1:60.7.0+build1-0ubuntu3
  • L
Access of Resource Using Incompatible Type ('Type Confusion')

<60.6.1+build2-0ubuntu1
  • L
Use After Free

<1:60.7.0+build1-0ubuntu3
  • L
Access of Resource Using Incompatible Type ('Type Confusion')

<1:60.7.0+build1-0ubuntu3
  • L
Origin Validation Error

<1:60.7.0+build1-0ubuntu3
  • L
Information Exposure

<1:68.8.0+build2-0ubuntu1
  • L
Race Condition

<1:68.8.0+build2-0ubuntu1
  • L
Out-of-Bounds

<1:68.8.0+build2-0ubuntu1
  • L
Use After Free

<1:68.9.0+build1-0ubuntu1
  • L
Out-of-Bounds

<1:68.9.0+build1-0ubuntu1
  • L
Insufficient Verification of Data Authenticity

<1:68.9.0+build1-0ubuntu1
  • L
Out-of-bounds Read

<1:68.10.0+build1-0ubuntu1
  • L
Use After Free

<1:68.10.0+build1-0ubuntu1
  • L
Use After Free

<1:68.10.0+build1-0ubuntu1
  • L
Improper Certificate Validation

<1:68.10.0+build1-0ubuntu1
  • L
Out-of-Bounds

<1:68.10.0+build1-0ubuntu1
  • L
CVE-2020-15683

<1:78.4.3+build1-0ubuntu1
  • L
CVE-2020-16012

<1:78.5.0+build3-0ubuntu1
  • L
Use After Free

<1:78.4.3+build1-0ubuntu1
  • L
Use After Free

<1:78.6.1+build1-0ubuntu1
  • L
Improper Restriction of Rendered UI Layers or Frames

<1:78.5.0+build3-0ubuntu1
  • L
Use After Free

<1:78.4.3+build1-0ubuntu1
  • L
Cross-site Scripting (XSS)

<1:78.5.0+build3-0ubuntu1
  • L
Cross-site Scripting (XSS)

<1:78.5.0+build3-0ubuntu1
  • L
Improper Cross-boundary Removal of Sensitive Data

<1:78.5.0+build3-0ubuntu1
  • L
Cross-site Scripting (XSS)

<1:78.5.0+build3-0ubuntu1
  • L
Use After Free

<1:78.5.0+build3-0ubuntu1
  • M
CVE-2020-26961

<1:78.5.0+build3-0ubuntu1
  • L
Use After Free

<1:78.5.0+build3-0ubuntu1
  • L
CVE-2020-26973

<1:78.6.0+build1-0ubuntu1
  • L
CVE-2020-26978

<1:78.6.0+build1-0ubuntu1
  • L
Out-of-bounds Write

<1:78.6.0+build1-0ubuntu1
  • L
Out-of-bounds Write

<1:78.6.0+build1-0ubuntu1
  • L
CVE-2020-26976

<1:78.8.0+build1-0ubuntu2
  • L
Out-of-bounds Write

<1:78.5.0+build3-0ubuntu1
  • L
CVE-2020-35111

<1:78.6.0+build1-0ubuntu1
  • L
Out-of-bounds Write

<1:78.6.0+build1-0ubuntu1
  • L
Out-of-Bounds

<1:68.5.0+build1-0ubuntu1
  • L
Cross-site Scripting (XSS)

<1:68.5.0+build1-0ubuntu1
  • L
Arbitrary Code Injection

<1:68.6.0+build2-0ubuntu1
  • L
Information Exposure

<1:68.6.0+build2-0ubuntu1
  • L
Out-of-Bounds

<1:68.6.0+build2-0ubuntu1
  • L
Use After Free

<1:68.6.0+build2-0ubuntu1
  • L
Use After Free

<1:68.6.0+build2-0ubuntu1
  • L
Out-of-bounds Read

<1:68.6.0+build2-0ubuntu1
  • L
Out-of-Bounds

<1:68.7.0+build1-0ubuntu1
  • L
Buffer Overflow

<1:68.8.0+build2-0ubuntu1
  • M
Out-of-bounds Write

<1:68.7.0+build1-0ubuntu1
  • L
Out-of-Bounds

<1:68.7.0+build1-0ubuntu1
  • L
CVE-2021-23953

<1:78.7.0+build2-0ubuntu1
  • L
CVE-2021-23960

<1:78.7.0+build2-0ubuntu1
  • L
Access of Resource Using Incompatible Type ('Type Confusion')

<1:78.7.0+build2-0ubuntu1
  • L
CVE-2021-23961

<1:78.11.0+build1-0ubuntu2
  • L
Out-of-Bounds

<1:78.7.0+build2-0ubuntu1
  • L
Out-of-Bounds

<1:78.11.0+build1-0ubuntu2
  • L
Inadequate Encryption Strength

<1:78.11.0+build1-0ubuntu2
  • L
Out-of-Bounds

<1:78.11.0+build1-0ubuntu2
  • L
Operation on a Resource after Expiration or Release

<1:78.11.0+build1-0ubuntu2
  • L
Authentication Bypass

<1:78.11.0+build1-0ubuntu2
  • L
Missing Initialization of Resource

<1:78.11.0+build1-0ubuntu2
  • L
Improper Privilege Management

<1:78.11.0+build1-0ubuntu2
  • L
Insufficient Verification of Data Authenticity

<1:78.11.0+build1-0ubuntu2
  • L
Arbitrary Argument Injection

<1:78.11.0+build1-0ubuntu2
  • L
Integer Overflow or Wraparound

<1:78.11.0+build1-0ubuntu2
  • L
Incorrect Calculation

<1:78.11.0+build1-0ubuntu2
  • L
Out-of-Bounds

<1:78.11.0+build1-0ubuntu2
  • L
Use After Free

<1:78.12.0+build2-0ubuntu1
  • L
Use After Free

<1:78.13.0+build1-0ubuntu2
  • L
CVE-2021-29984

<1:78.13.0+build1-0ubuntu2
  • L
Race Condition

<1:78.13.0+build1-0ubuntu2
  • L
Missing Initialization of Resource

<1:78.13.0+build1-0ubuntu2
  • L
Out-of-bounds Write

<1:78.12.0+build2-0ubuntu1
  • L
Interpretation Conflict

<1:78.13.0+build1-0ubuntu2
  • L
Out-of-Bounds

<1:78.13.0+build1-0ubuntu2
  • L
Use After Free

<1:91.3.0+build2-0ubuntu1
  • L
Origin Validation Error

<1:91.3.0+build2-0ubuntu1
  • L
Use After Free

<1:91.3.0+build2-0ubuntu1
  • L
Improper Restriction of Rendered UI Layers or Frames

<1:91.3.1+build1-0ubuntu1
  • L
CVE-2021-38501

<1:91.3.0+build2-0ubuntu1
  • L
Incorrect Authorization

<1:91.3.1+build1-0ubuntu1
  • L
Use After Free

<1:91.3.1+build1-0ubuntu1
  • L
Improper Restriction of Rendered UI Layers or Frames

<1:91.3.1+build1-0ubuntu1
  • L
Improper Restriction of Rendered UI Layers or Frames

<1:91.3.1+build1-0ubuntu1
  • L
CVE-2021-38500

<1:91.3.0+build2-0ubuntu1
  • L
Origin Validation Error

<1:91.3.1+build1-0ubuntu1
  • L
XML Injection

<1:91.5.0+build1-0ubuntu1
  • L
Information Exposure

<1:91.4.0+build1-0ubuntu1
  • L
Cross-site Scripting (XSS)

<1:91.4.0+build1-0ubuntu1
  • L
Incorrect Type Conversion or Cast

<1:91.4.0+build1-0ubuntu1
  • L
Race Condition

<1:91.4.0+build1-0ubuntu1
  • L
Use After Free

<1:91.4.0+build1-0ubuntu1
  • L
Information Exposure

<1:91.4.0+build1-0ubuntu1
  • L
CVE-2021-43541

<1:91.4.0+build1-0ubuntu1
  • L
Excessive Iteration

<1:91.4.0+build1-0ubuntu1
  • L
Improper Restriction of Rendered UI Layers or Frames

<1:91.4.0+build1-0ubuntu1
  • M
Out-of-Bounds

<1:91.5.0+build1-0ubuntu1
  • L
Out-of-bounds Write

<1:91.5.0+build1-0ubuntu1
  • L
CVE-2022-22739

<1:91.5.0+build1-0ubuntu1
  • L
CVE-2022-22741

<1:91.5.0+build1-0ubuntu1
  • L
Out-of-bounds Read

<1:91.5.0+build1-0ubuntu1
  • L
Use After Free

<1:91.5.0+build1-0ubuntu1
  • L
Race Condition

<1:91.5.0+build1-0ubuntu1
  • L
Improper Certificate Validation

<1:91.5.0+build1-0ubuntu1
  • L
CVE-2022-22743

<1:91.5.0+build1-0ubuntu1
  • L
CVE-2022-22748

<1:91.5.0+build1-0ubuntu1
  • L
CVE-2022-22745

<1:91.5.0+build1-0ubuntu1
  • L
Out-of-bounds Write

<1:91.5.0+build1-0ubuntu1
  • L
CVE-2022-22756

<1:91.6.1+build1-0ubuntu1
  • L
Incorrect Authorization

<1:91.6.1+build1-0ubuntu1
  • L
CVE-2022-22759

<1:91.6.1+build1-0ubuntu1
  • L
Information Exposure

<1:91.6.1+build1-0ubuntu1
  • L
CVE-2022-22761

<1:91.6.1+build1-0ubuntu1
  • L
CVE-2022-22763

<1:91.6.1+build1-0ubuntu1
  • L
Out-of-bounds Write

<1:91.6.1+build1-0ubuntu1
  • L
Use After Free

<1:91.7.0+build2-0ubuntu1
  • L
CVE-2022-26383

<1:91.7.0+build2-0ubuntu1
  • L
CVE-2022-26384

<1:91.7.0+build2-0ubuntu1
  • L
Time-of-check Time-of-use (TOCTOU)

<1:91.7.0+build2-0ubuntu1
  • L
Incorrect Default Permissions

<1:91.9.0+build3-0ubuntu1
  • L
Open Redirect

<1:91.9.0+build3-0ubuntu1
  • L
CVE-2022-29916

<1:91.9.0+build3-0ubuntu1
  • L
CVE-2022-29914

<1:91.9.0+build3-0ubuntu1
  • L
Out-of-bounds Write

<1:91.9.0+build3-0ubuntu1
  • L
Improper Restriction of Rendered UI Layers or Frames

<1:91.9.0+build3-0ubuntu1
  • L
Authentication Bypass

<1:91.10.0+build1-0ubuntu1
  • L
CVE-2022-31736

<1:91.10.0+build1-0ubuntu1
  • L
CVE-2022-31742

<1:91.10.0+build1-0ubuntu1
  • L
Out-of-bounds Write

<1:91.10.0+build1-0ubuntu1
  • L
CVE-2022-31740

<1:91.10.0+build1-0ubuntu1
  • L
Use of Uninitialized Resource

<1:91.10.0+build1-0ubuntu1
  • L
Cross-site Scripting (XSS)

<1:91.11.0+build1-0ubuntu1
  • L
Out-of-bounds Read

<1:91.10.0+build1-0ubuntu1
  • L
Use After Free

<1:91.11.0+build1-0ubuntu1
  • M
Use After Free

<1:102.7.1+build2-0ubuntu1
  • M
CVE-2022-45404

<1:102.7.1+build2-0ubuntu1
  • M
Information Exposure

<1:102.7.1+build2-0ubuntu1
  • M
Use After Free

<1:102.7.1+build2-0ubuntu1
  • M
CVE-2022-45408

<1:102.7.1+build2-0ubuntu1
  • M
Use After Free

<1:102.7.1+build2-0ubuntu1
  • M
Improper Restriction of Rendered UI Layers or Frames

<1:102.7.1+build2-0ubuntu1
  • M
CVE-2022-45410

<1:102.7.1+build2-0ubuntu1
  • M
Information Exposure

<1:102.7.1+build2-0ubuntu1
  • M
Link Following

<1:102.7.1+build2-0ubuntu1
  • M
Improper Restriction of Rendered UI Layers or Frames

<1:102.7.1+build2-0ubuntu1
  • M
Cross-site Scripting (XSS)

<1:102.7.1+build2-0ubuntu1
  • M
Out-of-bounds Write

<1:102.7.1+build2-0ubuntu1
  • M
CVE-2022-46871

<1:102.7.1+build2-0ubuntu1
  • M
CVE-2022-46874

<1:102.7.1+build2-0ubuntu1
  • M
CVE-2022-46872

<1:102.7.1+build2-0ubuntu1
  • M
Out-of-bounds Write

<1:102.7.1+build2-0ubuntu1
  • M
CVE-2022-46877

<1:102.7.1+build2-0ubuntu1
  • M
CVE-2023-23598

<1:102.7.1+build2-0ubuntu1
  • M
Improper Encoding or Escaping of Output

<1:102.7.1+build2-0ubuntu1
  • M
Out-of-bounds Write

<1:102.7.1+build2-0ubuntu1
  • M
Improper Check for Unusual or Exceptional Conditions

<1:102.7.1+build2-0ubuntu1
  • M
Origin Validation Error

<1:102.7.1+build2-0ubuntu1
  • M
CVE-2023-23603

<1:102.7.1+build2-0ubuntu1
  • M
CVE-2023-3417

<1:102.13.0+build1-0ubuntu1
  • M
Use After Free

<1:115.2.0+build1-0ubuntu1
  • M
CVE-2023-4047

<1:115.2.0+build1-0ubuntu1
  • M
Origin Validation Error

<1:115.2.0+build1-0ubuntu1
  • M
CVE-2023-4046

<1:115.2.0+build1-0ubuntu1
  • M
Race Condition

<1:115.2.0+build1-0ubuntu1
  • M
Out-of-bounds Read

<1:115.2.0+build1-0ubuntu1
  • M
Out-of-bounds Write

<1:115.2.0+build1-0ubuntu1
  • M
CVE-2023-4054

<1:115.2.0+build1-0ubuntu1
  • M
CVE-2023-4055

<1:115.2.0+build1-0ubuntu1
  • M
Out-of-bounds Write

<1:115.2.0+build1-0ubuntu1
  • M
Out-of-bounds Write

<1:115.2.0+build1-0ubuntu1
  • M
Use After Free

<1:115.2.0+build1-0ubuntu1
  • M
Use After Free

<1:115.2.0+build1-0ubuntu1
  • M
Missing Encryption of Sensitive Data

<1:115.2.0+build1-0ubuntu1
  • M
CVE-2023-4577

<1:115.2.0+build1-0ubuntu1
  • M
Use After Free

<1:115.2.0+build1-0ubuntu1
  • M
Allocation of Resources Without Limits or Throttling

<1:115.2.0+build1-0ubuntu1
  • M
Out-of-bounds Write

<1:115.2.0+build1-0ubuntu1
  • M
CVE-2023-4581

<1:115.2.0+build1-0ubuntu1
  • M
CVE-2023-4583

<1:115.2.0+build1-0ubuntu1
  • M
Out-of-bounds Write

<1:115.2.0+build1-0ubuntu1
  • M
Out-of-bounds Write

<1:115.2.3+build1-0ubuntu1
  • H
Out-of-bounds Write

<1:115.3.1+build1-0ubuntu1
  • M
Improper Restriction of Rendered UI Layers or Frames

<1:115.4.1+build1-0ubuntu1
  • M
CVE-2023-5725

<1:115.4.1+build1-0ubuntu1
  • M
CVE-2023-5726

<1:115.4.1+build1-0ubuntu1
  • M
CVE-2023-5724

<1:115.4.1+build1-0ubuntu1
  • M
CVE-2023-5727

<1:115.4.1+build1-0ubuntu1
  • M
CVE-2023-5728

<1:115.4.1+build1-0ubuntu1
  • M
Out-of-bounds Write

<1:115.4.1+build1-0ubuntu1
  • M
CVE-2023-5732

<1:115.4.1+build1-0ubuntu1
  • M
CVE-2023-6208

<1:115.5.0+build1-0ubuntu1
  • M
Out-of-bounds Read

<1:115.5.0+build1-0ubuntu1
  • M
Use After Free

<1:115.5.0+build1-0ubuntu1
  • M
Improper Restriction of Rendered UI Layers or Frames

<1:115.5.0+build1-0ubuntu1
  • M
Use After Free

<1:115.5.0+build1-0ubuntu1
  • M
Directory Traversal

<1:115.5.0+build1-0ubuntu1
  • M
Out-of-bounds Write

<1:115.5.0+build1-0ubuntu1
  • M
Use After Free

<1:115.6.0+build2-0ubuntu1
  • M
CVE-2023-6863

<1:115.6.0+build2-0ubuntu1
  • M
Race Condition

<1:115.6.0+build2-0ubuntu1
  • M
Out-of-bounds Write

<1:115.6.0+build2-0ubuntu1
  • M
Out-of-bounds Write

<1:115.6.0+build2-0ubuntu1
  • M
CVE-2023-6860

<1:115.6.0+build2-0ubuntu1
  • M
Out-of-bounds Write

<1:115.6.0+build2-0ubuntu1
  • M
Out-of-bounds Write

<1:115.6.0+build2-0ubuntu1
  • M
Use After Free

<1:115.6.0+build2-0ubuntu1