VulnerableCode Package Details - pkg:apk/alpine/firefox-esr@91.2.0-r0?arch=armhf&distroversion=edge&reponame=community

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-1rj3-tt63-4yc1	Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks.	CVE-2021-38497
VCID-2k99-39yt-gkbe	During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash.	CVE-2021-38496
VCID-5qap-6r9b-6qbv	Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.	CVE-2021-38493
VCID-6fkp-5fzu-fydp	Mozilla developers and community members Andreas Pehrson and Christian Holler reported memory safety bugs present in Thunderbird 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.	CVE-2021-38500
VCID-74zp-pzc4-efhm	Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.	CVE-2021-38495
VCID-7fvy-7hpe-kbej	Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.	CVE-2021-38492
VCID-9y48-sjn7-rqeu	Mozilla developers and community members Kevin Brosnan, Mihai Alexandru Michis, and Christian Holler reported memory safety bugs present in Thunderbird 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.	CVE-2021-38501
VCID-hhu1-cgcx-nfev	During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash.	CVE-2021-38498
VCID-vtjf-sufh-p3h4	crossbeam-deque Data Race before v0.7.4 and v0.8.1 ### Impact In the affected version of this crate, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this can cause double free and a memory leak. If not, this still can cause a logical bug. Crates using `Stealer::steal`, `Stealer::steal_batch`, or `Stealer::steal_batch_and_pop` are affected by this issue. ### Patches This has been fixed in crossbeam-deque 0.8.1 and 0.7.4. ### Credits This issue was reported and fixed by Maor Kleinberger. ### License This advisory is in the public domain.	CVE-2021-32810 GHSA-pqqp-xmhj-wgcw

Vulnerability

Summary

Aliases

VCID-1rj3-tt63-4yc1

Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks.

CVE-2021-38497

VCID-2k99-39yt-gkbe

During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash.

CVE-2021-38496

VCID-5qap-6r9b-6qbv

Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.

CVE-2021-38493

VCID-6fkp-5fzu-fydp

Mozilla developers and community members Andreas Pehrson and Christian Holler reported memory safety bugs present in Thunderbird 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

CVE-2021-38500

VCID-74zp-pzc4-efhm

Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.

CVE-2021-38495

VCID-7fvy-7hpe-kbej

Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.

CVE-2021-38492

VCID-9y48-sjn7-rqeu

Mozilla developers and community members Kevin Brosnan, Mihai Alexandru Michis, and Christian Holler reported memory safety bugs present in Thunderbird 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

CVE-2021-38501

VCID-hhu1-cgcx-nfev

During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash.

CVE-2021-38498

VCID-vtjf-sufh-p3h4

crossbeam-deque Data Race before v0.7.4 and v0.8.1 ### Impact In the affected version of this crate, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this can cause double free and a memory leak. If not, this still can cause a logical bug. Crates using `Stealer::steal`, `Stealer::steal_batch`, or `Stealer::steal_batch_and_pop` are affected by this issue. ### Patches This has been fixed in crossbeam-deque 0.8.1 and 0.7.4. ### Credits This issue was reported and fixed by Maor Kleinberger. ### License This advisory is in the public domain.

CVE-2021-32810
GHSA-pqqp-xmhj-wgcw

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-08T06:25:50.093098+00:00	Alpine Linux Importer	Fixing	VCID-74zp-pzc4-efhm	https://secdb.alpinelinux.org/edge/community.json	38.1.0
2026-04-06T04:46:39.277645+00:00	Alpine Linux Importer	Fixing	VCID-5qap-6r9b-6qbv	https://secdb.alpinelinux.org/edge/community.json	38.1.0
2026-04-03T17:57:18.154228+00:00	Alpine Linux Importer	Fixing	VCID-hhu1-cgcx-nfev	https://secdb.alpinelinux.org/edge/community.json	38.1.0
2026-04-03T17:50:43.554040+00:00	Alpine Linux Importer	Fixing	VCID-7fvy-7hpe-kbej	https://secdb.alpinelinux.org/edge/community.json	38.1.0
2026-04-03T17:49:46.558015+00:00	Alpine Linux Importer	Fixing	VCID-1rj3-tt63-4yc1	https://secdb.alpinelinux.org/edge/community.json	38.1.0
2026-04-01T19:28:05.684235+00:00	Alpine Linux Importer	Fixing	VCID-vtjf-sufh-p3h4	https://secdb.alpinelinux.org/edge/community.json	38.0.0
2026-04-01T19:23:27.254651+00:00	Alpine Linux Importer	Fixing	VCID-9y48-sjn7-rqeu	https://secdb.alpinelinux.org/edge/community.json	38.0.0
2026-04-01T19:11:11.314363+00:00	Alpine Linux Importer	Fixing	VCID-2k99-39yt-gkbe	https://secdb.alpinelinux.org/edge/community.json	38.0.0
2026-04-01T18:56:15.895615+00:00	Alpine Linux Importer	Fixing	VCID-6fkp-5fzu-fydp	https://secdb.alpinelinux.org/edge/community.json	38.0.0