Mozilla Thunderbird vulnerabilities
1,818 known vulnerabilities affecting mozilla/thunderbird.
Total CVEs
1,818
CISA KEV
14
actively exploited
Public exploits
58
Exploited in wild
18
Severity breakdown
CRITICAL612HIGH551MEDIUM626LOW29
Vulnerabilities
Page 50 of 91
CVE-2017-5439CRITICALCVSS 9.8fixed in 52.1.0≥ unspecified, < 52.12018-06-11
CVE-2017-5439 [CRITICAL] CWE-416 CVE-2017-5439: A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. T
A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
nvd
CVE-2017-5404CRITICALCVSS 9.8PoCfixed in 45.8.0≥ unspecified, < 52+1 more2018-06-11
CVE-2017-5404 [CRITICAL] CWE-416 CVE-2017-5404: A use-after-free error can occur when manipulating ranges in selections with one node inside a nativ
A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.
nvd
CVE-2017-5400CRITICALCVSS 9.8fixed in 45.8.0≥ unspecified, < 52+1 more2018-06-11
CVE-2017-5400 [CRITICAL] CWE-119 CVE-2017-5400: JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protection
JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.
nvd
CVE-2016-5290CRITICALCVSS 9.8fixed in 45.5.0≥ unspecified, < 45.52018-06-11
CVE-2016-5290 [CRITICAL] CWE-119 CVE-2016-5290: Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evide
Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
nvdosv
CVE-2017-7779CRITICALCVSS 9.8fixed in 52.3.0≥ unspecified, < 52.32018-06-11
CVE-2017-7779 [CRITICAL] CWE-119 CVE-2017-7779: Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. Some of thes
Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
nvd
CVE-2017-7756CRITICALCVSS 9.8fixed in 52.2.0≥ unspecified, < 52.22018-06-11
CVE-2017-7756 [CRITICAL] CWE-416 CVE-2017-7756: A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Req
A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
nvd
CVE-2017-5376CRITICALCVSS 9.8fixed in 45.7.0≥ unspecified, < 45.72018-06-11
CVE-2017-5376 [CRITICAL] CWE-416 CVE-2017-5376: Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird < 45
Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
nvd
CVE-2018-5098CRITICALCVSS 9.8fixed in 52.6.0≥ unspecified, < 52.62018-06-11
CVE-2018-5098 [CRITICAL] CWE-416 CVE-2018-5098: A use-after-free vulnerability can occur when form input elements, focus, and selections are manipul
A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
nvdosv
CVE-2017-7801CRITICALCVSS 9.8fixed in 52.3.0≥ unspecified, < 52.32018-06-11
CVE-2017-7801 [CRITICAL] CWE-416 CVE-2017-7801: A use-after-free vulnerability can occur while re-computing layout for a "marquee" element during wi
A use-after-free vulnerability can occur while re-computing layout for a "marquee" element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
nvd
CVE-2017-5446CRITICALCVSS 9.8fixed in 52.1.0≥ unspecified, < 52.12018-06-11
CVE-2017-5446 [CRITICAL] CWE-125 CVE-2017-5446: An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data
An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
nvd
CVE-2017-7809CRITICALCVSS 9.8fixed in 52.3.02018-06-11
CVE-2017-7809 [CRITICAL] CWE-416 CVE-2017-7809: A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree
A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
nvd
CVE-2017-5399CRITICALCVSS 9.8fixed in 52.0≥ unspecified, < 522018-06-11
CVE-2017-5399 [CRITICAL] CWE-119 CVE-2017-5399: Memory safety bugs were reported in Firefox 51. Some of these bugs showed evidence of memory corrupt
Memory safety bugs were reported in Firefox 51. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52 and Thunderbird < 52.
nvd
CVE-2016-9898CRITICALCVSS 9.8fixed in 45.6.0≥ unspecified, < 45.62018-06-11
CVE-2016-9898 [CRITICAL] CWE-416 CVE-2016-9898: Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Edit
Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
nvd
CVE-2017-5440CRITICALCVSS 9.8fixed in 52.1.0≥ unspecified, < 52.12018-06-11
CVE-2017-5440 [CRITICAL] CWE-416 CVE-2017-5440: A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions
A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 5
nvd
CVE-2017-5460CRITICALCVSS 9.8fixed in 52.1.0≥ unspecified, < 52.12018-06-11
CVE-2017-5460 [CRITICAL] CWE-416 CVE-2017-5460: A use-after-free vulnerability in frame selection triggered by a combination of malicious script con
A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
nvd
CVE-2017-5464CRITICALCVSS 9.8fixed in 52.1.0≥ unspecified, < 52.12018-06-11
CVE-2017-5464 [CRITICAL] CWE-119 CVE-2017-5464: During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sy
During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
nvd
CVE-2017-5380CRITICALCVSS 9.8fixed in 45.7.0≥ unspecified, < 45.72018-06-11
CVE-2017-5380 [CRITICAL] CWE-416 CVE-2017-5380: A potential use-after-free found through fuzzing during DOM manipulation of SVG content. This vulner
A potential use-after-free found through fuzzing during DOM manipulation of SVG content. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
nvd
CVE-2017-5459CRITICALCVSS 9.8fixed in 52.1.0≥ unspecified, < 52.12018-06-11
CVE-2017-5459 [CRITICAL] CWE-119 CVE-2017-5459: A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash.
A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
nvd
CVE-2017-5438CRITICALCVSS 9.8fixed in 52.1.0≥ unspecified, < 52.12018-06-11
CVE-2017-5438 [CRITICAL] CWE-416 CVE-2017-5438: A use-after-free vulnerability during XSLT processing due to the result handler being held by a free
A use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
nvd
CVE-2017-7749CRITICALCVSS 9.8fixed in 52.2.0≥ unspecified, < 52.22018-06-11
CVE-2017-7749 [CRITICAL] CWE-416 CVE-2017-7749: A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This
A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
nvd