Security Advisories for Thunderbird 2.0

Thunderbird 2.0 is no longer supported and is affected by vulnerabilities fixed in newer versions of the program. All users are urged to upgrade to the newest version of Thunderbird.

Impact key:

  • Critical: Vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.
  • High: Vulnerability can be used to gather sensitive data from sites in other windows or inject data or code into those sites, requiring no more than normal browsing actions.
  • Moderate: Vulnerabilities that would otherwise be High or Critical except they only work in uncommon non-default configurations or require the user to perform complicated and/or unlikely steps.
  • Low: Minor security vulnerabilities such as Denial of Service attacks, minor data leaks, or spoofs. (Undetectable spoofs of SSL indicia would have "High" impact because those are generally used to steal sensitive data intended for other sites.)

Fixed in Thunderbird 2.0.0.24

MFSA 2010-07 Fixes for potentially exploitable crashes ported to the legacy branch
MFSA 2009-68 NTLM reflection vulnerability
MFSA 2009-62 Download filename spoofing with RTL override
MFSA 2009-59 Heap buffer overflow in string to number conversion
MFSA 2009-49 TreeColumns dangling pointer vulnerability

Fixed in Thunderbird 2.0.0.23

MFSA 2009-43 Heap overflow in certificate regexp parsing
MFSA 2009-42 Compromise of SSL-protected communication

Fixed in Thunderbird 2.0.0.22

MFSA 2009-33 Crash viewing multipart/alternative message with text/enhanced part
MFSA 2009-32 JavaScript chrome privilege escalation
MFSA 2009-29 Arbitrary code execution using event listeners attached to an element whose owner document is null
MFSA 2009-27 SSL tampering via non-200 responses to proxy CONNECT requests
MFSA 2009-24 Crashes with evidence of memory corruption (rv:1.9.0.11)
MFSA 2009-17 Same-origin violations when Adobe Flash loaded via view-source: scheme
MFSA 2009-14 Crashes with evidence of memory corruption (rv:1.9.0.9)

Fixed in Thunderbird 2.0.0.21

MFSA 2009-15 URL spoofing with box drawing character
MFSA 2009-10 Upgrade PNG library to fix memory safety hazards
MFSA 2009-09 XML data theft via RDFXMLDataSource and cross-domain redirect
MFSA 2009-07 Crashes with evidence of memory corruption (rv:1.9.0.7)
MFSA 2009-01 Crashes with evidence of memory corruption (rv:1.9.0.6)

Fixed in Thunderbird 2.0.0.19

MFSA 2008-68 XSS and JavaScript privilege escalation
MFSA 2008-67 Escaped null characters ignored by CSS parser
MFSA 2008-66 Errors parsing URLs with leading whitespace and control characters
MFSA 2008-65 Cross-domain data theft via script redirect error message
MFSA 2008-64 XMLHttpRequest 302 response disclosure
MFSA 2008-61 Information stealing via loadBindingDocument
MFSA 2008-60 Crashes with evidence of memory corruption (rv:1.9.0.5/1.8.1.19)

Fixed in Thunderbird 2.0.0.18

MFSA 2008-59 Script access to .documentURI and .textContent in mail
MFSA 2008-58 Parsing error in E4X default namespace
MFSA 2008-56 nsXMLHttpRequest::NotifyEventListeners() same-origin violation
MFSA 2008-55 Crash and remote code execution in nsFrameManager
MFSA 2008-52 Crashes with evidence of memory corruption (rv:1.9.0.4/1.8.1.18)
MFSA 2008-50 Crash and remote code execution via __proto__ tampering
MFSA 2008-48 Image stealing via canvas and HTTP redirect

Fixed in Thunderbird 2.0.0.17

MFSA 2008-46 Heap overflow when canceling newsgroup message
MFSA 2008-44 resource: traversal vulnerabilities
MFSA 2008-43 BOM characters stripped from JavaScript before execution
MFSA 2008-42 Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17)
MFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution
MFSA 2008-38 nsXMLDocument::OnChannelRedirect() same-origin violation
MFSA 2008-37 UTF-8 URL stack buffer overflow

Fixed in Thunderbird 2.0.0.16

MFSA 2008-34 Remote code execution by overflowing CSS reference counter
MFSA 2008-33 Crash and remote code execution in block reflow
MFSA 2008-31 Peer-trusted certs can use alt names to spoof
MFSA 2008-29 Faulty .properties file results in uninitialized memory being used
MFSA 2008-26 Buffer length checks in MIME processing
MFSA 2008-25 Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript()
MFSA 2008-24 Chrome script loading from fastload file
MFSA 2008-21 Crashes with evidence of memory corruption (rv:1.8.1.15)

Fixed in Thunderbird 2.0.0.14

MFSA 2008-15 Crashes with evidence of memory corruption (rv:1.8.1.13)
MFSA 2008-14 JavaScript privilege escalation and arbitrary code execution

Fixed in Thunderbird 2.0.0.12

MFSA 2008-13 Multiple XSS vulnerabilities from character encoding
MFSA 2008-12 Heap buffer overflow in external MIME bodies
MFSA 2008-05 Directory traversal via chrome: URI
MFSA 2008-03 Privilege escalation, XSS, Remote Code Execution
MFSA 2008-01 Crashes with evidence of memory corruption (rv:1.8.1.12)

Fixed in Thunderbird 2.0.0.9

MFSA 2007-36 URIs with invalid %-encoding mishandled by Windows
MFSA 2007-29 Crashes with evidence of memory corruption (rv:1.8.1.8)

Fixed in Thunderbird 2.0.0.6

MFSA 2007-27 Unescaped URIs passed to external programs
MFSA 2007-26 Privilege escalation through