Thunderbird
Source repositories
CVEs (1,864)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-4085 | Hig | 0.46 | 7.1 | 0.00 | Apr 29, 2025 | An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. This vulnerability was fixed in Firefox 138 and Thunderbird 138. | ||
| CVE-2025-26696 | Hig | 0.46 | 7.0 | 0.00 | Mar 10, 2025 | Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which instead contained an OpenPGP signed message, were wrongly shown as being encrypted. This vulnerability was fixed in Thunderbird 136 and Thunderbird 128.8. | ||
| CVE-2014-1523 | Med | 0.43 | 6.5 | 0.03 | Apr 30, 2014 | Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG… | ||
| CVE-2026-12325 | Med | 0.42 | 6.5 | 0.00 | Jun 16, 2026 | Denial-of-service in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. | ||
| CVE-2026-12319 | Med | 0.42 | 6.5 | 0.00 | Jun 16, 2026 | Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 152 and Thunderbird 152. | ||
| CVE-2026-12309 | Med | 0.42 | 6.5 | 0.00 | Jun 16, 2026 | Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. | ||
| CVE-2026-12302 | Med | 0.42 | 6.5 | 0.00 | Jun 16, 2026 | Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. | ||
| CVE-2026-8971 | Med | 0.42 | 6.5 | 0.00 | May 19, 2026 | Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. | ||
| CVE-2026-8961 | Med | 0.42 | 6.5 | 0.00 | May 19, 2026 | Spoofing issue in the Form Autofill component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. | ||
| CVE-2026-6770 | Med | 0.42 | 6.5 | 0.05 | Apr 21, 2026 | Other issue in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | ||
| CVE-2026-6764 | Med | 0.42 | 6.5 | 0.00 | Apr 21, 2026 | Incorrect boundary conditions in the DOM: Device Interfaces component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | ||
| CVE-2026-6763 | Med | 0.42 | 6.5 | 0.00 | Apr 21, 2026 | Mitigation bypass in the File Handling component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | ||
| CVE-2026-6755 | Med | 0.42 | 6.5 | 0.00 | Apr 21, 2026 | Mitigation bypass in the DOM: postMessage component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | ||
| CVE-2026-3889 | Med | 0.42 | 6.5 | 0.00 | Mar 24, 2026 | Spoofing issue in Thunderbird. This vulnerability was fixed in Thunderbird 149 and Thunderbird 140.9. | ||
| CVE-2026-4728 | Med | 0.42 | 6.5 | 0.00 | Mar 24, 2026 | Spoofing issue in the Privacy: Anti-Tracking component. This vulnerability was fixed in Firefox 149 and Thunderbird 149. | ||
| CVE-2026-0885 | Med | 0.42 | 6.5 | 0.00 | Jan 13, 2026 | Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7. | ||
| CVE-2025-14331 | Med | 0.42 | 6.5 | 0.00 | Dec 9, 2025 | Same-origin policy bypass in the Request Handling component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6. | ||
| CVE-2025-11716 | Med | 0.42 | 6.5 | 0.00 | Oct 14, 2025 | Links in a sandboxed iframe could open an external app on Android without the required "allow-" permission. This vulnerability was fixed in Firefox 144 and Thunderbird 144. | ||
| CVE-2025-11711 | Med | 0.42 | 6.5 | 0.00 | Oct 14, 2025 | There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4. | ||
| CVE-2025-10532 | Med | 0.42 | 6.5 | 0.00 | Sep 16, 2025 | Incorrect boundary conditions in the JavaScript: GC component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3. |
- risk 0.46cvss 7.1epss 0.00
An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. This vulnerability was fixed in Firefox 138 and Thunderbird 138.
- risk 0.46cvss 7.0epss 0.00
Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which instead contained an OpenPGP signed message, were wrongly shown as being encrypted. This vulnerability was fixed in Thunderbird 136 and Thunderbird 128.8.
- risk 0.43cvss 6.5epss 0.03
Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG…
- risk 0.42cvss 6.5epss 0.00
Denial-of-service in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
- risk 0.42cvss 6.5epss 0.00
Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
- risk 0.42cvss 6.5epss 0.00
Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
- risk 0.42cvss 6.5epss 0.00
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
- risk 0.42cvss 6.5epss 0.00
Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
- risk 0.42cvss 6.5epss 0.00
Spoofing issue in the Form Autofill component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
- risk 0.42cvss 6.5epss 0.05
Other issue in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
- risk 0.42cvss 6.5epss 0.00
Incorrect boundary conditions in the DOM: Device Interfaces component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
- risk 0.42cvss 6.5epss 0.00
Mitigation bypass in the File Handling component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
- risk 0.42cvss 6.5epss 0.00
Mitigation bypass in the DOM: postMessage component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
- risk 0.42cvss 6.5epss 0.00
Spoofing issue in Thunderbird. This vulnerability was fixed in Thunderbird 149 and Thunderbird 140.9.
- risk 0.42cvss 6.5epss 0.00
Spoofing issue in the Privacy: Anti-Tracking component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.
- risk 0.42cvss 6.5epss 0.00
Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.
- risk 0.42cvss 6.5epss 0.00
Same-origin policy bypass in the Request Handling component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.
- risk 0.42cvss 6.5epss 0.00
Links in a sandboxed iframe could open an external app on Android without the required "allow-" permission. This vulnerability was fixed in Firefox 144 and Thunderbird 144.
- risk 0.42cvss 6.5epss 0.00
There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.
- risk 0.42cvss 6.5epss 0.00
Incorrect boundary conditions in the JavaScript: GC component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.
Page 24 of 94