Information on source package thunderbird

Available versions

ReleaseVersion
jessie1:52.8.0-1~deb8u1
jessie (security)1:68.2.2-1~deb8u1
stretch1:60.8.0-1~deb9u1
stretch (security)1:68.2.2-1~deb9u1
buster1:60.9.0-1~deb10u1
buster (security)1:68.2.2-1~deb10u1
bullseye1:60.9.0-1
sid1:68.2.2-1

Open issues

BugjessiestretchbusterbullseyesidDescription
CVE-2019-15903fixedfixedfixedvulnerablefixedIn libexpat before 2.2.8, crafted XML input could fool the parser into ...
CVE-2019-11764fixedfixedfixedvulnerablefixed
CVE-2019-11763fixedfixedfixedvulnerablefixed
CVE-2019-11762fixedfixedfixedvulnerablefixed
CVE-2019-11761fixedfixedfixedvulnerablefixed
CVE-2019-11760fixedfixedfixedvulnerablefixed
CVE-2019-11759fixedfixedfixedvulnerablefixed
CVE-2019-11757fixedfixedfixedvulnerablefixed
CVE-2019-11755fixedfixedfixedvulnerablefixedA crafted S/MIME message consisting of an inner encryption layer and a ...

Resolved issues

BugDescription
CVE-2019-9820A use-after-free vulnerability can occur in the chrome event handler w ...
CVE-2019-9819A vulnerability where a JavaScript compartment mismatch can occur whil ...
CVE-2019-9818A race condition is present in the crash generation server used to gen ...
CVE-2019-9817Images from a different domain can be read using a canvas object in so ...
CVE-2019-9816A possible vulnerability exists where type confusion can occur when ma ...
CVE-2019-9815If hyperthreading is not disabled, a timing attack vulnerability exist ...
CVE-2019-9811As part of a winning Pwn2Own entry, a researcher demonstrated a sandbo ...
CVE-2019-9801Firefox will accept any registered Program ID as an external protocol ...
CVE-2019-9800Mozilla developers and community members reported memory safety bugs p ...
CVE-2019-9797Cross-origin images can be read in violation of the same-origin policy ...
CVE-2019-9796A use-after-free vulnerability can occur when the SMIL animation contr ...
CVE-2019-9795A vulnerability where type-confusion in the IonMonkey just-in-time (JI ...
CVE-2019-9794A vulnerability was discovered where specific command line arguments a ...
CVE-2019-9793A mechanism was discovered that removes some bounds checking for strin ...
CVE-2019-9792The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTI ...
CVE-2019-9791The type inference system allows the compilation of functions that can ...
CVE-2019-9790A use-after-free vulnerability can occur when a raw pointer to a DOM e ...
CVE-2019-9788Mozilla developers and community members reported memory safety bugs p ...
CVE-2019-7317png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after- ...
CVE-2019-5798Lack of correct bounds checking in Skia in Google Chrome prior to 73.0 ...
CVE-2019-5785Incorrect convexity calculations in Skia in Google Chrome prior to 72. ...
CVE-2019-11758
CVE-2019-11752It is possible to delete an IndexedDB key value and subsequently try t ...
CVE-2019-11746A use-after-free vulnerability can occur while manipulating video elem ...
CVE-2019-11744Some HTML elements, such as <title> and <textarea ...
CVE-2019-11743Navigation events were not fully adhering to the W3C's "Navigation-Tim ...
CVE-2019-11742A same-origin policy violation occurs allowing the theft of cross-orig ...
CVE-2019-11740Mozilla developers and community members reported memory safety bugs p ...
CVE-2019-11739Encrypted S/MIME parts in a crafted multipart/alternative message can ...
CVE-2019-11730A vulnerability exists where if a user opens a locally saved HTML file ...
CVE-2019-11729Empty or malformed p256-ECDH public keys may trigger a segmentation fa ...
CVE-2019-11719When importing a curve25519 private key in PKCS#8format with leading 0 ...
CVE-2019-11717A vulnerability exists where the caret ("^") character is improperly e ...
CVE-2019-11715Due to an error while parsing page content, it is possible for properl ...
CVE-2019-11713A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/ ...
CVE-2019-11712POST requests made by NPAPI plugins, such as Flash, that receive a sta ...
CVE-2019-11711When an inner window is reused, it does not consider the use of docume ...
CVE-2019-11709Mozilla developers and community members reported memory safety bugs p ...
CVE-2019-11708Insufficient vetting of parameters passed with the Prompt:Open IPC mes ...
CVE-2019-11707A type confusion vulnerability can occur when manipulating JavaScript ...
CVE-2019-11706A flaw in Thunderbird's implementation of iCal causes a type confusion ...
CVE-2019-11705A flaw in Thunderbird's implementation of iCal causes a stack buffer o ...
CVE-2019-11704A flaw in Thunderbird's implementation of iCal causes a heap buffer ov ...
CVE-2019-11703A flaw in Thunderbird's implementation of iCal causes a heap buffer ov ...
CVE-2019-11698If a crafted hyperlink is dragged and dropped to the bookmark bar or s ...
CVE-2019-11694A vulnerability exists in the Windows sandbox where an uninitialized v ...
CVE-2019-11693The bufferdata function in WebGL is vulnerable to a buffer overflow wi ...
CVE-2019-11692A use-after-free vulnerability can occur when listeners are removed fr ...
CVE-2019-11691A use-after-free vulnerability can occur when working with XMLHttpRequ ...
CVE-2018-5188Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ...
CVE-2018-5187Memory safety bugs present in Firefox 60 and Firefox ESR 60. Some of t ...
CVE-2018-5185Plaintext of decrypted emails can leak through by user submitting an e ...
CVE-2018-5184Using remote content in encrypted messages can lead to the disclosure ...
CVE-2018-5183Mozilla developers backported selected changes in the Skia library. Th ...
CVE-2018-5178A buffer overflow was found during UTF8 to Unicode string conversion w ...
CVE-2018-5174In the Windows 10 April 2018 Update, Windows Defender SmartScreen hono ...
CVE-2018-5170It is possible to spoof the filename of an attachment and display an a ...
CVE-2018-5168Sites can bypass security checks on permissions to install lightweight ...
CVE-2018-5162Plaintext of decrypted emails can leak through the src attribute of re ...
CVE-2018-5161Crafted message headers can cause a Thunderbird process to hang on rec ...
CVE-2018-5159An integer overflow can occur in the Skia library due to 32-bit intege ...
CVE-2018-5156A vulnerability can occur when capturing a media stream when the media ...
CVE-2018-5155A use-after-free vulnerability can occur while adjusting layout during ...
CVE-2018-5154A use-after-free vulnerability can occur while enumerating attributes ...
CVE-2018-5150Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and ...
CVE-2018-5146An out of bounds memory write while processing Vorbis audio data was r ...
CVE-2018-5145Memory safety bugs were reported in Firefox ESR 52.6. These bugs showe ...
CVE-2018-5144An integer overflow can occur during conversion of text to some Unicod ...
CVE-2018-5129A lack of parameter validation on IPC messages results in a potential ...
CVE-2018-5127A buffer overflow can occur when manipulating the SVG "animatedPathSeg ...
CVE-2018-5125Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. S ...
CVE-2018-5117If right-to-left text is used in the addressbar with left-to-right ali ...
CVE-2018-5104A use-after-free vulnerability can occur during font face manipulation ...
CVE-2018-5103A use-after-free vulnerability can occur during mouse event handling d ...
CVE-2018-5102A use-after-free vulnerability can occur when manipulating HTML media ...
CVE-2018-5099A use-after-free vulnerability can occur when the widget listener is h ...
CVE-2018-5098A use-after-free vulnerability can occur when form input elements, foc ...
CVE-2018-5097A use-after-free vulnerability can occur during XSL transformations wh ...
CVE-2018-5096A use-after-free vulnerability can occur while editing events in form ...
CVE-2018-5095An integer overflow vulnerability in the Skia library when allocating ...
CVE-2018-5091A use-after-free vulnerability can occur during WebRTC connections whe ...
CVE-2018-5089Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. S ...
CVE-2018-18513A crash can occur when processing a crafted S/MIME message or an XPI p ...
CVE-2018-18512A use-after-free vulnerability can occur while playing a sound notific ...
CVE-2018-18511Cross-origin images can be read from a canvas element in violation of ...
CVE-2018-18509A flaw during verification of certain S/MIME signatures causes emails ...
CVE-2018-18506When proxy auto-detection is enabled, if a web server serves a Proxy A ...
CVE-2018-18505An earlier fix for an Inter-process Communication (IPC) vulnerability, ...
CVE-2018-18501Mozilla developers and community members reported memory safety bugs p ...
CVE-2018-18500A use-after-free vulnerability can occur while parsing an HTML5 stream ...
CVE-2018-18499A same-origin policy violation allowing the theft of cross-origin URL ...
CVE-2018-18498A potential vulnerability leading to an integer overflow can occur dur ...
CVE-2018-18494A same-origin policy violation allowing the theft of cross-origin URL ...
CVE-2018-18493A buffer overflow can occur in the Skia library during buffer offset c ...
CVE-2018-18492A use-after-free vulnerability can occur after deleting a selection el ...
CVE-2018-18356An integer overflow in path handling lead to a use after free in Skia ...
CVE-2018-18335Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 al ...
CVE-2018-17466Incorrect texture handling in Angle in Google Chrome prior to 70.0.353 ...
CVE-2018-12405Mozilla developers and community members reported memory safety bugs p ...
CVE-2018-12393A potential vulnerability was found in 32-bit builds where an integer ...
CVE-2018-12392When manipulating user events in nested loops while opening a document ...
CVE-2018-12391During HTTP Live Stream playback on Firefox for Android, audio data ca ...
CVE-2018-12390Mozilla developers and community members reported memory safety bugs p ...
CVE-2018-12389Mozilla developers and community members reported memory safety bugs p ...
CVE-2018-12385A potentially exploitable crash in TransportSecurityInfo used for SSL ...
CVE-2018-12383If a user saved passwords before Firefox 58 and then later set a maste ...
CVE-2018-12379When the Mozilla Updater opens a MAR format file which contains a very ...
CVE-2018-12378A use-after-free vulnerability can occur when an IndexedDB index is de ...
CVE-2018-12377A use-after-free vulnerability can occur when refresh driver timers ar ...
CVE-2018-12376Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of ...
CVE-2018-12374Plaintext of decrypted emails can leak through by user submitting an e ...
CVE-2018-12373dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can ...
CVE-2018-12372Decrypted S/MIME parts, when included in HTML crafted for an attack, c ...
CVE-2018-12371
CVE-2018-12368Windows 10 does not warn users before opening executable files with th ...
CVE-2018-12367In the previous mitigations for Spectre, the resolution or precision o ...
CVE-2018-12366An invalid grid size during QCMS (color profile) transformations can r ...
CVE-2018-12365A compromised IPC child process can escape the content sandbox and lis ...
CVE-2018-12364NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin r ...
CVE-2018-12363A use-after-free vulnerability can occur when script uses mutation eve ...
CVE-2018-12362An integer overflow can occur during graphics operations done by the S ...
CVE-2018-12361An integer overflow can occur in the SwizzleData code while calculatin ...
CVE-2018-12360A use-after-free vulnerability can occur when deleting an input elemen ...
CVE-2018-12359A buffer overflow can occur when rendering canvas content while adjust ...
CVE-2017-7848RSS fields can inject new lines into the created email structure, modi ...
CVE-2017-7847Crafted CSS in an RSS feed can leak and reveal local path strings, whi ...
CVE-2017-7846It is possible to execute JavaScript in the parsed RSS feed when RSS f ...
CVE-2017-7845A buffer overflow occurs when drawing and validating elements using Di ...
CVE-2017-7830The Resource Timing API incorrectly revealed navigations in cross-orig ...
CVE-2017-7829It is possible to spoof the sender's email address and display an arbi ...
CVE-2017-7828A use-after-free vulnerability can occur when flushing and resizing la ...
CVE-2017-7826Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. S ...
CVE-2017-7824A buffer overflow occurs when drawing and validating elements with the ...
CVE-2017-7823The content security policy (CSP) "sandbox" directive did not create a ...
CVE-2017-7819A use-after-free vulnerability can occur in design mode when image obj ...
CVE-2017-7818A use-after-free vulnerability can occur when manipulating arrays of A ...
CVE-2017-7814File downloads encoded with "blob:" and "data:" URL elements bypassed ...
CVE-2017-7810Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. S ...
CVE-2017-7805During TLS 1.2 exchanges, handshake hashes are generated which point t ...
CVE-2017-7793A use-after-free vulnerability can occur in the Fetch API when the wor ...
CVE-2017-16541Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to ...
CVE-2016-5824libical 1.0 allows remote attackers to cause a denial of service (use- ...
CVE-2006-4571Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, Thunde ...
CVE-2006-4570Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5, with "L ...
CVE-2006-4569The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked ...
CVE-2006-4568Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows remot ...
CVE-2006-4567Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it ...
CVE-2006-4566Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMon ...
CVE-2006-4565Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, Thunderb ...
CVE-2006-4340Mozilla Network Security Service (NSS) library before 3.11.3, as used ...
CVE-2006-4253Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allow ...
CVE-2006-3812Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMon ...
CVE-2006-3811Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, Thunderbir ...
CVE-2006-3810Cross-site scripting (XSS) vulnerability in Mozilla Firefox 1.5 before ...
CVE-2006-3809Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMon ...
CVE-2006-3808Mozilla Firefox before 1.5.0.5 and SeaMonkey before 1.0.3 allows remot ...
CVE-2006-3807Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMon ...
CVE-2006-3806Multiple integer overflows in the Javascript engine in Mozilla Firefox ...
CVE-2006-3805The Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird b ...
CVE-2006-3804Heap-based buffer overflow in Mozilla Thunderbird before 1.5.0.5 and S ...
CVE-2006-3803Race condition in the JavaScript garbage collection in Mozilla Firefox ...
CVE-2006-3802Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMon ...
CVE-2006-3801Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 does not ...
CVE-2006-3677Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows r ...
CVE-2006-3113Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and Se ...
CVE-2006-2787EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows ...
CVE-2006-2786HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbi ...
CVE-2006-2783Mozilla Firefox and Thunderbird before 1.5.0.4 strip the Unicode Byte- ...
CVE-2006-2781Double free vulnerability in nsVCard.cpp in Mozilla Thunderbird before ...
CVE-2006-2780Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 all ...
CVE-2006-2779Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers ...
CVE-2006-2778The crypto.signText function in Mozilla Firefox and Thunderbird before ...
CVE-2006-2776Certain privileged UI code in Mozilla Firefox and Thunderbird before 1 ...
CVE-2006-2775Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL attribut ...
CVE-2006-1942Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Ne ...
CVE-2006-1790A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to c ...
CVE-2006-1742The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1. ...
CVE-2006-1741Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite b ...
CVE-2006-1740Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite b ...
CVE-2006-1739The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x b ...
CVE-2006-1738Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x befor ...
CVE-2006-1737Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and ...
CVE-2006-1735Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...
CVE-2006-1734Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...
CVE-2006-1733Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...
CVE-2006-1732Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x befor ...
CVE-2006-1731Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...
CVE-2006-1730Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 ...
CVE-2006-1728Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x befor ...
CVE-2006-1727Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x befor ...
CVE-2006-1726Unspecified vulnerability in Firefox and Thunderbird 1.5 before 1.5.0. ...
CVE-2006-1724Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, 1 ...
CVE-2006-1723Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, a ...
CVE-2006-1531Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, a ...
CVE-2006-1530Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, a ...
CVE-2006-1529Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, a ...
CVE-2006-1045The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block load ...
CVE-2006-0884The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbi ...
CVE-2006-0749nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before 1. ...
CVE-2006-0748Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1. ...
CVE-2006-0299The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird ...
CVE-2006-0298The XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey before ...
CVE-2006-0297Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if ...
CVE-2006-0296The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, a ...
CVE-2006-0295Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, ...
CVE-2006-0294Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript ...
CVE-2006-0292The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before ...
CVE-2005-2353run-mozilla.sh in Thunderbird, with debugging enabled, allows local us ...

Security announcements

DSA / DLADescription
DLA-1997-1thunderbird - security update
DSA-4571-1thunderbird - security update
DSA-4571-1thunderbird - security update
DLA-1926-1thunderbird - security update
DSA-4523-1thunderbird - security update
DSA-4523-1thunderbird - security update
DLA-1870-1thunderbird - security update
DSA-4482-1thunderbird - security update
DSA-4482-1thunderbird - security update
DLA-1836-1thunderbird - security update
DSA-4471-1thunderbird - security update
DLA-1820-1thunderbird - security update
DSA-4464-1thunderbird - security update
DLA-1806-1thunderbird - security update
DSA-4451-1thunderbird - security update
DLA-1743-1thunderbird - security update
DSA-4420-1thunderbird - security update
DSA-4392-1thunderbird - security update
DLA-1678-1thunderbird - security update
DLA-1624-1thunderbird - security update
DSA-4362-1thunderbird - security update
DLA-1575-1thunderbird - security update
DSA-4337-1thunderbird - security update
DSA-4327-1thunderbird - security update
DSA-4295-1thunderbird - security update
DLA-1425-1thunderbird - security update
DSA-4244-1thunderbird - security update
DSA-4209-1thunderbird - security update
DSA-4209-1thunderbird - security update
DLA-1382-1thunderbird - security update
DLA-1327-1thunderbird - security update
DSA-4155-1thunderbird - security update
DSA-4155-1thunderbird - security update
DSA-4102-1thunderbird - security update
DSA-4102-1thunderbird - security update
DLA-1262-1thunderbird - security update
DSA-4075-1thunderbird - security update
DSA-4075-1thunderbird - security update
DLA-1223-1thunderbird - security update
DSA-4061-1thunderbird - security update
DSA-4061-1thunderbird - security update
DLA-1199-1thunderbird - security update
DSA-4014-1thunderbird - security update
DSA-4014-1thunderbird - security update
DLA-1153-1thunderbird - security update

Search for package or bug name: Reporting problems