Security Advisories for Thunderbird
Impact key:
- Critical: Vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.
- High: Vulnerability can be used to gather sensitive data from sites in other windows or inject data or code into those sites, requiring no more than normal browsing actions.
- Moderate: Vulnerabilities that would otherwise be High or Critical except they only work in uncommon non-default configurations or require the user to perform complicated and/or unlikely steps.
- Low: Minor security vulnerabilities such as Denial of Service attacks, minor data leaks, or spoofs. (Undetectable spoofs of SSL indicia would have "High" impact because those are generally used to steal sensitive data intended for other sites.)
Fixed in Thunderbird 10.0.2
MFSA 2012-11 libpng integer overflowFixed in Thunderbird 10.0.1
MFSA 2012-10 use after free in nsXBLDocumentInfo::ReadPrototypeBindingsFixed in Thunderbird 10
MFSA 2012-08 Crash with malformed embedded XSLT stylesheetsMFSA 2012-07 Potential Memory Corruption When Decoding Ogg Vorbis files
MFSA 2012-06 Uninitialized memory appended when encoding icon images may cause information disclosure
MFSA 2012-05 Frame scripts calling into untrusted objects bypass security checks
MFSA 2012-04 Child nodes from nsDOMAttribute still accessible after removal of nodes
MFSA 2012-03 <iframe> element exposed across domains via name attribute
MFSA 2012-01 Miscellaneous memory safety hazards (rv:10.0/ rv:1.9.2.26)
Fixed in Thunderbird 9
MFSA 2011-58 Crash scaling <video> to extreme sizesMFSA 2011-57 Crash when plugin removes itself on Mac OS X
MFSA 2011-56 Key detection without JavaScript via SVG animation
MFSA 2011-55 nsSVGValue out-of-bounds access
MFSA 2011-54 Potentially exploitable crash in the YARR regular expression library
MFSA 2011-53 Miscellaneous memory safety hazards (rv:9.0)
Fixed in Thunderbird 8
MFSA 2011-52 Code execution via NoWaiverWrapperMFSA 2011-51 Cross-origin image theft on Mac with integrated Intel GPU
MFSA 2011-50 Cross-origin data theft using canvas and Windows D2D
MFSA 2011-49 Memory corruption while profiling using Firebug
MFSA 2011-48 Miscellaneous memory safety hazards (rv:8.0)
MFSA 2011-47 Potential XSS against sites using Shift-JIS
Fixed in Thunderbird 7
MFSA 2012-02 Overly permissive IPv6 literal syntaxMFSA 2011-44 Use after free reading OGG headers
MFSA 2011-42 Potentially exploitable crash in the YARR regular expression library
MFSA 2011-40 Code installation through holding down Enter
MFSA 2011-39 Defense against multiple Location headers due to CRLF Injection
MFSA 2011-36 Miscellaneous memory safety hazards (rv:7.0 / rv:1.9.2.23)
Fixed in Thunderbird 6.0.2
MFSA 2011-35 Additional protection against fraudulent DigiNotar certificatesFixed in Thunderbird 6.0.1
MFSA 2011-34 Protection against fraudulent DigiNotar certificatesFixed in Thunderbird 6
MFSA 2011-38 XSS via plugins and shadowed window.location objectMFSA 2011-31 Security issues addressed in Thunderbird 6
