Out-of-bounds read In thunderbird
Description
Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 rpm rhel9 | <0:140.9.0-1.el9_7 | 0:140.9.0-1.el9_7 | |
rpm rhel8 | <0:140.9.0-1.el8_10 | 0:140.9.0-1.el8_10 | |
 debian 12 | =1:102.11.0-1 || =1:102.12.0-1 || =1:102.12.0-1~deb10u1 || =1:102.12.0-1~deb11u1 || =1:102.12.0-1~deb12u1 || =1:102.13.0-1 || =1:102.13.0-1~deb10u1 || =1:102.13.0-1~deb11u1 || =1:102.13.0-1~deb12u1 || =1:102.13.1-1 || =1:102.13.1-1~deb10u1 || =1:102.13.1-1~deb11u1 || =1:102.13.1-1~deb12u1 || =1:102.14.0-1~deb10u1 || =1:102.14.0-1~deb11u1 || =1:102.14.0-1~deb12u1 || =1:102.15.0-1~deb10u1 || =1:102.15.0-1~deb11u1 || =1:102.15.0-1~deb12u1 || =1:102.15.1-1~deb10u1 || =1:102.15.1-1~deb11u1 || =1:102.15.1-1~deb12u1 || =1:103.0~b5-1 || =1:104.0~b2-1 || =1:110.0~b4-1 || =1:112.0~b1-1 || =1:113.0~b3-1 || =1:114.0~b2-1 || =1:115.0-1 || =1:115.0.1-1 || =1:115.0.1-2 || =1:115.0~b4-1 || =1:115.0~b6-1 || =1:115.1.0-1 || =1:115.1.1-1 || =1:115.10.1-1 || =1:115.10.1-1~deb10u1 || =1:115.10.1-1~deb11u1 || =1:115.10.1-1~deb12u1 || =1:115.11.0-1 || =1:115.11.0-1~deb10u1 || =1:115.11.0-1~deb11u1 || =1:115.11.0-1~deb12u1 || =1:115.12.0-1 || =1:115.12.0-1~deb10u1 || =1:115.12.0-1~deb11u1 || =1:115.12.0-1~deb12u1 || =1:115.13.0-1 || =1:115.13.0-1~deb11u1 || =1:115.13.0-1~deb12u1 || =1:115.14.0-1~deb11u1 || =1:115.14.0-1~deb12u1 || =1:115.15.0-1~deb11u1 || =1:115.15.0-1~deb12u1 || =1:115.16.0esr-1~deb11u1 || =1:115.16.0esr-1~deb12u1 || =1:115.2.0-1 || =1:115.2.2-1 || =1:115.3.0-1 || =1:115.3.0-1~deb12u1 || =1:115.3.1-1 || =1:115.3.1-1~deb10u1 || =1:115.3.1-1~deb11u1 || =1:115.3.1-1~deb12u1 || =1:115.4.1-1 || =1:115.4.1-1~deb10u1 || =1:115.4.1-1~deb11u1 || =1:115.4.1-1~deb12u1 || =1:115.5.0-1 || =1:115.5.0-1~deb10u1 || =1:115.5.0-1~deb11u1 || =1:115.5.0-1~deb12u1 || =1:115.5.1-1 || =1:115.5.2-1 || =1:115.6.0-1 || =1:115.6.0-1~deb10u1 || =1:115.6.0-1~deb11u1 || =1:115.6.0-1~deb12u1 || =1:115.7.0-1 || =1:115.7.0-1~deb10u1 || =1:115.7.0-1~deb11u1 || =1:115.7.0-1~deb12u1 || =1:115.8.0-1 || =1:115.8.0-1~deb10u1 || =1:115.8.0-1~deb11u1 || =1:115.8.0-1~deb12u1 || =1:115.8.1-1 || =1:115.9.0-1 || =1:115.9.0-1~deb10u1 || =1:115.9.0-1~deb11u1 || =1:115.9.0-1~deb12u1 || =1:116.0~b7-1 || =1:117.0~b5-1 || =1:120.0~b1-1 || =1:121.0~b3-1 || =1:122.0~b2-1 || =1:124.0~b5-1 || =1:125.0~b3-1 || =1:127.0~b5-1 || =1:128.0esr-1 || =1:128.0~b5-1 || =1:128.1.0esr-1 || =1:128.1.1esr-1 || =1:128.10.0esr-1 || =1:128.10.0esr-1~deb11u1 || =1:128.10.0esr-1~deb12u1 || =1:128.10.1esr-1 || =1:128.10.1esr-1~deb11u1 || =1:128.10.1esr-1~deb12u1 || =1:128.11.0esr-1 || =1:128.11.0esr-1~deb11u1 || =1:128.11.0esr-1~deb12u1 || =1:128.12.0esr-1 || =1:128.12.0esr-1~deb11u1 || =1:128.12.0esr-1~deb12u1 || =1:128.13.0esr-1 || =1:128.13.0esr-1~deb11u1 || =1:128.13.0esr-1~deb12u1 || =1:128.14.0esr-1 || =1:128.14.0esr-1~deb11u1 || =1:128.14.0esr-1~deb12u1 || =1:128.14.0esr-1~deb13u1 || =1:128.2.0esr-1 || =1:128.2.1esr-1 || =1:128.2.3esr-1 || =1:128.3.0esr-1 || =1:128.3.2esr-1 || =1:128.4.0esr-1 || =1:128.4.0esr-1~deb11u1 || =1:128.4.0esr-1~deb12u1 || =1:128.4.2esr-1 || =1:128.4.3esr-1 || =1:128.4.3esr-1~deb11u1 || =1:128.4.3esr-1~deb12u1 || =1:128.5.0esr-1 || =1:128.5.0esr-1~deb11u1 || =1:128.5.0esr-1~deb12u1 || =1:128.5.2esr-1 || =1:128.6.0esr-1 || =1:128.6.0esr-1~deb11u1 || =1:128.6.0esr-1~deb12u1 || =1:128.7.0esr-1 || =1:128.7.0esr-1~deb11u1 || =1:128.7.0esr-1~deb12u1 || =1:128.8.0esr-1 || =1:128.8.0esr-1~deb11u1 || =1:128.8.0esr-1~deb12u1 || =1:128.9.0esr-1 || =1:128.9.0esr-1~deb11u1 || =1:128.9.0esr-1~deb12u1 || =1:129.0~b6-1 || =1:130.0~b3-1 || =1:132.0~b6-1 || =1:135.0-1 || =1:136.0-1 || =1:137.0-1 || =1:138.0-1 || =1:140.0.1esr-1 || =1:140.1.0esr-1 || =1:140.1.1esr-1 || =1:140.2.0esr-1 || =1:140.3.0esr-1 || =1:140.3.0esr-1~deb11u1 || =1:140.3.0esr-1~deb12u1 || =1:140.3.0esr-1~deb13u1 || =1:140.3.1esr-1 || =1:140.4.0esr-1 || =1:140.4.0esr-1~deb11u1 || =1:140.4.0esr-1~deb12u1 || =1:140.4.0esr-1~deb13u1 || =1:140.5.0esr-1 || =1:140.5.0esr-1~deb11u1 || =1:140.5.0esr-1~deb12u1 || =1:140.5.0esr-1~deb13u1 || =1:140.6.0esr-1 || =1:140.6.0esr-1~deb11u1 || =1:140.6.0esr-1~deb12u1 || =1:140.6.0esr-1~deb13u1 || =1:140.7.0esr-1 || =1:140.7.0esr-1~deb11u1 || =1:140.7.0esr-1~deb12u1 || =1:140.7.0esr-1~deb13u1 || =1:140.7.1esr-1 || =1:140.7.1esr-1~deb11u1 || =1:140.7.1esr-1~deb12u1 || =1:140.7.1esr-1~deb13u1 || =1:140.8.0esr-1 || =1:140.8.0esr-1~deb11u1 || =1:140.8.0esr-1~deb12u1 || =1:140.8.0esr-1~deb13u1 || =1:140.9.0esr-1~deb11u1 || >=0 <1:140.9.0esr-1~deb12u1 | 1:140.9.0esr-1~deb12u1 | |
rpm rhel10 | - | - | |
debian 13 | =128.13.0esr-1 || =128.14.0esr-1 || =128.14.0esr-1~deb11u1 || =128.14.0esr-1~deb12u1 || =128.14.0esr-1~deb13u1 || =140.3.0esr-1 || =140.3.0esr-1~deb11u1 || =140.3.0esr-1~deb11u2 || =140.3.0esr-1~deb12u1 || =140.3.0esr-1~deb13u1 || =140.3.0esr-2 || =140.3.1esr-1 || =140.3.1esr-1~deb11u1 || =140.3.1esr-1~deb12u1 || =140.3.1esr-1~deb13u1 || =140.3.1esr-2 || =140.4.0esr-1 || =140.4.0esr-1~deb11u1 || =140.4.0esr-1~deb12u1 || =140.4.0esr-1~deb13u1 || =140.5.0esr-1 || =140.5.0esr-1~deb11u1 || =140.5.0esr-1~deb12u1 || =140.5.0esr-1~deb13u1 || =140.6.0esr-1 || =140.6.0esr-1~deb11u1 || =140.6.0esr-1~deb12u1 || =140.6.0esr-1~deb13u1 || =140.7.0esr-1 || =140.7.0esr-1~deb11u1 || =140.7.0esr-1~deb12u1 || =140.7.0esr-1~deb13u1 || =140.8.0esr-1 || =140.8.0esr-1~deb11u1 || =140.8.0esr-1~deb12u1 || =140.8.0esr-1~deb13u1 || =140.9.0esr-1~deb11u1 || =140.9.0esr-1~deb12u1 || >=0 <140.9.0esr-1~deb13u1 | 140.9.0esr-1~deb13u1 | |
rpm rhel6 | - | - | |
rpm rhel7 | - | - | |
rpm rhel9 | <0:140.9.0-1.el9_7 | 0:140.9.0-1.el9_7 | |
rpm rhel10 | <0:140.9.0-1.el10_1 | 0:140.9.0-1.el10_1 | |
rpm rhel10 | - | - |
1-10 of 27
10
Does your application use this vulnerable software?
During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.