VulnerableCode Package Details - pkg:deb/debian/firefox@131.0-1?distro=sid

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-1z5d-4wfm-8yfk	Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.	CVE-2024-9396
VCID-7wvh-upas-2bgh	An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin. This could allow them to access cross-origin JSON content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions.	CVE-2024-9394
VCID-9caj-c15z-xuf5	Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.	CVE-2024-9403
VCID-bsnh-1chq-z7ae	Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.	CVE-2024-9400
VCID-jebk-6hja-ukfc	Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.	CVE-2024-9402
VCID-k3ec-bt9r-pkhg	Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.	CVE-2024-9397
VCID-ka9e-ps8e-ryc8	Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.	CVE-2024-9392
VCID-kpun-mgtm-5uhd	Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.	CVE-2024-9399
VCID-kx3j-abfc-qfh2	An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin. This could allow them to access cross-origin PDF content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions.	CVE-2024-9393
VCID-pmkt-c3bw-zkhz	By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed.	CVE-2024-9398
VCID-z6yt-va55-s3ey	Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.	CVE-2024-9401

Vulnerability

Summary

Aliases

VCID-1z5d-4wfm-8yfk

Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.

CVE-2024-9396

VCID-7wvh-upas-2bgh

An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin. This could allow them to access cross-origin JSON content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions.

CVE-2024-9394

VCID-9caj-c15z-xuf5

Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.

CVE-2024-9403

VCID-bsnh-1chq-z7ae

Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.

CVE-2024-9400

VCID-jebk-6hja-ukfc

Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.

CVE-2024-9402

VCID-k3ec-bt9r-pkhg

Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.

CVE-2024-9397

VCID-ka9e-ps8e-ryc8

Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.

CVE-2024-9392

VCID-kpun-mgtm-5uhd

Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.

CVE-2024-9399

VCID-kx3j-abfc-qfh2

An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin. This could allow them to access cross-origin PDF content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions.

CVE-2024-9393

VCID-pmkt-c3bw-zkhz

By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed.

CVE-2024-9398

VCID-z6yt-va55-s3ey

Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.

CVE-2024-9401

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T13:02:17.761465+00:00	Debian Importer	Fixing	VCID-ka9e-ps8e-ryc8	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:27:29.845748+00:00	Debian Importer	Fixing	VCID-pmkt-c3bw-zkhz	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:59:30.376369+00:00	Debian Importer	Fixing	VCID-9caj-c15z-xuf5	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:20:01.137654+00:00	Debian Importer	Fixing	VCID-1z5d-4wfm-8yfk	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:23:28.691506+00:00	Debian Importer	Fixing	VCID-bsnh-1chq-z7ae	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:58:22.189665+00:00	Debian Importer	Fixing	VCID-kx3j-abfc-qfh2	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:57:33.495370+00:00	Debian Importer	Fixing	VCID-7wvh-upas-2bgh	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:13:25.867389+00:00	Debian Importer	Fixing	VCID-k3ec-bt9r-pkhg	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:56:21.985122+00:00	Debian Importer	Fixing	VCID-z6yt-va55-s3ey	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:54:34.532510+00:00	Debian Importer	Fixing	VCID-jebk-6hja-ukfc	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:45:59.882126+00:00	Debian Importer	Fixing	VCID-kpun-mgtm-5uhd	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:57:43.227977+00:00	Debian Importer	Fixing	VCID-ka9e-ps8e-ryc8	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:31:39.916499+00:00	Debian Importer	Fixing	VCID-pmkt-c3bw-zkhz	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:11:18.762173+00:00	Debian Importer	Fixing	VCID-9caj-c15z-xuf5	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:42:48.067313+00:00	Debian Importer	Fixing	VCID-1z5d-4wfm-8yfk	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:00:08.705249+00:00	Debian Importer	Fixing	VCID-bsnh-1chq-z7ae	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:40:50.146292+00:00	Debian Importer	Fixing	VCID-kx3j-abfc-qfh2	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:40:14.766480+00:00	Debian Importer	Fixing	VCID-7wvh-upas-2bgh	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:10:12.486791+00:00	Debian Importer	Fixing	VCID-k3ec-bt9r-pkhg	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T17:59:56.290790+00:00	Debian Importer	Fixing	VCID-z6yt-va55-s3ey	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T17:58:45.564841+00:00	Debian Importer	Fixing	VCID-jebk-6hja-ukfc	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T17:53:20.521004+00:00	Debian Importer	Fixing	VCID-kpun-mgtm-5uhd	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-02T17:18:35.050503+00:00	Debian Importer	Fixing	VCID-ka9e-ps8e-ryc8	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:17:48.310793+00:00	Debian Importer	Fixing	VCID-jebk-6hja-ukfc	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:16:44.249643+00:00	Debian Importer	Fixing	VCID-pmkt-c3bw-zkhz	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:14:06.502007+00:00	Debian Importer	Fixing	VCID-9caj-c15z-xuf5	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:13:22.361495+00:00	Debian Importer	Fixing	VCID-z6yt-va55-s3ey	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:12:02.850641+00:00	Debian Importer	Fixing	VCID-1z5d-4wfm-8yfk	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:12:02.188960+00:00	Debian Importer	Fixing	VCID-kpun-mgtm-5uhd	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:11:57.385259+00:00	Debian Importer	Fixing	VCID-kx3j-abfc-qfh2	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:07:59.001564+00:00	Debian Importer	Fixing	VCID-bsnh-1chq-z7ae	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:06:57.026878+00:00	Debian Importer	Fixing	VCID-k3ec-bt9r-pkhg	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:06:33.741984+00:00	Debian Importer	Fixing	VCID-7wvh-upas-2bgh	https://security-tracker.debian.org/tracker/data/json	38.1.0