VulnerableCode Package Details - pkg:apk/alpine/thunderbird@78.6.1-r0?arch=x86&distroversion=v3.22&reponame=community

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-78wc-qm38-kkbc	If a user downloaded a file lacking an extension on Windows, and then "Open"-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an executable extension (such as .bat or .exe) that executable would have been launched instead.Note: This issue only affected Windows operating systems. Other operating systems are unaffected.	CVE-2020-35112
VCID-8mzj-eamk-7fc1	When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash.	CVE-2020-26974
VCID-g9nv-cy62-kqaq	When a BigInt was right-shifted the backing store was not properly cleared, allowing uninitialized memory to be read.	CVE-2020-16042
VCID-nt84-fw68-3bdb	Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine.	CVE-2020-26978
VCID-r31j-njtr-qycb	Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers.	CVE-2020-26971
VCID-xcqr-m62v-97ax	Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass.	CVE-2020-26973
VCID-ztky-zkqg-vkb3	When an extension with the proxy permission registered to receive <all_urls>, the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have inadvertently leaked their IP address.	CVE-2020-35111

Vulnerability

Summary

Aliases

VCID-78wc-qm38-kkbc

If a user downloaded a file lacking an extension on Windows, and then "Open"-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an executable extension (such as .bat or .exe) that executable would have been launched instead.*Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*

CVE-2020-35112

VCID-8mzj-eamk-7fc1

When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash.

CVE-2020-26974

VCID-g9nv-cy62-kqaq

When a BigInt was right-shifted the backing store was not properly cleared, allowing uninitialized memory to be read.

CVE-2020-16042

VCID-nt84-fw68-3bdb

Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine.

CVE-2020-26978

VCID-r31j-njtr-qycb

Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers.

CVE-2020-26971

VCID-xcqr-m62v-97ax

Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass.

CVE-2020-26973

VCID-ztky-zkqg-vkb3

When an extension with the proxy permission registered to receive <all_urls>, the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have inadvertently leaked their IP address.

CVE-2020-35111

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-29T10:10:09.391517+00:00	Alpine Linux Importer	Fixing	VCID-78wc-qm38-kkbc	https://secdb.alpinelinux.org/v3.22/community.json	38.6.0
2026-05-29T09:56:25.878856+00:00	Alpine Linux Importer	Fixing	VCID-8mzj-eamk-7fc1	https://secdb.alpinelinux.org/v3.22/community.json	38.6.0
2026-05-29T09:54:15.242734+00:00	Alpine Linux Importer	Fixing	VCID-xcqr-m62v-97ax	https://secdb.alpinelinux.org/v3.22/community.json	38.6.0
2026-05-29T09:51:30.097651+00:00	Alpine Linux Importer	Fixing	VCID-g9nv-cy62-kqaq	https://secdb.alpinelinux.org/v3.22/community.json	38.6.0
2026-05-29T09:47:01.442143+00:00	Alpine Linux Importer	Fixing	VCID-ztky-zkqg-vkb3	https://secdb.alpinelinux.org/v3.22/community.json	38.6.0
2026-05-29T09:35:18.062064+00:00	Alpine Linux Importer	Fixing	VCID-nt84-fw68-3bdb	https://secdb.alpinelinux.org/v3.22/community.json	38.6.0
2026-05-29T09:31:49.888449+00:00	Alpine Linux Importer	Fixing	VCID-r31j-njtr-qycb	https://secdb.alpinelinux.org/v3.22/community.json	38.6.0