Information on source package thunderbird

Available versions

ReleaseVersion
jessie1:52.8.0-1~deb8u1
jessie (security)1:52.9.1-1~deb8u1
stretch1:52.8.0-1~deb9u1
stretch (security)1:60.0-3~deb9u1
buster1:52.9.1-1
sid1:60.2.1-1

Open issues

BugjessiestretchbustersidDescription
CVE-2018-5187vulnerablefixedvulnerablefixedMemory safety bugs present in Firefox 60 and Firefox ESR 60. Some of ...
CVE-2018-5156vulnerablefixedvulnerablefixedA vulnerability can occur when capturing a media stream when the media ...
CVE-2018-12385vulnerablevulnerablevulnerablefixedA potentially exploitable crash in TransportSecurityInfo used for SSL ...
CVE-2018-12383vulnerablevulnerablevulnerablefixedIf a user saved passwords before Firefox 58 and then later set a ...
CVE-2018-12379vulnerablevulnerablevulnerablefixedWhen the Mozilla Updater opens a MAR format file which contains a very ...
CVE-2018-12378vulnerablevulnerablevulnerablefixedA use-after-free vulnerability can occur when an IndexedDB index is ...
CVE-2018-12377vulnerablevulnerablevulnerablefixedA use-after-free vulnerability can occur when refresh driver timers ...
CVE-2018-12376vulnerablevulnerablevulnerablefixedMemory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of ...
CVE-2018-12371vulnerablefixedvulnerablefixed
CVE-2018-12367vulnerablefixedvulnerablefixedIn the previous mitigations for Spectre, the resolution or precision ...
CVE-2018-12361vulnerablefixedvulnerablefixedAn integer overflow can occur in the SwizzleData code while ...
CVE-2017-16541vulnerablevulnerablevulnerablefixedTor Browser before 7.0.9 on macOS and Linux allows remote attackers to ...

Resolved issues

BugDescription
CVE-2018-5188Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ...
CVE-2018-5185Plaintext of decrypted emails can leak through by user submitting an ...
CVE-2018-5184Using remote content in encrypted messages can lead to the disclosure ...
CVE-2018-5183Mozilla developers backported selected changes in the Skia library. ...
CVE-2018-5178A buffer overflow was found during UTF8 to Unicode string conversion ...
CVE-2018-5174In the Windows 10 April 2018 Update, Windows Defender SmartScreen ...
CVE-2018-5170It is possible to spoof the filename of an attachment and display an ...
CVE-2018-5168Sites can bypass security checks on permissions to install lightweight ...
CVE-2018-5162Plaintext of decrypted emails can leak through the src attribute of ...
CVE-2018-5161Crafted message headers can cause a Thunderbird process to hang on ...
CVE-2018-5159An integer overflow can occur in the Skia library due to 32-bit ...
CVE-2018-5155A use-after-free vulnerability can occur while adjusting layout during ...
CVE-2018-5154A use-after-free vulnerability can occur while enumerating attributes ...
CVE-2018-5150Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and ...
CVE-2018-5146An out of bounds memory write while processing Vorbis audio data was ...
CVE-2018-5145Memory safety bugs were reported in Firefox ESR 52.6. These bugs ...
CVE-2018-5144An integer overflow can occur during conversion of text to some ...
CVE-2018-5129A lack of parameter validation on IPC messages results in a potential ...
CVE-2018-5127A buffer overflow can occur when manipulating the SVG ...
CVE-2018-5125Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. ...
CVE-2018-5117If right-to-left text is used in the addressbar with left-to-right ...
CVE-2018-5104A use-after-free vulnerability can occur during font face manipulation ...
CVE-2018-5103A use-after-free vulnerability can occur during mouse event handling ...
CVE-2018-5102A use-after-free vulnerability can occur when manipulating HTML media ...
CVE-2018-5099A use-after-free vulnerability can occur when the widget listener is ...
CVE-2018-5098A use-after-free vulnerability can occur when form input elements, ...
CVE-2018-5097A use-after-free vulnerability can occur during XSL transformations ...
CVE-2018-5096A use-after-free vulnerability can occur while editing events in form ...
CVE-2018-5095An integer overflow vulnerability in the Skia library when allocating ...
CVE-2018-5091A use-after-free vulnerability can occur during WebRTC connections ...
CVE-2018-5089Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. ...
CVE-2018-12374Plaintext of decrypted emails can leak through by user submitting an ...
CVE-2018-12373dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can ...
CVE-2018-12372Decrypted S/MIME parts, when included in HTML crafted for an attack, ...
CVE-2018-12368Windows 10 does not warn users before opening executable files with ...
CVE-2018-12366An invalid grid size during QCMS (color profile) transformations can ...
CVE-2018-12365A compromised IPC child process can escape the content sandbox and ...
CVE-2018-12364NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin ...
CVE-2018-12363A use-after-free vulnerability can occur when script uses mutation ...
CVE-2018-12362An integer overflow can occur during graphics operations done by the ...
CVE-2018-12360A use-after-free vulnerability can occur when deleting an input ...
CVE-2018-12359A buffer overflow can occur when rendering canvas content while ...
CVE-2017-7848RSS fields can inject new lines into the created email structure, ...
CVE-2017-7847Crafted CSS in an RSS feed can leak and reveal local path strings, ...
CVE-2017-7846It is possible to execute JavaScript in the parsed RSS feed when RSS ...
CVE-2017-7845A buffer overflow occurs when drawing and validating elements using ...
CVE-2017-7830The Resource Timing API incorrectly revealed navigations in ...
CVE-2017-7829It is possible to spoof the sender's email address and display an ...
CVE-2017-7828A use-after-free vulnerability can occur when flushing and resizing ...
CVE-2017-7826Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. ...
CVE-2017-7824A buffer overflow occurs when drawing and validating elements with the ...
CVE-2017-7823The content security policy (CSP) "sandbox" directive did not create a ...
CVE-2017-7819A use-after-free vulnerability can occur in design mode when image ...
CVE-2017-7818A use-after-free vulnerability can occur when manipulating arrays of ...
CVE-2017-7814File downloads encoded with "blob:" and "data:" URL elements bypassed ...
CVE-2017-7810Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. ...
CVE-2017-7805During TLS 1.2 exchanges, handshake hashes are generated which point ...
CVE-2017-7793A use-after-free vulnerability can occur in the Fetch API when the ...
CVE-2006-4571Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, ...
CVE-2006-4570Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5, with ...
CVE-2006-4569The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked ...
CVE-2006-4568Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows ...
CVE-2006-4567Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it ...
CVE-2006-4566Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and ...
CVE-2006-4565Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, ...
CVE-2006-4340Mozilla Network Security Service (NSS) library before 3.11.3, as used ...
CVE-2006-4253Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier ...
CVE-2006-3812Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and ...
CVE-2006-3811Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, ...
CVE-2006-3810Cross-site scripting (XSS) vulnerability in Mozilla Firefox 1.5 before ...
CVE-2006-3809Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and ...
CVE-2006-3808Mozilla Firefox before 1.5.0.5 and SeaMonkey before 1.0.3 allows ...
CVE-2006-3807Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and ...
CVE-2006-3806Multiple integer overflows in the Javascript engine in Mozilla Firefox ...
CVE-2006-3805The Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird ...
CVE-2006-3804Heap-based buffer overflow in Mozilla Thunderbird before 1.5.0.5 and ...
CVE-2006-3803Race condition in the JavaScript garbage collection in Mozilla Firefox ...
CVE-2006-3802Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and ...
CVE-2006-3801Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 does not ...
CVE-2006-3677Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows ...
CVE-2006-3113Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and ...
CVE-2006-2787EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows ...
CVE-2006-2786HTTP response smuggling vulnerability in Mozilla Firefox and ...
CVE-2006-2783Mozilla Firefox and Thunderbird before 1.5.0.4 strip the Unicode ...
CVE-2006-2781Double free vulnerability in nsVCard.cpp in Mozilla Thunderbird before ...
CVE-2006-2780Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 ...
CVE-2006-2779Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers ...
CVE-2006-2778The crypto.signText function in Mozilla Firefox and Thunderbird before ...
CVE-2006-2776Certain privileged UI code in Mozilla Firefox and Thunderbird before ...
CVE-2006-2775Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL ...
CVE-2006-1942Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, ...
CVE-2006-1790A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to ...
CVE-2006-1742The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before ...
CVE-2006-1741Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite ...
CVE-2006-1740Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite ...
CVE-2006-1739The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x ...
CVE-2006-1738Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x ...
CVE-2006-1737Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and ...
CVE-2006-1735Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...
CVE-2006-1734Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...
CVE-2006-1733Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...
CVE-2006-1732Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x ...
CVE-2006-1731Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...
CVE-2006-1730Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 ...
CVE-2006-1728Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x ...
CVE-2006-1727Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x ...
CVE-2006-1726Unspecified vulnerability in Firefox and Thunderbird 1.5 before ...
CVE-2006-1724Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, ...
CVE-2006-1723Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, ...
CVE-2006-1531Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, ...
CVE-2006-1530Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, ...
CVE-2006-1529Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, ...
CVE-2006-1045The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block ...
CVE-2006-0884The WYSIWYG rendering engine ("rich mail" editor) in Mozilla ...
CVE-2006-0749nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before ...
CVE-2006-0748Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before ...
CVE-2006-0299The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird ...
CVE-2006-0298The XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey before ...
CVE-2006-0297Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if ...
CVE-2006-0296The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, ...
CVE-2006-0295Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, ...
CVE-2006-0294Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript ...
CVE-2006-0292The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before ...
CVE-2005-2353run-mozilla.sh in Thunderbird, with debugging enabled, allows local ...

Security announcements

DSA / DLADescription
DSA-4295-1thunderbird - security update
DLA-1425-1thunderbird - security update
DSA-4244-1thunderbird - security update
DSA-4209-1thunderbird - security update
DSA-4209-1thunderbird - security update
DLA-1382-1thunderbird - security update
DLA-1327-1thunderbird - security update
DSA-4155-1thunderbird - security update
DSA-4155-1thunderbird - security update
DSA-4102-1thunderbird - security update
DSA-4102-1thunderbird - security update
DLA-1262-1thunderbird - security update
DSA-4075-1thunderbird - security update
DSA-4075-1thunderbird - security update
DLA-1223-1thunderbird - security update
DSA-4061-1thunderbird - security update
DSA-4061-1thunderbird - security update
DLA-1199-1thunderbird - security update
DSA-4014-1thunderbird - security update
DSA-4014-1thunderbird - security update
DLA-1153-1thunderbird - security update

Search for package or bug name: Reporting problems