HTTP/2 200
x-backend-server: bedrock-5455fcf68c-z9c6p.gcp-us-west1
server: granian
x-content-type-options: nosniff
cache-control: max-age=600
strict-transport-security: max-age=31536000
etag: "532e14b67cf1cc37817d3c38af2253d4"
expires: Thu, 16 Oct 2025 11:50:26 GMT
content-language: en-US
content-type: text/html; charset=utf-8
content-security-policy: frame-src 'self' accounts.firefox.com js.stripe.com www.google-analytics.com www.googletagmanager.com www.youtube.com; connect-src 'self' https://accounts.firefox.com/ https://basket.mozilla.org o1069899.ingest.sentry.io o1069899.sentry.io region1.google-analytics.com www.google-analytics.com www.googletagmanager.com www.mozilla.org/submit/bedrock/; form-action 'self' https://accounts.firefox.com/ https://basket.mozilla.org; default-src 'self' *.mozilla.org; media-src 'self' assets.mozilla.net videos.cdn.mozilla.net www.mozilla.org; frame-ancestors 'none'; font-src 'self' www.mozilla.org; base-uri 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' js.stripe.com s.ytimg.com tagmanager.google.com www.google-analytics.com www.googletagmanager.com www.mozilla.org www.youtube.com; style-src 'self' 'unsafe-inline' www.mozilla.org; img-src 'self' blog.mozilla.org data: images.ctfassets.net www.google-analytics.com www.googletagmanager.com www.mozilla.org; object-src 'none'; upgrade-insecure-requests
content-security-policy-report-only: frame-src 'self' accounts.firefox.com js.stripe.com www.google-analytics.com www.googletagmanager.com www.youtube.com; connect-src 'self' https://accounts.firefox.com/ https://basket.mozilla.org o1069899.ingest.sentry.io o1069899.sentry.io region1.google-analytics.com www.google-analytics.com www.googletagmanager.com www.mozilla.org/submit/bedrock/; form-action 'self' https://accounts.firefox.com/ https://basket.mozilla.org; default-src 'self' *.mozilla.org; media-src 'self' assets.mozilla.net videos.cdn.mozilla.net www.mozilla.org; frame-ancestors 'none'; font-src 'self' www.mozilla.org; base-uri 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' js.stripe.com s.ytimg.com tagmanager.google.com www.google-analytics.com www.googletagmanager.com www.mozilla.org www.youtube.com; style-src 'self' www.mozilla.org; img-src 'self' blog.mozilla.org data: images.ctfassets.net www.google-analytics.com www.googletagmanager.com www.mozilla.org; object-src 'none'; upgrade-insecure-requests
cross-origin-opener-policy: same-origin
x-clacks-overhead: GNU Terry Pratchett
x-frame-options: DENY
via: 1.1 google, 1.1 varnish, 1.1 varnish
referrer-policy: strict-origin-when-cross-origin
content-encoding: gzip
accept-ranges: bytes
age: 0
date: Thu, 16 Oct 2025 11:40:26 GMT
x-served-by: cache-bom-vanm7210056-BOM, cache-bom-vanm7210082-BOM
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1760614826.938563,VS0,VE311
vary: Accept-Encoding
content-length: 7438
Security Vulnerabilities fixed in Thunderbird 78.11 — Mozilla
Help us improve your Mozilla experience
In addition to Cookies necessary for this site to function, we’d like your permission to set some additional Cookies to better understand your browsing needs and improve your experience. Rest assured — we value your privacy.
Accept All Additional Cookies
Reject All Additional Cookies
Cookie settings
Mozilla Foundation Security Advisory 2021-26
Security Vulnerabilities fixed in Thunderbird 78.11
Announced
June 3, 2021
Impact
moderate Products
Thunderbird
Fixed in
Reporter
Ronald Crane
Impact
moderate
Description
A locally-installed hostile program could send WM_COPYDATA messages that Thunderbird would processing incorrectly, leading to an out-of-bounds read.
This bug only affects Thunderbird on Windows. Other operating systems are unaffected.
References
Reporter
Mozilla developers and community
Impact
high
Description
Mozilla developers Gabriele Svelto, Anny Gakhokidze, Alexandru Michis, Christian Holler reported memory safety bugs present in Thunderbird 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
References
