QID 377993

Thunderbird is a free and open-source cross-platform email client developed for Windows, OS X, and Linux, with a mobile version for Android.

Mozilla Thunderbird is prone to
CVE-2023-0616: User Interface lockup with messages combining S/MIME and OpenPGP
CVE-2023-25728: Content security policy leak in violation reports using iframes
CVE-2023-25730: Screen hijack via browser fullscreen mode
CVE-2023-0767: Arbitrary memory write via PKCS 12 in NSS
CVE-2023-25735: Potential use-after-free from compartment mismatch in SpiderMonkey
CVE-2023-25737: Invalid downcast in SVGUtils::SetupStrokeGeometry
CVE-2023-25738: Printing on Windows could potentially crash Thunderbird with some device drivers
CVE-2023-25739: Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext
CVE-2023-25729: Extensions could have opened external schemes without user knowledge
CVE-2023-25732: Out of bounds memory write from EncodeInputStream
CVE-2023-25734: Opening local .url files could cause unexpected network loads
CVE-2023-25742: Web Crypto ImportKey crashes tab
CVE-2023-25746: Memory safety bugs fixed in Thunderbird 102.8

Affected Products:
Prior to Mozilla Thunderbird 102.8

QID Detection Logic (Authenticated) :
This checks for vulnerable version of Thunderbird.

Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.

Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.