Synced 17 Jun 2026 06:32 UTC Account
← All products

Mozilla Thunderbird

Mozilla · Email client
↻ RSS feed
Monitors Mozilla Thunderbird and tailors your dashboard to that exact version.
all versions0/100 Critical · exploited

Summary iPlain-English security verdict for Mozilla Thunderbird, generated from its current health score, actively-exploited vulnerabilities, and latest supported version.

Mozilla Thunderbird currently scores 0/100 — critical, with active exploitation. 14 of its known vulnerabilities are being actively exploited in the wild (CISA KEV), including CVE-2023-4863. Upgrade immediately and review your exposure to the actively-exploited CVEs below.

Disclosure trend iNew CVEs published for Mozilla Thunderbird each year (NVD). A higher bar means more disclosures that year — more scrutiny, not necessarily less safe.

'19
'20
'21
'22
'23
'24
'25
'26

1 of its known vulnerability is linked to ransomware campaigns (CISA KEV).

Patch priority — what to act on iThe issues to fix first — actively exploited (CISA KEV) first, then by exploitation probability (EPSS), then severity. Each row's "→ fixed in" is the earliest version that patches it; "see advisory" means no fixed version is published.

Most urgent first — actively exploited, then likeliest to be exploited.

CVE-2023-4863 HIGH exploited Out-of-bounds write EPSS 100% → fixed in 115.2.2 CVE-2016-9079 HIGH exploited Use-after-free EPSS 88% → fixed in 45.5.1 CVE-2010-3765 CRITICAL exploited Memory corruption EPSS 83% → see advisory CVE-2013-1690 HIGH exploited Memory corruption EPSS 69% → fixed in 17.0.7 CVE-2019-11708 CRITICAL exploited Improper input validation EPSS 56% → fixed in 60.7.2 CVE-2019-17026 HIGH exploited CWE-843 EPSS 47% → fixed in 68.4.1 CVE-2019-11707 HIGH exploited CWE-843 EPSS 38% → fixed in 60.7.2 CVE-2023-5217 HIGH exploited Out-of-bounds write EPSS 34% → fixed in 115.3.1 CVE-2024-9680 CRITICAL exploited ransomware Use-after-free EPSS 33% → fixed in 128.3.1 CVE-2022-26485 HIGH exploited Use-after-free EPSS 14% → fixed in 91.6.2 CVE-2013-1675 MEDIUM exploited CWE-665 EPSS 7% → fixed in 17.0.6 CVE-2020-6820 HIGH exploited CWE-362 EPSS 6% → fixed in 68.7.0

See all 1745 known Mozilla Thunderbird CVEs & security history →

Get alerted about Mozilla Thunderbird

Be emailed the moment Mozilla Thunderbird gets a newly exploited vulnerability (CISA KEV) or a release reaches end of life. Free · double opt-in · unsubscribe anytime.

We email only on real events for Mozilla Thunderbird — no marketing, no sharing, and we never know what you run. Track your whole stack →

Monitor up to 200 products — freeHit ☆ Monitor on anything you run, then sign in (no password) to sync your stack across devices and unlock smart insights, risk history & CSV/JSON exports. Sign in free →

Frequently asked

Is Mozilla Thunderbird safe and patched?

Mozilla Thunderbird currently scores 0/100 — critical, with active exploitation. 14 of its known vulnerabilities are being actively exploited in the wild (CISA KEV), including CVE-2023-4863. Upgrade immediately and review your exposure to the actively-exploited CVEs below.

What should I do about Mozilla Thunderbird now?

Review the patch-priority list, apply the available fixes (or move to the latest release), and confirm against Mozilla's official advisory. Some issues are under active exploitation, so treat this as urgent.

lifecycle unknown — needs latest supported version

Informational only, from public data (NVD · CISA KEV · EPSS · endoflife.date), and can lag or miss vendor-specific fixes. Always confirm against Mozilla's official advisory before you patch or upgrade — Mozilla Thunderbird official site ↗