VulnerableCode Package Details - pkg:alpm/archlinux/firefox@70.0-1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-b67z-91x3-sug1	Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.	CVE-2019-11764
VCID-bae9-9f51-wqac	Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.	CVE-2019-11760
VCID-fxx3-xfat-m3bx	An object tag with a data URI did not correctly inherit the document's Content Security Policy. This allowed a CSP bypass in a cross-origin frame if the document's policy explicitly allowed data: URIs.	CVE-2019-17000
VCID-j64y-ejt3-tbe3	Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.	CVE-2019-11757
VCID-mnt3-q341-j7gj	Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.	CVE-2019-11763
VCID-nbvc-j1zu-v7d8	Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.	CVE-2019-11762
VCID-nguh-j845-wbf1	A Content-Security-Policy that blocks in-line scripts could be bypassed using an object tag to execute JavaScript in the protected document (cross-site scripting). This is a separate bypass from CVE-2019-17000.Note: This flaw only affected Firefox 69 and was not present in earlier versions.	CVE-2019-17001
VCID-nmh4-zpeh-4bcr	Multiple vulnerabilities have been found in Expat, the worst of which could result in a Denial of Service condition.	CVE-2019-15903
VCID-pzwg-wv7w-s7fv	If upgrade-insecure-requests was specified in the Content Security Policy, and a link was dragged and dropped from that page, the link was not upgraded to https.	CVE-2019-17002
VCID-rhwa-2ash-jkgh	A compromised content process could send a message to the parent process that would cause the 'Click to Play' permission prompt to be shown. However, due to lack of validation from the parent process, if the user accepted the permission request an attacker-controlled permission would be granted rather than the 'Click to Play' permission.	CVE-2019-11765
VCID-tvsp-tsfk-v7eg	Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.	CVE-2019-11759
VCID-vkpn-uuym-qkge	Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which allows remote attackers to escalate privileges.	CVE-2018-6156
VCID-wpvp-c7aw-qfhw	Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.	CVE-2019-11761

Vulnerability

Summary

Aliases

VCID-b67z-91x3-sug1

Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.

CVE-2019-11764

VCID-bae9-9f51-wqac

Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.

CVE-2019-11760

VCID-fxx3-xfat-m3bx

An object tag with a data URI did not correctly inherit the document's Content Security Policy. This allowed a CSP bypass in a cross-origin frame if the document's policy explicitly allowed data: URIs.

CVE-2019-17000

VCID-j64y-ejt3-tbe3

Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.

CVE-2019-11757

VCID-mnt3-q341-j7gj

Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.

CVE-2019-11763

VCID-nbvc-j1zu-v7d8

Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.

CVE-2019-11762

VCID-nguh-j845-wbf1

A Content-Security-Policy that blocks in-line scripts could be bypassed using an object tag to execute JavaScript in the protected document (cross-site scripting). This is a separate bypass from CVE-2019-17000.*Note: This flaw only affected Firefox 69 and was not present in earlier versions.*

CVE-2019-17001

VCID-nmh4-zpeh-4bcr

Multiple vulnerabilities have been found in Expat, the worst of which could result in a Denial of Service condition.

CVE-2019-15903

VCID-pzwg-wv7w-s7fv

If upgrade-insecure-requests was specified in the Content Security Policy, and a link was dragged and dropped from that page, the link was not upgraded to https.

CVE-2019-17002

VCID-rhwa-2ash-jkgh

A compromised content process could send a message to the parent process that would cause the 'Click to Play' permission prompt to be shown. However, due to lack of validation from the parent process, if the user accepted the permission request an attacker-controlled permission would be granted rather than the 'Click to Play' permission.

CVE-2019-11765

VCID-tvsp-tsfk-v7eg

Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.

CVE-2019-11759

VCID-vkpn-uuym-qkge

Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which allows remote attackers to escalate privileges.

CVE-2018-6156

VCID-wpvp-c7aw-qfhw

Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.

CVE-2019-11761

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-07T13:59:07.860283+00:00	Arch Linux Importer	Fixing	VCID-vkpn-uuym-qkge	https://security.archlinux.org/AVG-1055	38.1.0
2026-04-07T13:59:07.844558+00:00	Arch Linux Importer	Fixing	VCID-j64y-ejt3-tbe3	https://security.archlinux.org/AVG-1055	38.1.0
2026-04-07T13:59:07.830605+00:00	Arch Linux Importer	Fixing	VCID-tvsp-tsfk-v7eg	https://security.archlinux.org/AVG-1055	38.1.0
2026-04-07T13:59:07.817588+00:00	Arch Linux Importer	Fixing	VCID-bae9-9f51-wqac	https://security.archlinux.org/AVG-1055	38.1.0
2026-04-07T13:59:07.798038+00:00	Arch Linux Importer	Fixing	VCID-wpvp-c7aw-qfhw	https://security.archlinux.org/AVG-1055	38.1.0
2026-04-07T13:59:07.784847+00:00	Arch Linux Importer	Fixing	VCID-nbvc-j1zu-v7d8	https://security.archlinux.org/AVG-1055	38.1.0
2026-04-07T13:59:07.771364+00:00	Arch Linux Importer	Fixing	VCID-mnt3-q341-j7gj	https://security.archlinux.org/AVG-1055	38.1.0
2026-04-07T13:59:07.758122+00:00	Arch Linux Importer	Fixing	VCID-b67z-91x3-sug1	https://security.archlinux.org/AVG-1055	38.1.0
2026-04-07T13:59:07.745816+00:00	Arch Linux Importer	Fixing	VCID-rhwa-2ash-jkgh	https://security.archlinux.org/AVG-1055	38.1.0
2026-04-07T13:59:07.731329+00:00	Arch Linux Importer	Fixing	VCID-nmh4-zpeh-4bcr	https://security.archlinux.org/AVG-1055	38.1.0
2026-04-07T13:59:07.719151+00:00	Arch Linux Importer	Fixing	VCID-fxx3-xfat-m3bx	https://security.archlinux.org/AVG-1055	38.1.0
2026-04-07T13:59:07.706643+00:00	Arch Linux Importer	Fixing	VCID-nguh-j845-wbf1	https://security.archlinux.org/AVG-1055	38.1.0
2026-04-07T13:59:07.688538+00:00	Arch Linux Importer	Fixing	VCID-pzwg-wv7w-s7fv	https://security.archlinux.org/AVG-1055	38.1.0
2026-04-01T18:24:27.171226+00:00	Arch Linux Importer	Fixing	VCID-vkpn-uuym-qkge	https://security.archlinux.org/AVG-1055	38.0.0
2026-04-01T18:24:27.147833+00:00	Arch Linux Importer	Fixing	VCID-j64y-ejt3-tbe3	https://security.archlinux.org/AVG-1055	38.0.0
2026-04-01T18:24:27.123389+00:00	Arch Linux Importer	Fixing	VCID-tvsp-tsfk-v7eg	https://security.archlinux.org/AVG-1055	38.0.0
2026-04-01T18:24:27.098860+00:00	Arch Linux Importer	Fixing	VCID-bae9-9f51-wqac	https://security.archlinux.org/AVG-1055	38.0.0
2026-04-01T18:24:27.072191+00:00	Arch Linux Importer	Fixing	VCID-wpvp-c7aw-qfhw	https://security.archlinux.org/AVG-1055	38.0.0
2026-04-01T18:24:27.049068+00:00	Arch Linux Importer	Fixing	VCID-nbvc-j1zu-v7d8	https://security.archlinux.org/AVG-1055	38.0.0
2026-04-01T18:24:27.025302+00:00	Arch Linux Importer	Fixing	VCID-mnt3-q341-j7gj	https://security.archlinux.org/AVG-1055	38.0.0
2026-04-01T18:24:26.999986+00:00	Arch Linux Importer	Fixing	VCID-b67z-91x3-sug1	https://security.archlinux.org/AVG-1055	38.0.0
2026-04-01T18:24:26.976698+00:00	Arch Linux Importer	Fixing	VCID-rhwa-2ash-jkgh	https://security.archlinux.org/AVG-1055	38.0.0
2026-04-01T18:24:26.951813+00:00	Arch Linux Importer	Fixing	VCID-nmh4-zpeh-4bcr	https://security.archlinux.org/AVG-1055	38.0.0
2026-04-01T18:24:26.926647+00:00	Arch Linux Importer	Fixing	VCID-fxx3-xfat-m3bx	https://security.archlinux.org/AVG-1055	38.0.0
2026-04-01T18:24:26.902457+00:00	Arch Linux Importer	Fixing	VCID-nguh-j845-wbf1	https://security.archlinux.org/AVG-1055	38.0.0
2026-04-01T18:24:26.877917+00:00	Arch Linux Importer	Fixing	VCID-pzwg-wv7w-s7fv	https://security.archlinux.org/AVG-1055	38.0.0

2026-04-07T13:59:07.860283+00:00

Arch Linux Importer

Fixing