Homepage

thunderbird vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the https://hg.mozilla.org|thunderbird package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • M
Information Exposure

[,128.4.3)
  • M
Information Exposure

[,133)
  • H
User Interface (UI) Misrepresentation of Critical Information

[,133)
  • H
User Interface (UI) Misrepresentation of Critical Information

[,128.5)[,133)
  • H
Out-of-bounds Write

[,128.5)[,133)
  • M
Improper Initialization

[,128.5)[,133)
  • M
Double Free

[,133)
  • M
Access Control Bypass

[,128.5)[,133)
  • M
Cross-site Scripting (XSS)

[,128.5)[,133)
  • H
Arbitrary Code Injection

[,128.5)[,133)
  • H
Race Condition

[,133)
  • M
Improper Check for Unusual or Exceptional Conditions

[,128.5)[,133)
  • H
User Interface (UI) Misrepresentation of Critical Information

[,128.5)[,133)
  • M
NULL Pointer Dereference

[,133)
  • M
User Interface (UI) Misrepresentation of Critical Information

[,133)
  • M
NULL Pointer Dereference

[,133)
  • H
Out-of-Bounds

[,128.5)[,133)
  • M
Race Condition

[,132)
  • H
Out-of-Bounds

[,128.4)
  • M
Denial of Service (DoS)

[,128.4)
  • H
Use After Free

[,128.4)
  • H
Incorrect Default Permissions

[,128.4)
  • M
Cross-site Scripting (XSS)

[,128.4)
  • M
User Interface (UI) Misrepresentation of Critical Information

[,128.4)
  • M
Exposure of Resource to Wrong Sphere

[,128.4)
  • M
User Interface (UI) Misrepresentation of Critical Information

[,128.4)
  • M
Denial of Service (DoS)

[,128.4)
  • H
User Impersonation

[,128.4)
  • M
Information Exposure

[,128.3)
  • L
Information Exposure

[,128.3)[129.0,131)
  • H
Origin Validation Error

[,128.3)[129.0,131)
  • H
Arbitrary Code Injection

[,128.3)[129.0,131)
  • M
Improper Restriction of Rendered UI Layers or Frames

[,128.3)[129.0,131)
  • M
Denial of Service (DoS)

[,128.3)[129.0,131)
  • H
Arbitrary Code Injection

[,128.3)[129.0,131)
  • M
Out-of-bounds Write

[,128.3)[129.0,131)
  • M
Out-of-bounds Write

[,128.3)
  • C
Out-of-bounds Write

[,131)
  • C
Out-of-Bounds

[,128.3)
  • C
Out-of-Bounds

[,128.3)
  • H
Use After Free

[,128.2)
  • H
Type Confusion

[,115.13)[116.0,128)
  • H
Out-of-Bounds

[,128.2)
  • C
Use After Free

[,115.14)[116.0,128.1)
  • H
User Interface (UI) Misrepresentation of Critical Information

[,115.14)[116.0,128.1)
  • H
Out-of-bounds Read

[,115.14)[116.0,128.1)
  • H
Information Exposure

[,115.14)[116.0,128.1)
  • H
User Interface (UI) Misrepresentation of Critical Information

[,128.1)
  • H
Improper Access Control

[,115.14)[116.0,128.1)
  • H
Use After Free

[,128.1)
  • M
Type Confusion

[,128.1)
  • C
Out-of-bounds Write

[,115.14)[116.0,128.1)
  • H
Use After Free

[,128.1)
  • H
Out-of-bounds Write

[,115.13)
  • H
Improper Restriction of Operations within the Bounds of a Memory Buffer

[,115.13)
  • M
Timing Attack

[,115.12)
  • H
Use After Free

[,115.12)
  • M
Cross-site Scripting (XSS)

[,115.12)
  • H
Use After Free

[,115.12)
  • H
Improper Restriction of Operations within the Bounds of a Memory Buffer

[,115.12)
  • M
Exposure of Sensitive Information to an Unauthorized Actor

[,115.11)
  • M
Information Exposure

[,115.11)
  • H
User Interface (UI) Misrepresentation of Critical Information

[,115.11)
  • M
Classic Buffer Overflow

[,115.11)
  • M
Use After Free

[,115.11)
  • M
Insufficient UI Warning of Dangerous Operations

[,115.10)
  • H
Out-of-Bounds

[,115.10)
  • H
Uncontrolled Resource Consumption ('Resource Exhaustion')

[,115.9)
  • M
Improper Privilege Management

[,115.9)
  • M
Timing Attack

[,115.9)
  • H
Code Injection

[,115.9)
  • M
Cross-Site Request Forgery (CSRF)

[,115.9)
  • H
Integer Overflow or Wraparound

[,115.9)
  • H
Out-of-bounds Write

[,115.9)
  • H
Out-of-bounds Write

[,115.9)
  • H
Code Injection

[,115.9)
  • H
Missing Encryption of Sensitive Data

[,115.8.1)
  • H
Out-of-bounds Read

[,115.8)
  • M
User Interface (UI) Misrepresentation of Critical Information

[,115.8)
  • H
Open Redirect

[,115.8)
  • M
User Interface (UI) Misrepresentation of Critical Information

[,115.8)
  • M
The UI Performs the Wrong Action

[,115.8)
  • H
Buffer Overflow

[,115.8)
  • M
Incorrect Conversion between Numeric Types

[,115.8)
  • M
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

[,115.8)
  • M
Inadequate Encryption Strength

[,115.7)
  • M
Improper Restriction of Operations within the Bounds of a Memory Buffer

[,115.7)
  • M
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

[,115.7)
  • M
Improper Access Control

[,115.7)
  • M
User Interface (UI) Misrepresentation of Critical Information

[,115.7)
  • M
Out-of-bounds Write

[,115.7)
  • M
Improper Data Handling

[,115.6)
  • H
Improper Verification of Cryptographic Signature

[,115.6)
  • M
Improper Input Validation

[,115.6)
  • M
Use After Free

[,115.6)
  • H
Heap-based Buffer Overflow

[,115.6)
  • H
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

[,115.6)
  • M
Improper Input Validation

[,115.6)
  • M
Heap-based Buffer Overflow

[,115.6)
  • H
Buffer Overflow

[115.4,115.5)
  • H
Out-of-bounds Read

[,115.5)
  • H
Improper Restriction of Rendered UI Layers or Frames

[,115.5)
  • M
Improper Restriction of Rendered UI Layers or Frames

[,115.5)
  • H
Use After Free

[,115.5)
  • M
Directory Traversal

[,115.5)
  • H
Use After Free

[,115.5)
  • H
Buffer Overflow

[,115.4.1)
  • M
Information Exposure

[,115.4.1)
  • M
Improper Input Validation

[,115.4.1)
  • M
Product UI Spoofing

[,115.4.1)
  • M
URL Redirection to Untrusted Site

[,115.4.1)
  • H
Product UI Manipulable for User-Controlled Input

[,115.4.1)
  • M
Improper Release of Memory Before Removing Last Reference

[,115.4.1)
  • M
Improper Restriction of Operations within the Bounds of a Memory Buffer

[,115.4.1)
  • M
Insufficient UI Warning of Dangerous Operations

[,115.4.1)
  • M
Multiple Interpretations of UI Input

[,115.4.1)
  • M
Double Free

[,115.3)
  • H
Out-of-bounds Write

[,115.3)
  • H
Out-of-bounds Write

[,115.3)
  • H
Use After Free

[,115.3)
  • H
Buffer Overflow

[115.2,115.3)
  • H
Denial of Service (DoS)

[,115.2)
  • H
Buffer Overflow

[115.1,115.2)
  • M
Improper Input Validation

[,115.0.1)
  • H
Use After Free

[,102.13)
  • M
Compilation with Insufficient Warnings or Errors

[,102.13)
  • H
Buffer Overflow

[,102.13)
  • M
Use of Uninitialized Variable

[,102.11)
  • H
Double Free

[,102.10)
  • L
Access Restriction Bypass

[,102.10)
  • M
Multiple Interpretations of UI Input

[,102.10)
  • M
Denial of Service (DoS)

[,102.10)
  • H
Out-of-Bounds Write

[102.9,102.10)
  • H
Out-of-bounds Write

[,102.10)
  • M
Access Restriction Bypass

[,102.10)
  • M
Access Restriction Bypass

[,102.10)
  • H
Denial of Service (DoS)

[,102.10)
  • M
Denial of Service (DoS)

[,102.10)
  • M
Product UI does not Warn User of Unsafe Actions

[68,102.10)
  • M
Access Restriction Bypass

[,102.10)
  • L
Improper Restriction of Rendered UI Layers or Frames

[,102.10)
  • M
Access Restriction Bypass

[,102.10)
  • H
Denial of Service (DoS)

[,102.10)
  • M
Denial of Service (DoS)

[,102.8)
  • H
Improper Check for Certificate Revocation

[68,102.7.1)
  • H
Time-of-check Time-of-use (TOCTOU) Race Condition

[,91.6)
  • H
Sandbox Bypass

[,91.6)
  • M
Information Exposure

[,91.6)
  • H
Arbitrary Code Execution

[,91.6)
  • H
Arbitrary Code Execution

[,91.6)
  • H
Denial of Service (DoS)

[,91.4.0)
  • M
Access Restriction Bypass

[,91.6)
  • M
Denial of Service (DoS)

[,91.6)
  • H
Authorization Bypass

[,91.6)
  • H
Information Exposure

[,102.6)
  • H
Use After Free

[,102.6)
  • M
Use After Free

[,102.6)
  • H
Denial of Service (DoS)

[,102.6)
  • H
Denial of Service (DoS)

[,102.6)
  • M
Insufficient UI Warning of Dangerous Operations

[,102.6)
  • M
Arbitrary Code Execution

[,102.6)
  • M
Information Exposure

[,102.5.1)
  • H
Use After Free

[,102.5)
  • H
Access Control Bypass

[,102.5)
  • H
Use After Free

[,102.5)
  • H
Unsafe Dependency Resolution

[,102.5)
  • H
Buffer Overflow

[,102.5)
  • M
Improper Access Control

[,102.5)
  • M
Cross-site Scripting (XSS)

[,102.5)
  • M
Buffer Overflow

[,102.5)
  • M
Improper Access Control

[,102.5)
  • M
Information Exposure

[,102.5)
  • M
Access Control Bypass

[,102.5)
  • H
Access Control Bypass

[,102.5)
  • H
Use After Free

[,102.5)
  • H
Denial of Service (DoS)

[,102.3)
  • H
Information Exposure

[,102.3)
  • M
Arbitrary Code Execution

[,102.3)
  • H
Denial of Service (DoS)

[,102.3)
  • M
Access Restriction Bypass

[,102.3)
  • M
Denial of Service (DoS)

[,102.3)
  • M
Authorization Bypass

[0,102.3)
  • M
Improper Restriction of Rendered UI Layers or Frames

[,102.2.1)
  • H
Information Exposure

[,102.2.1)
  • M
UI Performs the Wrong Action

[,102.2.1)
  • M
Expected Behavior Violation

[,102.2.1)
  • M
Cross-site Scripting (XSS)

[,91.12)[92.0,102.1)
  • M
Out-of-Bounds

[,102.1)
  • H
Email Spoofing

[,91.10)
  • M
Observable Discrepancy

[,91.9)
  • M
Improper Input Validation

[,91.9)
  • M
Improper Certificate Validation

[,91.8.0)
  • H
Improper Input Validation

[,91.7)
  • H
Time-of-check Time-of-use (TOCTOU) Race Condition

[,91.7)
  • H
Use After Free

[,91.7)
  • C
Use After Free

[,91.6.2)
  • C
Use After Free

[,91.6.2)