VulnerableCode Package Details - pkg:apk/alpine/thunderbird@91.3.2-r0?arch=aarch64&distroversion=v3.18&reponame=community

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:apk/alpine/thunderbird@91.3.2-r0?arch=aarch64&distroversion=v3.18&reponame=community

Essentials
History (48)

purl	pkg:apk/alpine/thunderbird@91.3.2-r0?arch=aarch64&distroversion=v3.18&reponame=community

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (48)

Vulnerability	Summary	Aliases
VCID-1e61-jk2b-aubw	Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code.	CVE-2021-23994
VCID-1rj3-tt63-4yc1	Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks.	CVE-2021-38497
VCID-2cd3-m37k-5ydh	Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code.	CVE-2021-29946
VCID-2k99-39yt-gkbe	During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash.	CVE-2021-38496
VCID-2syj-hbw7-fkbp	Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.	CVE-2021-29988
VCID-3zwq-1hwc-3fgj	Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.	CVE-2021-29976
VCID-4vt1-q4wj-87bm	Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.	CVE-2021-29980
VCID-5aga-y5nk-5fha	A locally-installed hostile program could send `WM_COPYDATA` messages that Firefox would processing incorrectly, leading to an out-of-bounds read. This bug only affects Firefox on Windows. Other operating systems are unaffected.	CVE-2021-29964
VCID-5qap-6r9b-6qbv	Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.	CVE-2021-38493
VCID-66dg-7sm8-vbgx	Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.	CVE-2021-29970
VCID-6fkp-5fzu-fydp	Mozilla developers and community members Andreas Pehrson and Christian Holler reported memory safety bugs present in Thunderbird 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.	CVE-2021-38500
VCID-74zp-pzc4-efhm	Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.	CVE-2021-38495
VCID-7fvy-7hpe-kbej	Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.	CVE-2021-38492
VCID-8fu2-5gxg-ekhy	Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code.	CVE-2021-23961
VCID-9kc8-k5kc-u7em	Firefox incorrectly accepted a newline in a HTTP/3 header, interpreting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3.	CVE-2021-29991
VCID-9y48-sjn7-rqeu	Mozilla developers and community members Kevin Brosnan, Mihai Alexandru Michis, and Christian Holler reported memory safety bugs present in Thunderbird 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.	CVE-2021-38501
VCID-a659-299u-byfb	Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.	CVE-2021-29986
VCID-b2py-tgw4-hqh8	Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.	CVE-2021-29948
VCID-b8c2-qrxm-sybt	Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.	CVE-2021-38508
VCID-b911-qnc2-x3aj	Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.	CVE-2021-38509
VCID-c51s-yenc-4yab	Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.	CVE-2021-38504
VCID-ddem-1dt1-uff7	Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.	CVE-2021-38503
VCID-dedv-96fb-vyhp	Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.	CVE-2021-29967
VCID-e38r-grgp-rfbn	Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code.	CVE-2021-23998
VCID-ea7p-189v-mqbq	Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.	CVE-2021-29969
VCID-hhu1-cgcx-nfev	During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash.	CVE-2021-38498
VCID-jy6e-d578-nkcg	Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.	CVE-2021-38507
VCID-k4e4-363e-xyff	Mozilla developers and community members Christian Holler, Valentin Gosu, and Andrew McCreight reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.	CVE-2021-43534
VCID-kat5-hy8e-skah	Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.	CVE-2021-29989
VCID-khsw-jwtm-8faq	A use-after-free could have occurred when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash.	CVE-2021-43535
VCID-mkyz-6v1k-wyen	Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code.	CVE-2021-29987
VCID-n4kc-y37w-qkdk	Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.	CVE-2021-38506
VCID-q5ch-b97k-k3hp	Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code.	CVE-2021-29982
VCID-q77k-hc9g-9fhm	The Mozilla Maintenance Service granted SERVICE_START access to BUILTIN\|Users which, in a domain network, grants normal remote users access to start or stop the service. This could be used to prevent the browser update service from operating (if an attacker spammed the 'Stop' command); but also exposed attack surface in the maintenance service.Note: This issue only affected Windows operating systems older than Win 10 build 1709. Other operating systems are unaffected.	CVE-2021-29951
VCID-qq5h-5k45-rycm	Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code.	CVE-2021-23995
VCID-qv8f-9y37-bbdk	Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.	CVE-2021-29985
VCID-t769-2t1u-57b6	Microsoft introduced a new feature in Windows 10 known as Cloud Clipboard which, if enabled, will record data copied to the clipboard to the cloud, and make it available on other computers in certain scenarios. Applications that wish to prevent copied data from being recorded in Cloud History must use specific clipboard formats; and Firefox before versions 94 and ESR 91.3 did not implement them. This could have caused sensitive data to be recorded to a user's Microsoft account.This bug only affects Firefox for Windows 10+ with Cloud Clipboard enabled. Other operating systems are unaffected.	CVE-2021-38505
VCID-teh4-fmg6-53ab	Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.	CVE-2021-30547
VCID-tjtk-gghp-1kdf	Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code.	CVE-2021-23999
VCID-vgf2-x49m-cqde	If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the message are protected.	CVE-2021-29957
VCID-vt2f-abwe-4ba2	Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code.	CVE-2021-24002
VCID-vtjf-sufh-p3h4	crossbeam-deque Data Race before v0.7.4 and v0.8.1 ### Impact In the affected version of this crate, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this can cause double free and a memory leak. If not, this still can cause a logical bug. Crates using `Stealer::steal`, `Stealer::steal_batch`, or `Stealer::steal_batch_and_pop` are affected by this issue. ### Patches This has been fixed in crossbeam-deque 0.8.1 and 0.7.4. ### Credits This issue was reported and fixed by Maor Kleinberger. ### License This advisory is in the public domain.	CVE-2021-32810 GHSA-pqqp-xmhj-wgcw
VCID-vtwu-x1vt-x3bq	Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code.	CVE-2021-29945
VCID-w68x-99b7-7qgs	Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.	CVE-2021-29984
VCID-wzpf-nter-m3dv	OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were stored unencrypted on the user's local disk. The master password protection was inactive for those keys. Version 78.10.2 will restore the protection mechanism for newly imported keys, and will automatically protect keys that had been imported using affected Thunderbird versions.	CVE-2021-29956
VCID-x8sj-apw2-e3h6	Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code.	CVE-2021-29981
VCID-yfmg-82tr-gfec	The executable file warning was not presented when downloading .inetloc files, which, due to a flaw in Mac OS, can run commands on a user's computer.Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.	CVE-2021-38510
VCID-zwz9-pt55-t3c6	Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was configured, the MITM could obtain the authentication credentials, too.	CVE-2021-38502

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-08T06:24:05.284690+00:00	Alpine Linux Importer	Fixing	VCID-tjtk-gghp-1kdf	https://secdb.alpinelinux.org/v3.18/community.json	38.1.0
2026-04-08T06:23:37.646220+00:00	Alpine Linux Importer	Fixing	VCID-zwz9-pt55-t3c6	https://secdb.alpinelinux.org/v3.18/community.json	38.1.0
2026-04-07T13:58:19.489725+00:00	Alpine Linux Importer	Fixing	VCID-9kc8-k5kc-u7em	https://secdb.alpinelinux.org/v3.18/community.json	38.1.0
2026-04-07T13:58:11.525472+00:00	Alpine Linux Importer	Fixing	VCID-5aga-y5nk-5fha	https://secdb.alpinelinux.org/v3.18/community.json	38.1.0
2026-04-07T13:57:57.789577+00:00	Alpine Linux Importer	Fixing	VCID-74zp-pzc4-efhm	https://secdb.alpinelinux.org/v3.18/community.json	38.1.0
2026-04-06T04:54:56.666840+00:00	Alpine Linux Importer	Fixing	VCID-kat5-hy8e-skah	https://secdb.alpinelinux.org/v3.18/community.json	38.1.0
2026-04-06T04:54:17.412431+00:00	Alpine Linux Importer	Fixing	VCID-n4kc-y37w-qkdk	https://secdb.alpinelinux.org/v3.18/community.json	38.1.0
2026-04-06T04:48:58.577657+00:00	Alpine Linux Importer	Fixing	VCID-1rj3-tt63-4yc1	https://secdb.alpinelinux.org/v3.18/community.json	38.1.0
2026-04-06T04:48:31.478885+00:00	Alpine Linux Importer	Fixing	VCID-q77k-hc9g-9fhm	https://secdb.alpinelinux.org/v3.18/community.json	38.1.0
2026-04-03T17:57:47.375222+00:00	Alpine Linux Importer	Fixing	VCID-7fvy-7hpe-kbej	https://secdb.alpinelinux.org/v3.18/community.json	38.1.0
2026-04-03T17:56:13.820749+00:00	Alpine Linux Importer	Fixing	VCID-ea7p-189v-mqbq	https://secdb.alpinelinux.org/v3.18/community.json	38.1.0
2026-04-03T17:54:05.267293+00:00	Alpine Linux Importer	Fixing	VCID-b911-qnc2-x3aj	https://secdb.alpinelinux.org/v3.18/community.json	38.1.0
2026-04-03T17:53:12.796016+00:00	Alpine Linux Importer	Fixing	VCID-9y48-sjn7-rqeu	https://secdb.alpinelinux.org/v3.18/community.json	38.1.0
2026-04-03T17:51:00.730092+00:00	Alpine Linux Importer	Fixing	VCID-ddem-1dt1-uff7	https://secdb.alpinelinux.org/v3.18/community.json	38.1.0
2026-04-03T17:47:59.759852+00:00	Alpine Linux Importer	Fixing	VCID-a659-299u-byfb	https://secdb.alpinelinux.org/v3.18/community.json	38.1.0
2026-04-03T17:46:52.853345+00:00	Alpine Linux Importer	Fixing	VCID-t769-2t1u-57b6	https://secdb.alpinelinux.org/v3.18/community.json	38.1.0
2026-04-01T19:33:13.864309+00:00	Alpine Linux Importer	Fixing	VCID-c51s-yenc-4yab	https://secdb.alpinelinux.org/v3.18/community.json	38.0.0
2026-04-01T19:32:44.364930+00:00	Alpine Linux Importer	Fixing	VCID-jy6e-d578-nkcg	https://secdb.alpinelinux.org/v3.18/community.json	38.0.0
2026-04-01T19:32:37.638276+00:00	Alpine Linux Importer	Fixing	VCID-1e61-jk2b-aubw	https://secdb.alpinelinux.org/v3.18/community.json	38.0.0
2026-04-01T19:30:42.323676+00:00	Alpine Linux Importer	Fixing	VCID-hhu1-cgcx-nfev	https://secdb.alpinelinux.org/v3.18/community.json	38.0.0
2026-04-01T19:30:27.238449+00:00	Alpine Linux Importer	Fixing	VCID-x8sj-apw2-e3h6	https://secdb.alpinelinux.org/v3.18/community.json	38.0.0
2026-04-01T19:30:01.850561+00:00	Alpine Linux Importer	Fixing	VCID-vgf2-x49m-cqde	https://secdb.alpinelinux.org/v3.18/community.json	38.0.0
2026-04-01T19:25:30.073910+00:00	Alpine Linux Importer	Fixing	VCID-2syj-hbw7-fkbp	https://secdb.alpinelinux.org/v3.18/community.json	38.0.0
2026-04-01T19:25:22.183676+00:00	Alpine Linux Importer	Fixing	VCID-2k99-39yt-gkbe	https://secdb.alpinelinux.org/v3.18/community.json	38.0.0
2026-04-01T19:24:47.817746+00:00	Alpine Linux Importer	Fixing	VCID-4vt1-q4wj-87bm	https://secdb.alpinelinux.org/v3.18/community.json	38.0.0
2026-04-01T19:24:29.662005+00:00	Alpine Linux Importer	Fixing	VCID-3zwq-1hwc-3fgj	https://secdb.alpinelinux.org/v3.18/community.json	38.0.0
2026-04-01T19:24:07.607477+00:00	Alpine Linux Importer	Fixing	VCID-b2py-tgw4-hqh8	https://secdb.alpinelinux.org/v3.18/community.json	38.0.0
2026-04-01T19:19:32.015595+00:00	Alpine Linux Importer	Fixing	VCID-8fu2-5gxg-ekhy	https://secdb.alpinelinux.org/v3.18/community.json	38.0.0
2026-04-01T19:18:25.083928+00:00	Alpine Linux Importer	Fixing	VCID-e38r-grgp-rfbn	https://secdb.alpinelinux.org/v3.18/community.json	38.0.0
2026-04-01T19:15:14.116915+00:00	Alpine Linux Importer	Fixing	VCID-k4e4-363e-xyff	https://secdb.alpinelinux.org/v3.18/community.json	38.0.0
2026-04-01T19:14:18.932277+00:00	Alpine Linux Importer	Fixing	VCID-5qap-6r9b-6qbv	https://secdb.alpinelinux.org/v3.18/community.json	38.0.0
2026-04-01T19:13:54.502583+00:00	Alpine Linux Importer	Fixing	VCID-wzpf-nter-m3dv	https://secdb.alpinelinux.org/v3.18/community.json	38.0.0
2026-04-01T19:12:22.994612+00:00	Alpine Linux Importer	Fixing	VCID-teh4-fmg6-53ab	https://secdb.alpinelinux.org/v3.18/community.json	38.0.0
2026-04-01T19:10:16.424130+00:00	Alpine Linux Importer	Fixing	VCID-dedv-96fb-vyhp	https://secdb.alpinelinux.org/v3.18/community.json	38.0.0
2026-04-01T19:08:06.381087+00:00	Alpine Linux Importer	Fixing	VCID-vtwu-x1vt-x3bq	https://secdb.alpinelinux.org/v3.18/community.json	38.0.0
2026-04-01T19:03:27.030398+00:00	Alpine Linux Importer	Fixing	VCID-vtjf-sufh-p3h4	https://secdb.alpinelinux.org/v3.18/community.json	38.0.0
2026-04-01T19:03:16.250093+00:00	Alpine Linux Importer	Fixing	VCID-qq5h-5k45-rycm	https://secdb.alpinelinux.org/v3.18/community.json	38.0.0
2026-04-01T19:01:18.135203+00:00	Alpine Linux Importer	Fixing	VCID-b8c2-qrxm-sybt	https://secdb.alpinelinux.org/v3.18/community.json	38.0.0
2026-04-01T19:00:44.622918+00:00	Alpine Linux Importer	Fixing	VCID-mkyz-6v1k-wyen	https://secdb.alpinelinux.org/v3.18/community.json	38.0.0
2026-04-01T18:56:10.077039+00:00	Alpine Linux Importer	Fixing	VCID-qv8f-9y37-bbdk	https://secdb.alpinelinux.org/v3.18/community.json	38.0.0
2026-04-01T18:53:32.060235+00:00	Alpine Linux Importer	Fixing	VCID-q5ch-b97k-k3hp	https://secdb.alpinelinux.org/v3.18/community.json	38.0.0
2026-04-01T18:52:01.758123+00:00	Alpine Linux Importer	Fixing	VCID-vt2f-abwe-4ba2	https://secdb.alpinelinux.org/v3.18/community.json	38.0.0
2026-04-01T18:51:59.996246+00:00	Alpine Linux Importer	Fixing	VCID-w68x-99b7-7qgs	https://secdb.alpinelinux.org/v3.18/community.json	38.0.0
2026-04-01T18:50:56.430566+00:00	Alpine Linux Importer	Fixing	VCID-khsw-jwtm-8faq	https://secdb.alpinelinux.org/v3.18/community.json	38.0.0
2026-04-01T18:49:52.383338+00:00	Alpine Linux Importer	Fixing	VCID-2cd3-m37k-5ydh	https://secdb.alpinelinux.org/v3.18/community.json	38.0.0
2026-04-01T18:48:04.030991+00:00	Alpine Linux Importer	Fixing	VCID-66dg-7sm8-vbgx	https://secdb.alpinelinux.org/v3.18/community.json	38.0.0
2026-04-01T18:48:02.991188+00:00	Alpine Linux Importer	Fixing	VCID-yfmg-82tr-gfec	https://secdb.alpinelinux.org/v3.18/community.json	38.0.0
2026-04-01T18:47:46.767565+00:00	Alpine Linux Importer	Fixing	VCID-6fkp-5fzu-fydp	https://secdb.alpinelinux.org/v3.18/community.json	38.0.0