https://hg.mozilla.org|thunderbird vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the https://hg.mozilla.org|thunderbird package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Information Exposure	[,140.4)[141.0,144.0)
M Improper Authorization	[,140.4)[141.0,144.0)
H Use After Free	[,140.4)[141.0,144.0)
M Exposure of Resource to Wrong Sphere	[,144.0)
H Use After Free	[,144.0)
H Out-of-Bounds	[,140.4)[141.0,144.0)
H Out-of-Bounds	[,140.4)[141.0,144.0)
M Cross-site Scripting (XSS)	[,140.4)[141.0,144.0)
H Out-of-Bounds	[,144.0)
H Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')	[,140.4)[141.0,144.0)
C Out-of-bounds Write	[,140.4)[141.0,144.0)
M Use of Low-Level Functionality	[,143.0)
H Use After Free	[,143.0)
H User Impersonation	[,143.0)
H Use After Free	[,143.0)
C Arbitrary Code Injection	[,143.0)
H Origin Validation Error	[,143.0)
H Information Exposure	[,143.0)
H Off-by-one Error	[,143.0)
H Integer Overflow or Wraparound	[,143.0)
H Buffer Overflow	[,143.0)
H Use of Uninitialized Resource	[,128.14)[140.0,140.2)[142.0-b1,142.0)
H Denial of Service (DoS)	[,140.2)[142.0-b1,142.0)
C Out-of-Bounds	[,128.14)[140.0,140.2)[142.0-b1,142.0)
H Origin Validation Error	[,128.14)[140.0,140.2)[142.0-b1,142.0)
H Out-of-Bounds	[,140.2)[142.0-b1,142.0)
H Out-of-Bounds	[,128.14)[140.0,140.2)[142.0-b1,142.0)
C Out-of-Bounds	[,142.0)
H Out-of-Bounds	[,128.13)[140.0-b1,140.1)[141.0-b1,141.0)
C Incorrect Calculation of Buffer Size	[,128.13)[140.0-b1,140.1)[141.0-b1,141.0)
H Improper Encoding or Escaping of Output	[,128.13)[140.0-b1,140.1)[141.0-b1,141.0)
C Information Exposure	[,128.13)[140.0-b1,140.1)[141.0-b1,141.0)
H Origin Validation Error	[,140.1)[141.0-b1,141.0)
H Protection Mechanism Failure	[,128.13)[140.0-b1,140.1)[141.0-b1,141.0)
H Arbitrary Code Injection	[,128.13)[140.0-b1,140.1)[141.0-b1,141.0)
H Out-of-Bounds	[,128.13)[140.0-b1,140.1)[141.0-b1,141.0)
H NULL Pointer Dereference	[,128.13)[140.0-b1,140.1)[141.0-b1,141.0)
H Out-of-Bounds	[,128.13)[140.0-b1,140.1)[141.0-b1,141.0)
C Improper Authentication	[,140.1)[141.0-b1,141.0)
H Out-of-Bounds	[,140.1)[141.0-b1,141.0)
C Improper Input Validation	[,140.1)[141.0-b1,141.0)
C User Interface (UI) Misrepresentation of Critical Information	[,141.0)
H Information Exposure	[,140.1)[141.0-b1,141.0)
C Out-of-Bounds	[,141.0)
H User Interface (UI) Misrepresentation of Critical Information	[,128.11.1)[130.0b3,139.0.2)
C Out-of-bounds Write	[,128.11)
L Arbitrary Command Injection	[,128.11)
H User Impersonation	[,128.10.1)[130.0b1,138.0.1)
M Authentication Bypass Using an Alternate Path or Channel	[,128.10.1)[130.0b1,138.0.1)
M Authentication Bypass by Spoofing	[,128.10.1)[130.0b1,138.0.1)
M Arbitrary Code Injection	[128.9.0,128.10.0)
H Incorrect Privilege Assignment	[,138.0b1)
M Cross-site Request Forgery (CSRF)	[,138.0b1)
M Improper Encoding or Escaping of Output	[,138.0b1)
M User Interface (UI) Misrepresentation of Critical Information	[,138.0b1)
M Arbitrary Code Injection	[,128.10)[130.0b1,138.0b1)
M Arbitrary Code Injection	[137.0b1,138.0b1)
H Arbitrary Code Injection	[,128.10)[130.0b1,138.0b1)
H Out-of-bounds Read	[,128.10)[130.0b1,138.0b1)
C Improper Isolation or Compartmentalization	[,128.10)[130.0b1,138.0b1)
M Improper Encoding or Escaping of Output	[,128.10)
M Insertion of Sensitive Information into Log File	[,138.0b1)
M Out-of-bounds Read	[,128.10)[130.0b1,138.0b1)
H Out-of-bounds Write	[,128.10.2)[130.0b1,138.0.2)
H Out-of-bounds Write	[,128.10.2)[130.0b1,138.0.2)
M Improper Input Validation	[,137)
H Use After Free	[,137)
H Out-of-Bounds	[,137)
H Out-of-Bounds	[,137)
H User Interface (UI) Misrepresentation of Critical Information	[,137)
M Information Exposure	[,137)
H Information Exposure	[,137.0.2)
M Exposure of Sensitive System Information to an Unauthorized Control Sphere	[,137.0)
H Insufficient Granularity of Access Control	[,137.0.2)
M User Interface (UI) Misrepresentation of Critical Information	[,137.0.2)
M User Interface (UI) Misrepresentation of Critical Information	[,136)
M Information Exposure	[,136)
H Use After Free	[,136)
H Use After Free	[,136)
H Out-of-Bounds	[,136)
H Out-of-bounds Write	[,136)
H Out-of-bounds Read	[,136)
H Out-of-bounds Write	[,136)
L Improper Synchronization	[,136)
M Arbitrary Code Injection	[,136)
M Out-of-Bounds	[,136)
H Use After Free	[,128.7)[130,135)
M Use After Free	[,128.7)[130,135)
M Out-of-Bounds	[,128.7)[130,135)
H Use After Free	[,128.7)[130,135)
H User Interface (UI) Misrepresentation of Critical Information	[,135)
M User Interface (UI) Misrepresentation of Critical Information	[,135)
M Race Condition	[,128.7)
M Improper Validation of Specified Quantity in Input	[,128.7)
M Buffer Overflow	[,128.7)[130.0,135)
M Open Redirect	[,128.7)
M Buffer Overflow	[,128.7)[130.0,135)
H Out-of-bounds Write	[,135)
M User Interface (UI) Misrepresentation of Critical Information	[,135)
H Out-of-bounds Write	[,115.20)[128.0,128.7)[129.0beta,135)
M Information Exposure	[,128.4.3)
M Information Exposure	[,133)
H User Interface (UI) Misrepresentation of Critical Information	[,133)
H User Interface (UI) Misrepresentation of Critical Information	[,128.5)[,133)
H Out-of-bounds Write	[,128.5)[,133)
M Improper Initialization	[,128.5)[,133)
M Double Free	[,133)
M Access Control Bypass	[,128.5)[,133)
M Cross-site Scripting (XSS)	[,128.5)[,133)
H Arbitrary Code Injection	[,128.5)[,133)
H Race Condition	[,133)
M Improper Check for Unusual or Exceptional Conditions	[,128.5)[,133)
H User Interface (UI) Misrepresentation of Critical Information	[,128.5)[,133)
M NULL Pointer Dereference	[,133)
M User Interface (UI) Misrepresentation of Critical Information	[,133)
M NULL Pointer Dereference	[,133)
H Out-of-Bounds	[,128.5)[,133)
M Race Condition	[,132)
H Out-of-Bounds	[,128.4)
M Denial of Service (DoS)	[,128.4)
H Use After Free	[,128.4)
H Incorrect Default Permissions	[,128.4)
M Cross-site Scripting (XSS)	[,128.4)
M User Interface (UI) Misrepresentation of Critical Information	[,128.4)
M Exposure of Resource to Wrong Sphere	[,128.4)
M User Interface (UI) Misrepresentation of Critical Information	[,128.4)
M Denial of Service (DoS)	[,128.4)
H User Impersonation	[,128.4)
M Information Exposure	[,128.3)
L Information Exposure	[,128.3)[129.0,131)
H Origin Validation Error	[,128.3)[129.0,131)
H Arbitrary Code Injection	[,128.3)[129.0,131)
M Improper Restriction of Rendered UI Layers or Frames	[,128.3)[129.0,131)
M Denial of Service (DoS)	[,128.3)[129.0,131)
H Arbitrary Code Injection	[,128.3)[129.0,131)
M Out-of-bounds Write	[,128.3)[129.0,131)
M Out-of-bounds Write	[,128.3)
C Out-of-bounds Write	[,131)
C Out-of-Bounds	[,128.3)
C Out-of-Bounds	[,128.3)
H Use After Free	[,128.2)
H Type Confusion	[,115.13)[116.0,128)
H Out-of-Bounds	[,128.2)
C Use After Free	[,115.14)[116.0,128.1)
H User Interface (UI) Misrepresentation of Critical Information	[,115.14)[116.0,128.1)
H Out-of-bounds Read	[,115.14)[116.0,128.1)
H Information Exposure	[,115.14)[116.0,128.1)
H User Interface (UI) Misrepresentation of Critical Information	[,128.1)
H Improper Access Control	[,115.14)[116.0,128.1)
H Use After Free	[,128.1)
M Type Confusion	[,128.1)
C Out-of-bounds Write	[,115.14)[116.0,128.1)
H Use After Free	[,128.1)
H Out-of-bounds Write	[,115.13)
H Improper Restriction of Operations within the Bounds of a Memory Buffer	[,115.13)
M Timing Attack	[,115.12)
H Use After Free	[,115.12)
M Cross-site Scripting (XSS)	[,115.12)
H Use After Free	[,115.12)
H Improper Restriction of Operations within the Bounds of a Memory Buffer	[,115.12)
M Exposure of Sensitive Information to an Unauthorized Actor	[,115.11)
M Information Exposure	[,115.11)
H User Interface (UI) Misrepresentation of Critical Information	[,115.11)
M Classic Buffer Overflow	[,115.11)
M Use After Free	[,115.11)
M Insufficient UI Warning of Dangerous Operations	[,115.10)
H Out-of-Bounds	[,115.10)
H Uncontrolled Resource Consumption ('Resource Exhaustion')	[,115.9)
M Improper Privilege Management	[,115.9)
M Timing Attack	[,115.9)
H Code Injection	[,115.9)
M Cross-Site Request Forgery (CSRF)	[,115.9)
H Integer Overflow or Wraparound	[,115.9)
H Out-of-bounds Write	[,115.9)
H Out-of-bounds Write	[,115.9)
H Code Injection	[,115.9)
H Missing Encryption of Sensitive Data	[,115.8.1)
H Out-of-bounds Read	[,115.8)
M User Interface (UI) Misrepresentation of Critical Information	[,115.8)
H Open Redirect	[,115.8)
M User Interface (UI) Misrepresentation of Critical Information	[,115.8)
M The UI Performs the Wrong Action	[,115.8)
H Buffer Overflow	[,115.8)
M Incorrect Conversion between Numeric Types	[,115.8)
M Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')	[,115.8)
M Inadequate Encryption Strength	[,115.7)
M Improper Restriction of Operations within the Bounds of a Memory Buffer	[,115.7)
M Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')	[,115.7)
M Improper Access Control	[,115.7)
M User Interface (UI) Misrepresentation of Critical Information	[,115.7)
M Out-of-bounds Write	[,115.7)
M Improper Data Handling	[,115.6)
H Improper Verification of Cryptographic Signature	[,115.6)
M Improper Input Validation	[,115.6)
M Use After Free	[,115.6)
H Heap-based Buffer Overflow	[,115.6)
H Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')	[,115.6)
M Improper Input Validation	[,115.6)
M Heap-based Buffer Overflow	[,115.6)
H Buffer Overflow	[115.4,115.5)
H Out-of-bounds Read	[,115.5)
H Improper Restriction of Rendered UI Layers or Frames	[,115.5)
M Improper Restriction of Rendered UI Layers or Frames	[,115.5)
H Use After Free	[,115.5)
M Directory Traversal	[,115.5)
H Use After Free	[,115.5)
H Buffer Overflow	[,115.4.1)
M Information Exposure	[,115.4.1)
M Improper Input Validation	[,115.4.1)
M Product UI Spoofing	[,115.4.1)
M URL Redirection to Untrusted Site	[,115.4.1)
H Product UI Manipulable for User-Controlled Input	[,115.4.1)
M Improper Release of Memory Before Removing Last Reference	[,115.4.1)
M Improper Restriction of Operations within the Bounds of a Memory Buffer	[,115.4.1)
M Insufficient UI Warning of Dangerous Operations	[,115.4.1)
M Multiple Interpretations of UI Input	[,115.4.1)
M Double Free	[,115.3)
H Out-of-bounds Write	[,115.3)
H Out-of-bounds Write	[,115.3)
H Use After Free	[,115.3)
H Buffer Overflow	[115.2,115.3)
H Denial of Service (DoS)	[,115.2)
H Buffer Overflow	[115.1,115.2)
M Improper Input Validation	[,115.0.1)
H Use After Free	[,102.13)
M Compilation with Insufficient Warnings or Errors	[,102.13)
H Buffer Overflow	[,102.13)
M Use of Uninitialized Variable	[,102.11)
H Double Free	[,102.10)
L Access Restriction Bypass	[,102.10)
M Multiple Interpretations of UI Input	[,102.10)
M Denial of Service (DoS)	[,102.10)
H Out-of-Bounds Write	[102.9,102.10)
H Out-of-bounds Write	[,102.10)
M Access Restriction Bypass	[,102.10)
M Access Restriction Bypass	[,102.10)
H Denial of Service (DoS)	[,102.10)
M Denial of Service (DoS)	[,102.10)
M Product UI does not Warn User of Unsafe Actions	[68,102.10)
M Access Restriction Bypass	[,102.10)
L Improper Restriction of Rendered UI Layers or Frames	[,102.10)
M Access Restriction Bypass	[,102.10)
H Denial of Service (DoS)	[,102.10)
M Denial of Service (DoS)	[,102.8)
H Improper Check for Certificate Revocation	[68,102.7.1)
H Time-of-check Time-of-use (TOCTOU) Race Condition	[,91.6)
H Sandbox Bypass	[,91.6)
M Information Exposure	[,91.6)
H Arbitrary Code Execution	[,91.6)
H Arbitrary Code Execution	[,91.6)
H Denial of Service (DoS)	[,91.4.0)
M Access Restriction Bypass	[,91.6)
M Denial of Service (DoS)	[,91.6)
H Authorization Bypass	[,91.6)
H Information Exposure	[,102.6)
H Use After Free	[,102.6)
M Use After Free	[,102.6)
H Denial of Service (DoS)	[,102.6)
H Denial of Service (DoS)	[,102.6)
M Insufficient UI Warning of Dangerous Operations	[,102.6)
M Arbitrary Code Execution	[,102.6)
M Information Exposure	[,102.5.1)
H Use After Free	[,102.5)
H Access Control Bypass	[,102.5)
H Use After Free	[,102.5)
H Unsafe Dependency Resolution	[,102.5)
H Buffer Overflow	[,102.5)
M Improper Access Control	[,102.5)
M Cross-site Scripting (XSS)	[,102.5)
M Buffer Overflow	[,102.5)
M Improper Access Control	[,102.5)
M Information Exposure	[,102.5)
M Access Control Bypass	[,102.5)
H Access Control Bypass	[,102.5)
H Use After Free	[,102.5)
H Denial of Service (DoS)	[,102.3)
H Information Exposure	[,102.3)
M Arbitrary Code Execution	[,102.3)
H Denial of Service (DoS)	[,102.3)
M Access Restriction Bypass	[,102.3)
M Denial of Service (DoS)	[,102.3)
M Authorization Bypass	[0,102.3)
M Improper Restriction of Rendered UI Layers or Frames	[,102.2.1)
H Information Exposure	[,102.2.1)
M UI Performs the Wrong Action	[,102.2.1)
M Expected Behavior Violation	[,102.2.1)
M Cross-site Scripting (XSS)	[,91.12)[92.0,102.1)
M Out-of-Bounds	[,102.1)
H Email Spoofing	[,91.10)
M Observable Discrepancy	[,91.9)
M Improper Input Validation	[,91.9)
M Improper Certificate Validation	[,91.8.0)
H Improper Input Validation	[,91.7)
H Time-of-check Time-of-use (TOCTOU) Race Condition	[,91.7)
H Use After Free	[,91.7)
C Use After Free	[,91.6.2)
C Use After Free	[,91.6.2)

Vulnerability

Vulnerable Version

Information Exposure

[,140.4)[141.0,144.0)

Improper Authorization

[,140.4)[141.0,144.0)

Use After Free

[,140.4)[141.0,144.0)

Exposure of Resource to Wrong Sphere

[,144.0)

Use After Free

[,144.0)

Out-of-Bounds

[,140.4)[141.0,144.0)

Out-of-Bounds

[,140.4)[141.0,144.0)

Cross-site Scripting (XSS)

[,140.4)[141.0,144.0)

Out-of-Bounds

[,144.0)

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

[,140.4)[141.0,144.0)

Out-of-bounds Write

[,140.4)[141.0,144.0)

Use of Low-Level Functionality

[,143.0)

Use After Free

[,143.0)

User Impersonation

[,143.0)

Use After Free

[,143.0)

Arbitrary Code Injection

[,143.0)

Origin Validation Error

[,143.0)

Information Exposure

[,143.0)

Off-by-one Error

[,143.0)

Integer Overflow or Wraparound

[,143.0)

Buffer Overflow

[,143.0)

Use of Uninitialized Resource

[,128.14)[140.0,140.2)[142.0-b1,142.0)

Denial of Service (DoS)

[,140.2)[142.0-b1,142.0)

Out-of-Bounds

[,128.14)[140.0,140.2)[142.0-b1,142.0)

Origin Validation Error

[,128.14)[140.0,140.2)[142.0-b1,142.0)

Out-of-Bounds

[,140.2)[142.0-b1,142.0)

Out-of-Bounds

[,128.14)[140.0,140.2)[142.0-b1,142.0)

Out-of-Bounds

[,142.0)

Out-of-Bounds