Security Advisories for Thunderbird 3.0
Thunderbird 3.0 is unsupported. Please upgrade to the latest version.
Impact key
- Critical Vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.
- High Vulnerability can be used to gather sensitive data from sites in other windows or inject data or code into those sites, requiring no more than normal browsing actions.
- Moderate Vulnerabilities that would otherwise be High or Critical except they only work in uncommon non-default configurations or require the user to perform complicated and/or unlikely steps.
- Low Minor security vulnerabilities such as Denial of Service attacks, minor data leaks, or spoofs. (Undetectable spoofs of SSL indicia would have "High" impact because those are generally used to steal sensitive data intended for other sites.)
# Fixed in Thunderbird 3.0.11
- 2010-78 Add support for OTS font sanitizer
- 2010-75 Buffer overflow while line breaking after document.write with long string
- 2010-74 Miscellaneous memory safety hazards (rv:1.9.2.13/ 1.9.1.16)
# Fixed in Thunderbird 3.0.10
# Fixed in Thunderbird 3.0.9
- 2010-72 Insecure Diffie-Hellman key exchange
- 2010-71 Unsafe library loading vulnerabilities
- 2010-70 SSL wildcard certificate matching IP addresses
- 2010-69 Cross-site information disclosure via modal calls
- 2010-67 Dangling pointer vulnerability in LookupGetterOrSetter
- 2010-66 Use-after-free error in nsBarProp
- 2010-65 Buffer overflow and memory corruption using document.write
- 2010-64 Miscellaneous memory safety hazards (rv:1.9.2.11/ 1.9.1.14)
# Fixed in Thunderbird 3.0.7
- 2010-63 Information leak via XMLHttpRequest statusText
- 2010-62 Copy-and-paste or drag-and-drop into designMode document allows XSS
- 2010-61 UTF-7 XSS by overriding document charset using <object> type attribute
- 2010-60 XSS using SJOW scripted function
- 2010-58 Crash on Mac using fuzzed font in data: URL
- 2010-57 Crash and remote code execution in normalizeDocument
- 2010-56 Dangling pointer vulnerability in nsTreeContentView
- 2010-55 XUL tree removal crash and remote code execution
- 2010-54 Dangling pointer vulnerability in nsTreeSelection
- 2010-53 Heap buffer overflow in nsTextFrameUtils::TransformText
- 2010-52 Windows XP DLL loading vulnerability
- 2010-51 Dangling pointer vulnerability using DOM plugin array
- 2010-50 Frameset integer overflow vulnerability
- 2010-49 Miscellaneous memory safety hazards (rv:1.9.2.9/ 1.9.1.12)
# Fixed in Thunderbird 3.0.6
- 2010-47 Cross-origin data leakage from script filename in error messages
- 2010-46 Cross-domain data theft using CSS
- 2010-42 Cross-origin data disclosure via Web Workers and importScripts
- 2010-41 Remote code execution using malformed PNG image
- 2010-40 nsTreeSelection dangling pointer remote code execution vulnerability
- 2010-39 nsCSSValue::Array index integer overflow
- 2010-34 Miscellaneous memory safety hazards (rv:1.9.2.7/ 1.9.1.11)
# Fixed in Thunderbird 3.0.5
- 2010-30 Integer Overflow in XSLT Node Sorting
- 2010-29 Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal
- 2010-26 Crashes with evidence of memory corruption (rv:1.9.2.4/ 1.9.1.10)
- 2010-25 Re-use of freed object due to scope confusion
# Fixed in Thunderbird 3.0.4
- 2010-24 XMLDocument::load() doesn't check nsIContentPolicy
- 2010-22 Update NSS to support TLS renegotiation indication
- 2010-18 Dangling pointer vulnerability in nsTreeContentView
- 2010-17 Remote code execution with use-after-free in nsTreeSelection
- 2010-16 Crashes with evidence of memory corruption (rv:1.9.2.2/ 1.9.1.9/ 1.9.0.19)
# Fixed in Thunderbird 3.0.2
- 2010-14 Browser chrome defacement via cached XUL stylesheets
- 2010-12 XSS using addEventListener and setTimeout on a wrapped object
- 2010-11 Crashes with evidence of memory corruption (rv:1.9.2.2/ 1.9.1.8/ 1.9.0.18)
- 2010-03 Use-after-free crash in HTML parser
- 2010-01 Crashes with evidence of memory corruption (rv:1.9.1.8/ 1.9.0.18)