VulnerableCode Package Details - pkg:deb/debian/thunderbird@1:128.14.0esr-1~deb12u1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-9rm3-u7dy-zuhu	Same-origin policy bypass in the Graphics: Canvas2D component.	CVE-2025-9180
VCID-f2tn-1hq4-uffa	An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process.	CVE-2025-9179
VCID-hfp7-jaxc-2khq	Uninitialized memory in the JavaScript Engine component.	CVE-2025-9181
VCID-vz6w-wghm-nqaq	Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.	CVE-2025-9185

Vulnerability

Summary

Aliases

VCID-9rm3-u7dy-zuhu

Same-origin policy bypass in the Graphics: Canvas2D component.

CVE-2025-9180

VCID-f2tn-1hq4-uffa

An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process.

CVE-2025-9179

VCID-hfp7-jaxc-2khq

Uninitialized memory in the JavaScript Engine component.

CVE-2025-9181

VCID-vz6w-wghm-nqaq

Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

CVE-2025-9185

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T10:29:30.201841+00:00	Debian Importer	Fixing	VCID-9rm3-u7dy-zuhu	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:20:53.600842+00:00	Debian Importer	Fixing	VCID-hfp7-jaxc-2khq	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:48:18.049014+00:00	Debian Importer	Fixing	VCID-vz6w-wghm-nqaq	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:07:51.317655+00:00	Debian Importer	Fixing	VCID-f2tn-1hq4-uffa	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:08:18.490332+00:00	Debian Importer	Fixing	VCID-vz6w-wghm-nqaq	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:04:53.443661+00:00	Debian Importer	Fixing	VCID-9rm3-u7dy-zuhu	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:58:05.075295+00:00	Debian Importer	Fixing	VCID-hfp7-jaxc-2khq	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:51:24.029270+00:00	Debian Importer	Fixing	VCID-f2tn-1hq4-uffa	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:54:58.073591+00:00	Debian Importer	Fixing	VCID-vz6w-wghm-nqaq	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:54:58.010719+00:00	Debian Importer	Fixing	VCID-hfp7-jaxc-2khq	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:54:57.947119+00:00	Debian Importer	Fixing	VCID-9rm3-u7dy-zuhu	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:54:57.881146+00:00	Debian Importer	Fixing	VCID-f2tn-1hq4-uffa	https://security-tracker.debian.org/tracker/data/json	38.1.0