VulnerableCode Package Details - pkg:alpm/archlinux/thunderbird@60.7.0-1

Search for packages

Vulnerability	Summary	Fixed by
VCID-1x4b-p9es-u7fj Aliases: CVE-2019-11705	Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.	60.7.1-1 Affected by 0 other vulnerabilities.
VCID-ckth-a939-dydh Aliases: CVE-2019-11704	Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.	60.7.1-1 Affected by 0 other vulnerabilities.
VCID-dk34-s8e2-uya4 Aliases: CVE-2019-11703	Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.	60.7.1-1 Affected by 0 other vulnerabilities.
VCID-m6hy-v2x8-e3b5 Aliases: CVE-2019-11706	Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.	60.7.1-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-1x4b-p9es-u7fj
Aliases:
CVE-2019-11705

Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.

60.7.1-1
Affected by 0 other vulnerabilities.

VCID-ckth-a939-dydh
Aliases:
CVE-2019-11704

Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.

60.7.1-1
Affected by 0 other vulnerabilities.

VCID-dk34-s8e2-uya4
Aliases:
CVE-2019-11703

Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.

60.7.1-1
Affected by 0 other vulnerabilities.

VCID-m6hy-v2x8-e3b5
Aliases:
CVE-2019-11706

Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.

60.7.1-1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-7ej9-whhw-97hn	A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash.	CVE-2019-9819
VCID-fx8t-41tv-hkdu	Use After Free png_image_free in png.c in libpng has a use-after-free because png_image_free_function is called under png_safe_execute.	CVE-2019-7317
VCID-g3nf-qnz2-h7gg	Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy.	CVE-2019-9817
VCID-k321-r7qq-gbb9	A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash.	CVE-2019-11691
VCID-k8nw-bn74-6qe5	Multiple vulnerabilities have been found in Chromium, the worst of which could result in the remote execution of code.	CVE-2019-5798
VCID-shp3-hrvu-9kcp	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none	CVE-2019-18511
VCID-sq1u-5jfc-dyh1	A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all supported releases.	CVE-2019-9816
VCID-tfry-ch3y-fyb1	Mozilla developers and community members Olli Pettay, Bogdan Tara, Jan de Mooij, Jason Kratzer, Jan Varga, Gary Kwong, Tim Guan-tin Chien, Tyson Smith, Ronald Crane, and Ted Campbell reported memory safety bugs present in Firefox 66 and Firefox ESR 60.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.	CVE-2019-9800
VCID-ugjs-4tca-d3dk	The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious content freezing a tab or triggering a potentially exploitable crash. Note: this issue only occurs on Linux. Other operating systems are unaffected.	CVE-2019-11693
VCID-vvpm-3zhz-77dm	A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash.	CVE-2019-11692
VCID-w5hu-w7mu-b3g3	If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site.	CVE-2019-11698

Vulnerability

Summary

Aliases

VCID-7ej9-whhw-97hn

A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash.

CVE-2019-9819

VCID-fx8t-41tv-hkdu

Use After Free png_image_free in png.c in libpng has a use-after-free because png_image_free_function is called under png_safe_execute.

CVE-2019-7317

VCID-g3nf-qnz2-h7gg

Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy.

CVE-2019-9817

VCID-k321-r7qq-gbb9

A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash.

CVE-2019-11691

VCID-k8nw-bn74-6qe5

Multiple vulnerabilities have been found in Chromium, the worst of which could result in the remote execution of code.

CVE-2019-5798

VCID-shp3-hrvu-9kcp

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none

CVE-2019-18511

VCID-sq1u-5jfc-dyh1

A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. *Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all supported releases.*

CVE-2019-9816

VCID-tfry-ch3y-fyb1

Mozilla developers and community members Olli Pettay, Bogdan Tara, Jan de Mooij, Jason Kratzer, Jan Varga, Gary Kwong, Tim Guan-tin Chien, Tyson Smith, Ronald Crane, and Ted Campbell reported memory safety bugs present in Firefox 66 and Firefox ESR 60.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.

CVE-2019-9800

VCID-ugjs-4tca-d3dk

The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious content freezing a tab or triggering a potentially exploitable crash. *Note: this issue only occurs on Linux. Other operating systems are unaffected.*

CVE-2019-11693

VCID-vvpm-3zhz-77dm

A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash.

CVE-2019-11692

VCID-w5hu-w7mu-b3g3

If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site.

CVE-2019-11698

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-18T03:46:32.811668+00:00	Arch Linux Importer	Affected by	VCID-dk34-s8e2-uya4	https://security.archlinux.org/AVG-980	38.4.0
2026-04-18T03:46:32.789229+00:00	Arch Linux Importer	Affected by	VCID-ckth-a939-dydh	https://security.archlinux.org/AVG-980	38.4.0
2026-04-18T03:46:32.767026+00:00	Arch Linux Importer	Affected by	VCID-1x4b-p9es-u7fj	https://security.archlinux.org/AVG-980	38.4.0
2026-04-18T03:46:32.744623+00:00	Arch Linux Importer	Affected by	VCID-m6hy-v2x8-e3b5	https://security.archlinux.org/AVG-980	38.4.0
2026-04-18T03:46:28.556556+00:00	Arch Linux Importer	Fixing	VCID-k321-r7qq-gbb9	https://security.archlinux.org/AVG-965	38.4.0
2026-04-18T03:46:28.532380+00:00	Arch Linux Importer	Fixing	VCID-vvpm-3zhz-77dm	https://security.archlinux.org/AVG-965	38.4.0
2026-04-18T03:46:28.508197+00:00	Arch Linux Importer	Fixing	VCID-ugjs-4tca-d3dk	https://security.archlinux.org/AVG-965	38.4.0
2026-04-18T03:46:28.477287+00:00	Arch Linux Importer	Fixing	VCID-w5hu-w7mu-b3g3	https://security.archlinux.org/AVG-965	38.4.0
2026-04-18T03:46:28.443372+00:00	Arch Linux Importer	Fixing	VCID-shp3-hrvu-9kcp	https://security.archlinux.org/AVG-965	38.4.0
2026-04-18T03:46:28.417307+00:00	Arch Linux Importer	Fixing	VCID-k8nw-bn74-6qe5	https://security.archlinux.org/AVG-965	38.4.0
2026-04-18T03:46:28.389671+00:00	Arch Linux Importer	Fixing	VCID-fx8t-41tv-hkdu	https://security.archlinux.org/AVG-965	38.4.0
2026-04-18T03:46:28.362222+00:00	Arch Linux Importer	Fixing	VCID-tfry-ch3y-fyb1	https://security.archlinux.org/AVG-965	38.4.0
2026-04-18T03:46:28.336227+00:00	Arch Linux Importer	Fixing	VCID-sq1u-5jfc-dyh1	https://security.archlinux.org/AVG-965	38.4.0
2026-04-18T03:46:28.311250+00:00	Arch Linux Importer	Fixing	VCID-g3nf-qnz2-h7gg	https://security.archlinux.org/AVG-965	38.4.0
2026-04-18T03:46:28.286368+00:00	Arch Linux Importer	Fixing	VCID-7ej9-whhw-97hn	https://security.archlinux.org/AVG-965	38.4.0
2026-04-01T18:25:56.097885+00:00	Arch Linux Importer	Affected by	VCID-dk34-s8e2-uya4	https://security.archlinux.org/AVG-980	38.0.0
2026-04-01T18:25:56.074805+00:00	Arch Linux Importer	Affected by	VCID-ckth-a939-dydh	https://security.archlinux.org/AVG-980	38.0.0
2026-04-01T18:25:56.051412+00:00	Arch Linux Importer	Affected by	VCID-1x4b-p9es-u7fj	https://security.archlinux.org/AVG-980	38.0.0
2026-04-01T18:25:56.024985+00:00	Arch Linux Importer	Affected by	VCID-m6hy-v2x8-e3b5	https://security.archlinux.org/AVG-980	38.0.0
2026-04-01T18:24:29.467014+00:00	Arch Linux Importer	Fixing	VCID-k321-r7qq-gbb9	https://security.archlinux.org/AVG-965	38.0.0
2026-04-01T18:24:29.444011+00:00	Arch Linux Importer	Fixing	VCID-vvpm-3zhz-77dm	https://security.archlinux.org/AVG-965	38.0.0
2026-04-01T18:24:29.419562+00:00	Arch Linux Importer	Fixing	VCID-ugjs-4tca-d3dk	https://security.archlinux.org/AVG-965	38.0.0
2026-04-01T18:24:29.396166+00:00	Arch Linux Importer	Fixing	VCID-w5hu-w7mu-b3g3	https://security.archlinux.org/AVG-965	38.0.0
2026-04-01T18:24:29.371748+00:00	Arch Linux Importer	Fixing	VCID-shp3-hrvu-9kcp	https://security.archlinux.org/AVG-965	38.0.0
2026-04-01T18:24:29.347009+00:00	Arch Linux Importer	Fixing	VCID-k8nw-bn74-6qe5	https://security.archlinux.org/AVG-965	38.0.0
2026-04-01T18:24:29.323065+00:00	Arch Linux Importer	Fixing	VCID-fx8t-41tv-hkdu	https://security.archlinux.org/AVG-965	38.0.0
2026-04-01T18:24:29.299963+00:00	Arch Linux Importer	Fixing	VCID-tfry-ch3y-fyb1	https://security.archlinux.org/AVG-965	38.0.0
2026-04-01T18:24:29.275847+00:00	Arch Linux Importer	Fixing	VCID-sq1u-5jfc-dyh1	https://security.archlinux.org/AVG-965	38.0.0
2026-04-01T18:24:29.251012+00:00	Arch Linux Importer	Fixing	VCID-g3nf-qnz2-h7gg	https://security.archlinux.org/AVG-965	38.0.0
2026-04-01T18:24:29.226042+00:00	Arch Linux Importer	Fixing	VCID-7ej9-whhw-97hn	https://security.archlinux.org/AVG-965	38.0.0