Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/thunderbird@1:102.10.0-1?distro=trixie
purl pkg:deb/debian/thunderbird@1:102.10.0-1?distro=trixie
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (11)
Vulnerability Summary Aliases
VCID-5hzf-gdbj-8ud8 Double Free There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free. CVE-2023-1999
VCID-73wu-d7y3-7bge Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. CVE-2023-1945
VCID-7b8k-mgs3-cud5 Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. CVE-2023-29550
VCID-a8gt-y9j7-zuhs Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. CVE-2023-29548
VCID-as8g-vnyj-u7hk Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. CVE-2023-29539
VCID-bc7q-srps-sfd7 Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. CVE-2023-29541
VCID-eu3v-wzxr-pbd3 Certain malformed OpenPGP messages could trigger incorrect parsing of PKESK/SKESK packets due to a bug in the Ribose RNP library used by Thunderbird up to version 102.9.1, which would cause the Thunderbird user interface to hang. The issue was discovered using Google's oss-fuzz. CVE-2023-29479
VCID-j6c3-817n-zydj OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug. CVE-2023-0547
VCID-w814-2cmz-ruhz Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. CVE-2023-29535
VCID-yhj1-h62u-mud5 Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. CVE-2023-29533
VCID-yjyu-u73t-u7bh Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. CVE-2023-29536

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T13:18:22.740896+00:00 Debian Importer Fixing VCID-as8g-vnyj-u7hk https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T13:11:34.242409+00:00 Debian Importer Fixing VCID-73wu-d7y3-7bge https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:41:15.889588+00:00 Debian Importer Fixing VCID-yhj1-h62u-mud5 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:25:59.987628+00:00 Debian Importer Fixing VCID-7b8k-mgs3-cud5 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:17:01.421234+00:00 Debian Importer Fixing VCID-5hzf-gdbj-8ud8 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:36:53.423080+00:00 Debian Importer Fixing VCID-a8gt-y9j7-zuhs https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:11:14.621140+00:00 Debian Importer Fixing VCID-w814-2cmz-ruhz https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:08:17.187886+00:00 Debian Importer Fixing VCID-bc7q-srps-sfd7 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:21:36.818697+00:00 Debian Importer Fixing VCID-yjyu-u73t-u7bh https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:10:48.050009+00:00 Debian Importer Fixing VCID-eu3v-wzxr-pbd3 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T08:46:27.954204+00:00 Debian Importer Fixing VCID-j6c3-817n-zydj https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-13T09:10:00.544643+00:00 Debian Importer Fixing VCID-as8g-vnyj-u7hk https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T09:04:42.479336+00:00 Debian Importer Fixing VCID-73wu-d7y3-7bge https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:41:45.778687+00:00 Debian Importer Fixing VCID-yhj1-h62u-mud5 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:30:36.541214+00:00 Debian Importer Fixing VCID-7b8k-mgs3-cud5 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:24:01.027063+00:00 Debian Importer Fixing VCID-5hzf-gdbj-8ud8 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:10:24.979780+00:00 Debian Importer Fixing VCID-a8gt-y9j7-zuhs https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T06:50:44.470424+00:00 Debian Importer Fixing VCID-w814-2cmz-ruhz https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T06:48:33.118742+00:00 Debian Importer Fixing VCID-bc7q-srps-sfd7 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:15:06.016892+00:00 Debian Importer Fixing VCID-yjyu-u73t-u7bh https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:08:42.391429+00:00 Debian Importer Fixing VCID-eu3v-wzxr-pbd3 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T17:53:36.212405+00:00 Debian Importer Fixing VCID-j6c3-817n-zydj https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-03T07:54:42.130939+00:00 Debian Importer Fixing VCID-7b8k-mgs3-cud5 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:54:42.081706+00:00 Debian Importer Fixing VCID-a8gt-y9j7-zuhs https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:54:41.944798+00:00 Debian Importer Fixing VCID-bc7q-srps-sfd7 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:54:41.895542+00:00 Debian Importer Fixing VCID-as8g-vnyj-u7hk https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:54:41.845935+00:00 Debian Importer Fixing VCID-yjyu-u73t-u7bh https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:54:41.796501+00:00 Debian Importer Fixing VCID-w814-2cmz-ruhz https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:54:41.747408+00:00 Debian Importer Fixing VCID-yhj1-h62u-mud5 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:54:41.611048+00:00 Debian Importer Fixing VCID-eu3v-wzxr-pbd3 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:54:40.364847+00:00 Debian Importer Fixing VCID-5hzf-gdbj-8ud8 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:54:40.314625+00:00 Debian Importer Fixing VCID-73wu-d7y3-7bge https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:54:40.162224+00:00 Debian Importer Fixing VCID-j6c3-817n-zydj https://security-tracker.debian.org/tracker/data/json 38.1.0