Multiple Vulnerabilities Detected in Thunderbird Software

The software Thunderbird, a widely used email client, is currently under scrutiny due to the discovery of multiple vulnerabilities. Some of these vulnerabilities could potentially enable attackers to execute arbitrary code remotely, breach data confidentiality, and circumvent security policies.

Key Details:

  • Reference: CERTFR-2023-AVI-0703
  • Initial Release Date: September 1, 2023
  • Latest Update Date: September 1, 2023
  • Sources: Thunderbird Security Bulletins

Affected Systems:

The vulnerabilities affect Mozilla Thunderbird versions earlier than 102.15 or 115.2.


Several vulnerabilities have come to light in Thunderbird software products. A few of these vulnerabilities have the capability to allow an attacker to remotely execute arbitrary code, compromise data confidentiality, and bypass security policies. Given the potential severity of these vulnerabilities, it is imperative for Thunderbird users to address them promptly.


To address these vulnerabilities and secure Thunderbird installations, users are advised to refer to the security bulletins provided by the software’s official sources. These bulletins contain essential information on obtaining the necessary fixes and updates.

Documentation and Resources:

For detailed information and access to the security bulletins, please visit the following links:

References to CVEs:

These vulnerabilities have been assigned Common Vulnerabilities and Exposures (CVE) references:

Thunderbird users are strongly urged to take immediate action to secure their email clients by applying the provided patches and updates, ensuring the confidentiality and security of their email communications.