thunderbird vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the thunderbird package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
M Out-of-bounds Read	*
H Out-of-Bounds	*
H Use After Free	*
M Improper Certificate Validation	*
H Use After Free	*
H Missing Encryption of Sensitive Data	<1:68.9.0-1~deb8u2
H Out-of-Bounds	<1:68.9.0-1~deb8u2
H Insufficient Verification of Data Authenticity	<1:68.9.0-1~deb8u2
M Use After Free	<1:68.9.0-1~deb8u2
M Information Exposure	<1:68.9.0-1~deb8u2
M Origin Validation Error	<1:68.8.0-1~deb8u1
H Race Condition	<1:68.8.0-1~deb8u1
C Buffer Overflow	<1:68.8.0-1~deb8u1
M Information Exposure	<1:68.8.0-1~deb8u1
C Out-of-Bounds	<1:68.8.0-1~deb8u1
H Out-of-Bounds	<1:68.7.0-1~deb8u1
C Out-of-Bounds	<1:68.7.0-1~deb8u1
H Out-of-bounds Write	<1:68.7.0-1~deb8u1
H Use After Free	<1:68.7.0-1~deb8u1
H Double Free	<1:68.7.0-1~deb8u1
M Information Exposure	<1:68.6.0-1~deb8u1
H Use After Free	<1:68.6.0-1~deb8u1
H Use After Free	<1:68.6.0-1~deb8u1
H Arbitrary Code Injection	<1:68.6.0-1~deb8u1
H Out-of-bounds Read	<1:68.6.0-1~deb8u1
C Out-of-Bounds	<1:68.6.0-1~deb8u1
M Out-of-bounds Read	<1:68.6.0-1~deb8u1
M Cross-site Scripting (XSS)	<1:68.5.0-1~deb8u1
M Missing Initialization of Resource	<1:68.5.0-1~deb8u1
H Out-of-Bounds	<1:68.5.0-1~deb8u1
M Insufficiently Protected Credentials	<1:68.5.0-1~deb8u1
M Out-of-bounds Read	<1:68.5.0-1~deb8u1
M NULL Pointer Dereference	<1:68.5.0-1~deb8u1
H Access of Resource Using Incompatible Type ('Type Confusion')	<1:68.4.1-1~deb8u1
H Buffer Overflow	<1:68.4.1-1~deb8u1
M Cross-site Scripting (XSS)	<1:68.4.1-1~deb8u1
M Cross-site Scripting (XSS)	<1:68.4.1-1~deb8u1
H Access of Resource Using Incompatible Type ('Type Confusion')	<1:68.4.1-1~deb8u1
H Use After Free	<1:68.3.0-2~deb8u1
H Use After Free	<1:68.3.0-2~deb8u1
H Use After Free	<1:68.3.0-2~deb8u1
H Buffer Overflow	<1:68.3.0-2~deb8u1
H Buffer Overflow	<1:68.3.0-2~deb8u1
M Origin Validation Error	<1:68.2.2-1~deb8u1
M Race Condition	<1:68.2.2-1~deb8u1
M Cross-site Scripting (XSS)	<1:68.2.2-1~deb8u1
H Use After Free	<1:68.2.2-1~deb8u1
H Out-of-bounds Write	<1:68.2.2-1~deb8u1
H Use After Free	<1:68.2.2-1~deb8u1
H Buffer Overflow	<1:68.2.2-1~deb8u1
H Improper Verification of Cryptographic Signature	<1:68.2.2-1~deb8u1
M Cleartext Transmission of Sensitive Information	<1:60.9.0-1~deb8u1
H Out-of-bounds Read	<1:68.2.2-1~deb8u1
L Information Exposure	<1:60.9.0-1~deb8u1
H Out-of-Bounds	<1:60.9.0-1~deb8u1
H Use After Free	<1:60.9.0-1~deb8u1
H Use After Free	<1:60.9.0-1~deb8u1
M Inclusion of Functionality from Untrusted Control Sphere	<1:60.9.0-1~deb8u1
M Cross-site Scripting (XSS)	<1:60.9.0-1~deb8u1
H Arbitrary Code Injection	<1:60.8.0-1~deb8u1
H Out-of-Bounds	<1:60.8.0-1
C Use After Free	<1:60.8.0-1~deb8u1
H Cross-site Request Forgery (CSRF)	<1:60.8.0-1~deb8u1
M Cross-site Scripting (XSS)	<1:60.8.0-1~deb8u1
M CVE-2019-11730	<1:60.8.0-1~deb8u1
M Improper Encoding or Escaping of Output	<1:60.8.0-1~deb8u1
H Out-of-bounds Read	<1:60.8.0-1
C Out-of-Bounds	<1:60.8.0-1~deb8u1
H CVE-2019-11711	<1:60.8.0-1~deb8u1
C Improper Input Validation	<1:60.7.2-1~deb8u1
H Access of Resource Using Incompatible Type ('Type Confusion')	<1:60.7.2-1~deb8u1
C Out-of-Bounds	<1:60.7.1-1~deb8u1
C Out-of-Bounds	<1:60.7.1-1~deb8u1
H Access of Resource Using Incompatible Type ('Type Confusion')	<1:60.7.1-1~deb8u1
C Out-of-bounds Write	<1:60.7.1-1~deb8u1
M Access of Resource Using Incompatible Type ('Type Confusion')	<1:60.7.0-1~deb8u1
M Origin Validation Error	<1:60.7.0-1~deb8u1
C Out-of-Bounds	<1:60.7.0-1~deb8u1
C Use After Free	<1:60.7.0-1~deb8u1
C Use After Free	<1:60.7.0-1~deb8u1
C Out-of-Bounds	<1:60.7.0-1~deb8u1
C Improper Input Validation	<1:60.7.0-1~deb8u1
C Use After Free	<1:60.7.0-1~deb8u1
M Improper Input Validation	<1:60.7.0-1~deb8u1
C Use After Free	<1:60.5.1-1~deb8u1
H NULL Pointer Dereference	<1:60.5.1-1~deb8u1
C Out-of-Bounds	<1:60.6.1-1~deb8u1
C Reachable Assertion	<1:60.6.1-1~deb8u1
M Out-of-Bounds	<1:60.6.1-1~deb8u1
C Out-of-Bounds	<1:60.6.1-1~deb8u1
C Use After Free	<1:60.6.1-1~deb8u1
C Use After Free	<1:60.6.1-1~deb8u1
C Improper Input Validation	<1:60.6.1-1~deb8u1
M Origin Validation Error	<1:60.7.0-1~deb8u1
M Out-of-bounds Read	<1:60.7.0-1~deb8u1
M Origin Validation Error	<1:60.3.0-1~deb8u1
M Improper Verification of Cryptographic Signature	<1:60.5.1-1~deb8u1
M Information Exposure	<1:60.7.0-1~deb8u1
M Out-of-bounds Write	<1:60.5.1-1~deb8u1
M Use After Free	<1:60.7.0-1~deb8u1
C Out-of-Bounds	<1:60.5.1-1~deb8u1
C Improper Authentication	<1:60.5.1-1~deb8u1
C Use After Free	<1:60.5.1-1~deb8u1
M CVE-2018-18506	<1:60.6.1-1~deb8u1
C Out-of-Bounds	<1:60.4.0-1~deb8u1
C Use After Free	<1:60.4.0-1~deb8u1
C Out-of-bounds Write	<1:60.4.0-1~deb8u1
C Out-of-Bounds	<1:60.4.0-1~deb8u1
M Origin Validation Error	<1:60.4.0-1~deb8u1
H Out-of-bounds Write	<1:60.5.1-1~deb8u1
C Out-of-Bounds	<1:60.3.0-1~deb8u1
H Out-of-Bounds	<1:60.3.0-1~deb8u1
H Out-of-bounds Write	<1:60.3.0-1~deb8u1
C CVE-2018-12392	<1:60.3.0-1~deb8u1
H Out-of-bounds Read	<1:60.4.0-1~deb8u1
H Improper Input Validation	<1:60.3.0-1~deb8u1
M Insufficiently Protected Credentials	<1:60.3.0-1~deb8u1
C Use After Free	<1:60.3.0-1~deb8u1
H Out-of-bounds Write	<1:60.3.0-1~deb8u1
C Out-of-Bounds	<1:60.3.0-1~deb8u1
C Use After Free	<1:60.3.0-1~deb8u1
M Information Exposure	<1:52.9.1-1~deb8u1
H Cross-site Request Forgery (CSRF)	<1:52.9.1-1~deb8u1
H Use After Free	<1:52.9.1-1~deb8u1
H Use After Free	<1:52.9.1-1~deb8u1
M Out-of-bounds Read	<1:52.9.1-1~deb8u1
H Out-of-Bounds	<1:52.9.1-1~deb8u1
H Integer Overflow or Wraparound	<1:52.9.1-1~deb8u1
M Information Exposure	<1:52.9.1-1~deb8u1
C Out-of-Bounds	<1:52.9.1-1~deb8u1
M Information Exposure	<1:52.9.1-1~deb8u1
M Information Exposure	<1:52.9.1-1~deb8u1
H Integer Overflow or Wraparound	<1:60.3.0-1~deb8u1
C Out-of-Bounds	<1:60.3.0-1~deb8u1
H Integer Overflow or Wraparound	<1:60.3.0-1~deb8u1
M Improper Input Validation	<1:60.3.0-1~deb8u1
C Improper Input Validation	<1:60.3.0-1~deb8u1
C Use After Free	<1:52.6.0-1~deb8u1
H Arbitrary Code Injection	<1:52.5.2-2~deb8u1
H Out-of-Bounds	<1:52.7.0-1~deb8u1
C Use After Free	<1:52.8.0-1~deb8u1
H Integer Overflow or Wraparound	<1:52.7.0-1~deb8u1
C Use After Free	<1:52.6.0-1~deb8u1
C Out-of-bounds Write	<1:52.8.0-1~deb8u1
C Use After Free	<1:52.6.0-1~deb8u1
M CVE-2018-5168	<1:52.8.0-1~deb8u1
H Out-of-Bounds	<1:52.8.0-1~deb8u1
C Out-of-Bounds	<1:52.7.0-1~deb8u1
C Integer Overflow or Wraparound	<1:52.6.0-1~deb8u1
M CVE-2017-7830	<1:52.5.2-2~deb8u1
C Use After Free	<1:52.8.0-1~deb8u1
M Arbitrary Code Injection	<1:52.5.2-2~deb8u1
H Out-of-bounds Write	<1:52.7.0-1~deb8u1
C Out-of-Bounds	<1:52.4.0-1~deb8u1
C Out-of-Bounds	<1:52.8.0-1~deb8u1
M Improper Input Validation	<1:52.5.2-2~deb8u1
H Use After Free	<1:52.4.0-1~deb8u1
M Improper Input Validation	<1:52.8.0-1~deb8u1
C Use After Free	<1:52.4.0-1~deb8u1
C Use After Free	<1:52.6.0-1~deb8u1
C Use After Free	<1:52.6.0-1~deb8u1
C Out-of-Bounds	<1:52.6.0-1~deb8u1
M CVE-2018-5117	<1:52.6.0-1~deb8u1
M Information Exposure	<1:52.5.2-2~deb8u1
C Use After Free	<1:52.5.2-2~deb8u1
C Use After Free	<1:52.4.0-1~deb8u1
H Missing Encryption of Sensitive Data	<1:52.8.0-1~deb8u1
C Out-of-Bounds	<1:52.5.2-2~deb8u1
M Missing Encryption of Sensitive Data	<1:52.8.0-1~deb8u1
H Improper Input Validation	<1:52.4.0-1~deb8u1
M Cross-site Scripting (XSS)	<1:52.4.0-1~deb8u1
C Out-of-Bounds	<1:52.8.0-1~deb8u1
C Out-of-Bounds	<1:52.4.0-1~deb8u1
C Use After Free	<1:52.6.0-1~deb8u1
M Improper Input Validation	<1:52.8.0-1~deb8u1
C Use After Free	<1:52.6.0-1~deb8u1
H Inadequate Encryption Strength	<1:52.8.0-1~deb8u1
C Use After Free	<1:52.6.0-1~deb8u1
H Out-of-bounds Write	<1:52.7.0-1~deb8u1
H Out-of-Bounds	<1:52.7.0-1~deb8u1
C Use After Free	<1:52.4.0-1~deb8u1
M Information Exposure	<1:60.3.0-1~deb8u1
M Use After Free	<1:60.5.0-1
L CVE-2006-4570	<1.5.0.7-1
C CVE-2006-4571	<1.5.0.7-1
M Cross-site Scripting (XSS)	<1.5.0.7-1
L CVE-2006-4569	<1.5.0.7-1
M CVE-2006-4566	<1.5.0.7-1
L CVE-2006-4567	<1.5.0.7-1
H Out-of-Bounds	<1.5.0.7-1
M Improper Input Validation	<1.5.0.7-1
H Access Restriction Bypass	<1.5.0.7-1
L CVE-2006-3812	<1.5.0.5-1
H CVE-2006-3805	<1.5.0.5-1
H CVE-2006-3808	<1.5.0.5-1
H CVE-2006-3801	<1.5.0.5-1
H CVE-2006-3811	<1.5.0.5-1
M CVE-2006-3810	<1.5.0.5-1
M CVE-2006-3802	<1.5.0.5-1
H CVE-2006-3809	<1.5.0.5-1
H CVE-2006-3113	<1.5.0.5-1
M CVE-2006-3803	<1.5.0.5-1
H Numeric Errors	<1.5.0.5-1
H CVE-2006-3807	<1.5.0.5-1
M CVE-2006-3804	<1.5.0.5-1
L CVE-2006-2786	<1.5.0.4-1
H CVE-2006-2787	<1.5.0.4-1
M Out-of-Bounds	<1.5.0.4-1
H Arbitrary Code Injection	<1.5.0.4-1
M Cross-site Scripting (XSS)	<1.5.0.4-1
H Arbitrary Code Injection	<1.5.0.4-1
H Access Restriction Bypass	<1.5.0.4-1
M CVE-2006-2778	<1.5.0.4-1
H CVE-2006-2776	<1.5.0.4-1
C Resource Management Errors	<1.5.0.2-1
M CVE-2006-1738	<1.5.0.2-1
H Numeric Errors	<1.5.0.2-1
H CVE-2006-1529	<1.5.0.2-1
M Cross-site Scripting (XSS)	<1.5.0.2-1
L CVE-2006-1740	<1.5.0.2-1
H Out-of-Bounds	<1.5.0.2-1
M Cross-site Scripting (XSS)	<1.5.0.2-1
H Access Restriction Bypass	<1.5.0.2-1
H CVE-2006-1723	<1.5.0.2-1
M CVE-2006-1732	<1.5.0.2-1
H CVE-2006-1727	<1.5.0.2-1
H CVE-2006-1724	<1.5.0.2-1
M CVE-2006-1734	<1.5.0.2-1
M Access Restriction Bypass	<1.5.0.2-1
H Resource Management Errors	<1.5.0.2-1
H Numeric Errors	<1.5.0.2-1
H CVE-2006-1728	<1.5.0.2-1
H CVE-2006-1530	<1.5.0.2-1
H Access Restriction Bypass	<1.5.0.2-1
H CVE-2006-1531	<1.5.0.2-1
M CVE-2006-1742	<1.5.0.2-1
H Resource Management Errors	<1.5.0.2-1
L CVE-2006-1045	<1.5.0.2-1
H Improper Input Validation	<1.5.0.2-1
M CVE-2006-0299	<1.5.0.2-1
M CVE-2006-0297	<1.5.0.2-1
M Improper Input Validation	<1.5.0.2-1
H CVE-2006-0292	<1.5.0.2-1
M CVE-2006-0296	<1.5.0.2-1
H CVE-2006-0294	<1.5.0.2-1
M CVE-2006-0295	<1.5.0.2-1
M CVE-2005-2353	<1.5.0.2-1