VulnerableCode Package Details - pkg:deb/debian/thunderbird@1:115.9.0-1~deb11u1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-2tts-gwgd-zqcz	A vulnerability has been discovered in NSS, which can lead to the recovery of private data.	CVE-2023-5388
VCID-3vbp-2h4f-7bav	A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions.	CVE-2024-2611
VCID-41g2-dvb2-yqhg	Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.	CVE-2024-2614
VCID-46cy-x3cp-tke5	Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution.	CVE-2024-0743
VCID-b5y9-qmw5-nkbv	If an attacker could find a way to trigger a particular code path in SafeRefPtr, it could have triggered a crash or potentially be leveraged to achieve code execution.	CVE-2024-2612
VCID-g24d-23zk-6fgn	AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding() and AppendEncodedCharacters() could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write.	CVE-2024-2608
VCID-n8gb-hpjb-v7a5	Return registers were overwritten which could have allowed an attacker to execute arbitrary code. Note: This issue only affected Armv7-A systems. Other operating systems are unaffected.	CVE-2024-2607
VCID-pse8-xnc7-gkbv	Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies.	CVE-2024-2610
VCID-vcf2-b7mj-tfg4	To harden ICU against exploitation, the behavior for out-of-memory conditions was changed to crash instead of attempt to continue.	CVE-2024-2616
VCID-yg34-x56m-rufk	Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.	CVE-2024-1936

Vulnerability

Summary

Aliases

VCID-2tts-gwgd-zqcz

A vulnerability has been discovered in NSS, which can lead to the recovery of private data.

CVE-2023-5388

VCID-3vbp-2h4f-7bav

A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions.

CVE-2024-2611

VCID-41g2-dvb2-yqhg

Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

CVE-2024-2614

VCID-46cy-x3cp-tke5

Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution.

CVE-2024-0743

VCID-b5y9-qmw5-nkbv

If an attacker could find a way to trigger a particular code path in SafeRefPtr, it could have triggered a crash or potentially be leveraged to achieve code execution.

CVE-2024-2612

VCID-g24d-23zk-6fgn

AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding() and AppendEncodedCharacters() could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write.

CVE-2024-2608

VCID-n8gb-hpjb-v7a5

Return registers were overwritten which could have allowed an attacker to execute arbitrary code. *Note:* This issue only affected Armv7-A systems. Other operating systems are unaffected.

CVE-2024-2607

VCID-pse8-xnc7-gkbv

Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies.

CVE-2024-2610

VCID-vcf2-b7mj-tfg4

To harden ICU against exploitation, the behavior for out-of-memory conditions was changed to crash instead of attempt to continue.

CVE-2024-2616

VCID-yg34-x56m-rufk

Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.

CVE-2024-1936

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T13:14:07.551289+00:00	Debian Importer	Fixing	VCID-vcf2-b7mj-tfg4	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:59:37.864596+00:00	Debian Importer	Fixing	VCID-2tts-gwgd-zqcz	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:57:43.001174+00:00	Debian Importer	Fixing	VCID-yg34-x56m-rufk	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:49:46.147546+00:00	Debian Importer	Fixing	VCID-b5y9-qmw5-nkbv	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:45:20.670984+00:00	Debian Importer	Fixing	VCID-3vbp-2h4f-7bav	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:12:44.751757+00:00	Debian Importer	Fixing	VCID-g24d-23zk-6fgn	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:18:43.334218+00:00	Debian Importer	Fixing	VCID-46cy-x3cp-tke5	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:48:16.764452+00:00	Debian Importer	Fixing	VCID-pse8-xnc7-gkbv	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:44:14.668594+00:00	Debian Importer	Fixing	VCID-41g2-dvb2-yqhg	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:55:43.104490+00:00	Debian Importer	Fixing	VCID-n8gb-hpjb-v7a5	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T09:06:45.151622+00:00	Debian Importer	Fixing	VCID-vcf2-b7mj-tfg4	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:55:41.251506+00:00	Debian Importer	Fixing	VCID-2tts-gwgd-zqcz	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:54:12.712397+00:00	Debian Importer	Fixing	VCID-yg34-x56m-rufk	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:48:12.959347+00:00	Debian Importer	Fixing	VCID-b5y9-qmw5-nkbv	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:44:51.880430+00:00	Debian Importer	Fixing	VCID-3vbp-2h4f-7bav	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:21:12.390981+00:00	Debian Importer	Fixing	VCID-g24d-23zk-6fgn	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:56:26.689821+00:00	Debian Importer	Fixing	VCID-46cy-x3cp-tke5	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:33:01.158255+00:00	Debian Importer	Fixing	VCID-pse8-xnc7-gkbv	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:29:57.194476+00:00	Debian Importer	Fixing	VCID-41g2-dvb2-yqhg	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T17:59:30.505622+00:00	Debian Importer	Fixing	VCID-n8gb-hpjb-v7a5	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:54:48.841030+00:00	Debian Importer	Fixing	VCID-vcf2-b7mj-tfg4	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:54:48.786079+00:00	Debian Importer	Fixing	VCID-41g2-dvb2-yqhg	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:54:48.730972+00:00	Debian Importer	Fixing	VCID-b5y9-qmw5-nkbv	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:54:48.674793+00:00	Debian Importer	Fixing	VCID-3vbp-2h4f-7bav	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:54:48.618958+00:00	Debian Importer	Fixing	VCID-pse8-xnc7-gkbv	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:54:48.502688+00:00	Debian Importer	Fixing	VCID-g24d-23zk-6fgn	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:54:48.446085+00:00	Debian Importer	Fixing	VCID-n8gb-hpjb-v7a5	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:54:48.345672+00:00	Debian Importer	Fixing	VCID-yg34-x56m-rufk	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:54:46.295594+00:00	Debian Importer	Fixing	VCID-46cy-x3cp-tke5	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:54:44.828473+00:00	Debian Importer	Fixing	VCID-2tts-gwgd-zqcz	https://security-tracker.debian.org/tracker/data/json	38.1.0