Security Advisories for Thunderbird 2.0

Thunderbird 2.0 is unsupported. Please upgrade to the latest version.

Impact key

• Critical Vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.
• High Vulnerability can be used to gather sensitive data from sites in other windows or inject data or code into those sites, requiring no more than normal browsing actions.
• Moderate Vulnerabilities that would otherwise be High or Critical except they only work in uncommon non-default configurations or require the user to perform complicated and/or unlikely steps.
• Low Minor security vulnerabilities such as Denial of Service attacks, minor data leaks, or spoofs. (Undetectable spoofs of SSL indicia would have "High" impact because those are generally used to steal sensitive data intended for other sites.)

# Fixed in Thunderbird 2.0.0.24

• 2010-07 Fixes for potentially exploitable crashes ported to the legacy branch

# Fixed in Thunderbird 2.0.0.23

• 2009-43 Heap overflow in certificate regexp parsing
• 2009-42 Compromise of SSL-protected communication

# Fixed in Thunderbird 2.0.0.22

• 2009-33 Crash viewing multipart/alternative message with text/enhanced part
• 2009-32 JavaScript chrome privilege escalation
• 2009-29 Arbitrary code execution using event listeners attached to an element whose owner document is null
• 2009-27 SSL tampering via non-200 responses to proxy CONNECT requests
• 2009-24 Crashes with evidence of memory corruption (rv:1.9.0.11)
• 2009-17 Same-origin violations when Adobe Flash loaded via view-source: scheme
• 2009-14 Crashes with evidence of memory corruption (rv:1.9.0.9)

# Fixed in Thunderbird 2.0.0.21

• 2009-15 URL spoofing with box drawing character
• 2009-10 Upgrade PNG library to fix memory safety hazards
• 2009-09 XML data theft via RDFXMLDataSource and cross-domain redirect
• 2009-07 Crashes with evidence of memory corruption (rv:1.9.0.7)
• 2009-01 Crashes with evidence of memory corruption (rv:1.9.0.6)

# Fixed in Thunderbird 2.0.0.19

• 2008-68 XSS and JavaScript privilege escalation
• 2008-67 Escaped null characters ignored by CSS parser
• 2008-66 Errors parsing URLs with leading whitespace and control characters
• 2008-65 Cross-domain data theft via script redirect error message
• 2008-64 XMLHttpRequest 302 response disclosure
• 2008-61 Information stealing via loadBindingDocument
• 2008-60 Crashes with evidence of memory corruption (rv:1.9.0.5/1.8.1.19)

# Fixed in Thunderbird 2.0.0.18

• 2008-59 Script access to .documentURI and .textContent in mail
• 2008-58 Parsing error in E4X default namespace
• 2008-56 nsXMLHttpRequest::NotifyEventListeners() same-origin violation
• 2008-55 Crash and remote code execution in nsFrameManager
• 2008-52 Crashes with evidence of memory corruption (rv:1.9.0.4/1.8.1.18)
• 2008-50 Crash and remote code execution via __proto__ tampering
• 2008-48 Image stealing via canvas and HTTP redirect

# Fixed in Thunderbird 2.0.0.17

• 2008-46 Heap overflow when canceling newsgroup message
• 2008-44 resource: traversal vulnerabilities
• 2008-43 BOM characters, low surrogates stripped from JavaScript before execution
• 2008-42 Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17)
• 2008-41 Privilege escalation via XPCnativeWrapper pollution
• 2008-38 nsXMLDocument::OnChannelRedirect() same-origin violation
• 2008-37 UTF-8 URL stack buffer overflow

# Fixed in Thunderbird 2.0.0.16

• 2008-34 Remote code execution by overflowing CSS reference counter
• 2008-33 Crash and remote code execution in block reflow
• 2008-31 Peer-trusted certs can use alt names to spoof
• 2008-29 Faulty .properties file results in uninitialized memory being used
• 2008-26 Buffer length checks in MIME processing
• 2008-25 Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript()
• 2008-24 Chrome script loading from fastload file
• 2008-21 Crashes with evidence of memory corruption (rv:1.8.1.15)

# Fixed in Thunderbird 2.0.0.14

• 2008-15 Crashes with evidence of memory corruption (rv:1.8.1.13)
• 2008-14 JavaScript privilege escalation and arbitrary code execution

# Fixed in Thunderbird 2.0.0.12

• 2008-13 Multiple XSS vulnerabilities from character encoding
• 2008-12 Heap buffer overflow in external MIME bodies
• 2008-05 Directory traversal via chrome: URI
• 2008-03 Privilege escalation, XSS, Remote Code Execution
• 2008-01 Crashes with evidence of memory corruption (rv:1.8.1.12)

# Fixed in Thunderbird 2.0.0.9

• 2007-36 URIs with invalid %-encoding mishandled by Windows
• 2007-29 Crashes with evidence of memory corruption (rv:1.8.1.8)

# Fixed in Thunderbird 2.0.0.6

• 2007-27 Unescaped URIs passed to external programs
• 2007-26 Privilege escalation through chrome-loaded about:blank windows

# Fixed in Thunderbird 2.0.0.5

• 2007-23 Remote code execution by launching Firefox from Internet Explorer
• 2007-18 Crashes with evidence of memory corruption (rv:1.8.1.5)

# Fixed in Thunderbird 2.0.0.4

• 2007-15 Security Vulnerability in APOP Authentication
• 2007-12 Crashes with evidence of memory corruption (rv:1.8.0.12/1.8.1.4)