Search for packages
| purl | pkg:deb/debian/thunderbird@1:102.10.0-1~deb11u1?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-5hzf-gdbj-8ud8 | Double Free There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free. |
CVE-2023-1999
|
| VCID-73wu-d7y3-7bge | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2023-1945
|
| VCID-7b8k-mgs3-cud5 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2023-29550
|
| VCID-a8gt-y9j7-zuhs | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2023-29548
|
| VCID-as8g-vnyj-u7hk | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2023-29539
|
| VCID-bc7q-srps-sfd7 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2023-29541
|
| VCID-eu3v-wzxr-pbd3 | Certain malformed OpenPGP messages could trigger incorrect parsing of PKESK/SKESK packets due to a bug in the Ribose RNP library used by Thunderbird up to version 102.9.1, which would cause the Thunderbird user interface to hang. The issue was discovered using Google's oss-fuzz. |
CVE-2023-29479
|
| VCID-fs3v-8fsn-uygj | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data presented to the consumer. This vulnerability is distinct from GHSA-rfv9-x7hh-xc32 which covers a similar issue. The issue has been patched in matrix-js-sdk 24.0.0 and users are advised to upgrade. There are no known workarounds for this vulnerability. |
CVE-2023-28427
GHSA-mwq8-fjpf-c2gr |
| VCID-j6c3-817n-zydj | OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug. |
CVE-2023-0547
|
| VCID-w814-2cmz-ruhz | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2023-29535
|
| VCID-yhj1-h62u-mud5 | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2023-29533
|
| VCID-yjyu-u73t-u7bh | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2023-29536
|