Security Advisories for Thunderbird
Impact key:
- Critical: Vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.
- High: Vulnerability can be used to gather sensitive data from sites in other windows or inject data or code into those sites, requiring no more than normal browsing actions.
- Moderate: Vulnerabilities that would otherwise be High or Critical except they only work in uncommon non-default configurations or require the user to perform complicated and/or unlikely steps.
- Low: Minor security vulnerabilities such as Denial of Service attacks, minor data leaks, or spoofs. (Undetectable spoofs of SSL indicia would have "High" impact because those are generally used to steal sensitive data intended for other sites.)
Fixed in Thunderbird 17.0.7
MFSA 2013-59 XrayWrappers can be bypassed to run user defined methods in a privileged contextMFSA 2013-56 PreserveWrapper has inconsistent behavior
MFSA 2013-55 SVG filters can lead to information disclosure
MFSA 2013-54 Data in the body of XHR HEAD requests leads to CSRF attacks
MFSA 2013-53 Execution of unmapped memory through onreadystatechange event
MFSA 2013-51 Privileged content access and execution via XBL
MFSA 2013-50 Memory corruption found using Address Sanitizer
MFSA 2013-49 Miscellaneous memory safety hazards (rv:22.0 / rv:17.0.7)
Fixed in Thunderbird 17.0.6
MFSA 2013-48 Memory corruption found using Address SanitizerMFSA 2013-47 Uninitialized functions in DOMSVGZoomEvent
MFSA 2013-46 Use-after-free with video and onresize event
MFSA 2013-44 Local privilege escalation through Mozilla Maintenance Service
MFSA 2013-42 Privileged access for content level constructor
MFSA 2013-41 Miscellaneous memory safety hazards (rv:21.0 / rv:17.0.6)
Fixed in Thunderbird 17.0.5
MFSA 2013-40 Out-of-bounds array read in CERT_DecodeCertPackageMFSA 2013-38 Cross-site scripting (XSS) using timed history navigations
MFSA 2013-36 Bypass of SOW protections allows cloning of protected nodes
MFSA 2013-35 WebGL crash with Mesa graphics driver on Linux
MFSA 2013-34 Privilege escalation through Mozilla Updater
MFSA 2013-32 Privilege escalation through Mozilla Maintenance Service
MFSA 2013-31 Out-of-bounds write in Cairo library
MFSA 2013-30 Miscellaneous memory safety hazards (rv:20.0 / rv:17.0.5)
Fixed in Thunderbird 17.0.4
MFSA 2013-29 Use-after-free in HTML EditorFixed in Thunderbird 17.0.3
MFSA 2013-28 Use-after-free, out of bounds read, and buffer overflow issues found using Address SanitizerMFSA 2013-27 Phishing on HTTPS connection through malicious proxy
MFSA 2013-26 Use-after-free in nsImageLoadingContent
MFSA 2013-25 Privacy leak in JavaScript Workers
MFSA 2013-24 Web content bypass of COW and SOW security wrappers
MFSA 2013-21 Miscellaneous memory safety hazards (rv:19.0 / rv:17.0.3)
Fixed in Thunderbird 17.0.2
MFSA 2013-20 Mis-issued TURKTRUST certificatesMFSA 2013-19 Use-after-free in Javascript Proxy objects
MFSA 2013-18 Use-after-free in Vibrate
MFSA 2013-17 Use-after-free in ListenerManager
MFSA 2013-16 Use-after-free in serializeToStream
MFSA 2013-15 Privilege escalation through plugin objects
MFSA 2013-14 Chrome Object Wrapper (COW) bypass through changing prototype
MFSA 2013-13 Memory corruption in XBL with XML bindings containing SVG
MFSA 2013-12 Buffer overflow in Javascript string concatenation
MFSA 2013-11 Address space layout leaked in XBL objects
MFSA 2013-10 Event manipulation in plugin handler to bypass same-origin policy
MFSA 2013-09 Compartment mismatch with quickstubs returned values
MFSA 2013-08 AutoWrapperChanger fails to keep objects alive during garbage collection
MFSA 2013-07 Crash due to handling of SSL on threads
MFSA 2013-05 Use-after-free when displaying table with many columns and column groups
MFSA 2013-04 URL spoofing in addressbar during page loads
MFSA 2013-03 Buffer Overflow in Canvas
MFSA 2013-02 Use-after-free and buffer overflow issues found using Address Sanitizer
MFSA 2013-01 Miscellaneous memory safety hazards (rv:18.0/ rv:10.0.12 / rv:17.0.2)
Fixed in Thunderbird 17
MFSA 2012-106 Use-after-free, buffer overflow, and memory corruption issues found using Address SanitizerMFSA 2012-105 Use-after-free and buffer overflow issues found using Address Sanitizer
MFSA 2012-103 Frames can shadow top.location
MFSA 2012-101 Improper character decoding in HZ-GB-2312 charset
MFSA 2012-100 Improper security filtering for cross-origin wrappers
MFSA 2012-99 XrayWrappers exposes chrome-only properties when not in chrome compartment
MFSA 2012-97 XMLHttpRequest inherits incorrect principal within sandbox
MFSA 2012-96 Memory corruption in str_unescape
MFSA 2012-94 Crash when combining SVG text on path with CSS
MFSA 2012-93 evalInSanbox location context incorrectly applied
MFSA 2012-92 Buffer overflow while rendering GIF images
MFSA 2012-91 Miscellaneous memory safety hazards (rv:17.0/ rv:10.0.11)
Fixed in Thunderbird 16.0.2
MFSA 2012-90 Fixes for Location object issuesMFSA 2012-67 Installer will launch incorrect executable following new installation
Fixed in Thunderbird 16.0.1
MFSA 2012-89 defaultValue security checks not appliedMFSA 2012-88 Miscellaneous memory safety hazards (rv:16.0.1)
Fixed in Thunderbird 16
MFSA 2012-87 Use-after-free in the IME State ManagerMFSA 2012-86 Heap memory corruption issues found using Address Sanitizer
MFSA 2012-85 Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer
MFSA 2012-84 Spoofing and script injection through location.hash
MFSA 2012-83 Chrome Object Wrapper (COW) does not disallow acces to privileged functions or properties
MFSA 2012-82 top object and location property accessible by plugins
MFSA 2012-81 GetProperty function can bypass security checks
MFSA 2012-80 Crash with invalid cast when using instanceof operator
MFSA 2012-79 DOS and crash with full screen and history navigation
MFSA 2012-77 Some DOMWindowUtils methods bypass security checks
MFSA 2012-76 Continued access to initial origin after setting document.domain
MFSA 2012-75 select element persistance allows for attacks
MFSA 2012-74 Miscellaneous memory safety hazards (rv:16.0/ rv:10.0.8)
Fixed in Thunderbird 15
MFSA 2012-72 Web console eval capable of executing chrome-privileged codeMFSA 2012-70 Location object security checks bypassed by chrome code
MFSA 2012-68 DOMParser loads linked resources in extensions when parsing text/html
MFSA 2012-65 Out-of-bounds read in format-number in XSLT
MFSA 2012-64 Graphite 2 memory corruption
MFSA 2012-63 SVG buffer overflow and use-after-free issues
MFSA 2012-62 WebGL use-after-free and memory corruption
MFSA 2012-61 Memory corruption with bitmap format images with negative height
MFSA 2012-59 Location object can be shadowed using Object.defineProperty
MFSA 2012-58 Use-after-free issues found using Address Sanitizer
MFSA 2012-57 Miscellaneous memory safety hazards (rv:15.0/ rv:10.0.7)
Fixed in Thunderbird 14
MFSA 2012-56 Code execution through javascript: URLsMFSA 2012-53 Content Security Policy 1.0 implementation errors cause data leakage
MFSA 2012-52 JSDependentString::undepend string conversion results in memory corruption
MFSA 2012-51 X-Frame-Options header ignored when duplicated
MFSA 2012-50 Out of bounds read in QCMS
MFSA 2012-49 Same-compartment Security Wrappers can be bypassed
MFSA 2012-48 use-after-free in nsGlobalWindow::PageHidden
MFSA 2012-47 Improper filtering of javascript in HTML feed-view
MFSA 2012-45 Spoofing issue with location
MFSA 2012-44 Gecko memory corruption
MFSA 2012-42 Miscellaneous memory safety hazards (rv:14.0/ rv:10.0.6)
Fixed in Thunderbird 13
MFSA 2012-54 Clickjacking of certificate warning pageMFSA 2012-40 Buffer overflow and use-after-free issues found using Address Sanitizer
MFSA 2012-39 NSS parsing errors with zero length items
MFSA 2012-38 Use-after-free while replacing/inserting a node in a document
MFSA 2012-37 Information disclosure though Windows file shares and shortcut files
MFSA 2012-36 Content Security Policy inline-script bypass
MFSA 2012-35 Privilege escalation through Mozilla Updater and Windows Updater Service
MFSA 2012-34 Miscellaneous memory safety hazards
Fixed in Thunderbird 12
MFSA 2012-33 Potential site identity spoofing when loading RSS and Atom feedsMFSA 2012-32 HTTP Redirections and remote content can be read by javascript errors
MFSA 2012-31 Off-by-one error in OpenType Sanitizer
MFSA 2012-30 Crash with WebGL content using textImage2D
MFSA 2012-29 Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues
MFSA 2012-28 Ambiguous IPv6 in Origin headers may bypass webserver access restrictions
MFSA 2012-27 Page load short-circuit can lead to XSS
MFSA 2012-26 WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error
MFSA 2012-25 Potential memory corruption during font rendering using cairo-dwrite
MFSA 2012-24 Potential XSS via multibyte content processing errors
MFSA 2012-23 Invalid frees causes heap corruption in gfxImageSurface
MFSA 2012-22 use-after-free in IDBKeyRange
MFSA 2012-20 Miscellaneous memory safety hazards (rv:12.0/ rv:10.0.4)
Fixed in Thunderbird 11
MFSA 2012-19 Miscellaneous memory safety hazards (rv:11.0/ rv:10.0.3 / rv:1.9.2.28)MFSA 2012-18 window.fullScreen writeable by untrusted content
MFSA 2012-17 Crash when accessing keyframe cssText after dynamic modification
MFSA 2012-16 Escalation of privilege with Javascript: URL as home page
MFSA 2012-15 XSS with multiple Content Security Policy headers
MFSA 2012-14 SVG issues found with Address Sanitizer
MFSA 2012-13 XSS with Drag and Drop and Javascript: URL
MFSA 2012-12 Use-after-free in shlwapi.dll
Fixed in Thunderbird 10.0.2
MFSA 2012-11 libpng integer overflowFixed in Thunderbird 10.0.1
MFSA 2012-10 use after free in nsXBLDocumentInfo::ReadPrototypeBindingsFixed in Thunderbird 10
MFSA 2012-08 Crash with malformed embedded XSLT stylesheetsMFSA 2012-07 Potential Memory Corruption When Decoding Ogg Vorbis files
MFSA 2012-06 Uninitialized memory appended when encoding icon images may cause information disclosure
MFSA 2012-05 Frame scripts calling into untrusted objects bypass security checks
MFSA 2012-04 Child nodes from nsDOMAttribute still accessible after removal of nodes
MFSA 2012-03 <iframe> element exposed across domains via name attribute
MFSA 2012-01 Miscellaneous memory safety hazards (rv:10.0/ rv:1.9.2.26)
Fixed in Thunderbird 9
MFSA 2012-41 Use-after-free in nsHTMLSelectElementMFSA 2011-58 Crash scaling <video> to extreme sizes
MFSA 2011-57 Crash when plugin removes itself on Mac OS X
MFSA 2011-56 Key detection without JavaScript via SVG animation
MFSA 2011-55 nsSVGValue out-of-bounds access
MFSA 2011-54 Potentially exploitable crash in the YARR regular expression library
MFSA 2011-53 Miscellaneous memory safety hazards (rv:9.0)
Fixed in Thunderbird 8
MFSA 2011-52 Code execution via NoWaiverWrapperMFSA 2011-51 Cross-origin image theft on Mac with integrated Intel GPU
MFSA 2011-50 Cross-origin data theft using canvas and Windows D2D
MFSA 2011-49 Memory corruption while profiling using Firebug
MFSA 2011-48 Miscellaneous memory safety hazards (rv:8.0)
MFSA 2011-47 Potential XSS against sites using Shift-JIS
Fixed in Thunderbird 7
MFSA 2012-02 Overly permissive IPv6 literal syntaxMFSA 2011-44 Use after free reading OGG headers
MFSA 2011-42 Potentially exploitable crash in the YARR regular expression library
MFSA 2011-40 Code installation through holding down Enter
MFSA 2011-39 Defense against multiple Location headers due to CRLF Injection
MFSA 2011-36 Miscellaneous memory safety hazards (rv:7.0 / rv:1.9.2.23)
Fixed in Thunderbird 6.0.2
MFSA 2011-35 Additional protection against fraudulent DigiNotar certificatesFixed in Thunderbird 6.0.1
MFSA 2011-34 Protection against fraudulent DigiNotar certificatesFixed in Thunderbird 6
MFSA 2011-38 XSS via plugins and shadowed window.location objectMFSA 2011-31 Security issues addressed in Thunderbird 6
