Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/thunderbird@1:128.3.0esr-1?distro=trixie
purl pkg:deb/debian/thunderbird@1:128.3.0esr-1?distro=trixie
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (11)
Vulnerability Summary Aliases
VCID-1z5d-4wfm-8yfk Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. CVE-2024-9396
VCID-7wvh-upas-2bgh An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin. This could allow them to access cross-origin JSON content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. CVE-2024-9394
VCID-b6ug-rdyx-4uaw Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. CVE-2024-8900
VCID-bsnh-1chq-z7ae Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. CVE-2024-9400
VCID-jebk-6hja-ukfc Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. CVE-2024-9402
VCID-k3ec-bt9r-pkhg Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. CVE-2024-9397
VCID-ka9e-ps8e-ryc8 Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. CVE-2024-9392
VCID-kpun-mgtm-5uhd Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. CVE-2024-9399
VCID-kx3j-abfc-qfh2 An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin. This could allow them to access cross-origin PDF content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. CVE-2024-9393
VCID-pmkt-c3bw-zkhz By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed. CVE-2024-9398
VCID-z6yt-va55-s3ey Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. CVE-2024-9401

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T13:24:09.101208+00:00 Debian Importer Fixing VCID-k3ec-bt9r-pkhg https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T13:14:31.631428+00:00 Debian Importer Fixing VCID-7wvh-upas-2bgh https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:29:38.828906+00:00 Debian Importer Fixing VCID-b6ug-rdyx-4uaw https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:25:04.187746+00:00 Debian Importer Fixing VCID-jebk-6hja-ukfc https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:17:57.307045+00:00 Debian Importer Fixing VCID-kx3j-abfc-qfh2 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:42:39.111583+00:00 Debian Importer Fixing VCID-bsnh-1chq-z7ae https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:25:24.854030+00:00 Debian Importer Fixing VCID-1z5d-4wfm-8yfk https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:12:28.114380+00:00 Debian Importer Fixing VCID-ka9e-ps8e-ryc8 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:11:56.642006+00:00 Debian Importer Fixing VCID-pmkt-c3bw-zkhz https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:52:15.496162+00:00 Debian Importer Fixing VCID-kpun-mgtm-5uhd https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:26:45.056279+00:00 Debian Importer Fixing VCID-z6yt-va55-s3ey https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-13T09:14:37.250233+00:00 Debian Importer Fixing VCID-k3ec-bt9r-pkhg https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T09:07:04.042179+00:00 Debian Importer Fixing VCID-7wvh-upas-2bgh https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:33:13.739266+00:00 Debian Importer Fixing VCID-b6ug-rdyx-4uaw https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:29:58.352418+00:00 Debian Importer Fixing VCID-jebk-6hja-ukfc https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:24:42.549007+00:00 Debian Importer Fixing VCID-kx3j-abfc-qfh2 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:14:40.540894+00:00 Debian Importer Fixing VCID-bsnh-1chq-z7ae https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:01:48.404421+00:00 Debian Importer Fixing VCID-1z5d-4wfm-8yfk https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T06:51:44.725558+00:00 Debian Importer Fixing VCID-ka9e-ps8e-ryc8 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T06:51:17.948310+00:00 Debian Importer Fixing VCID-pmkt-c3bw-zkhz https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T06:36:03.440344+00:00 Debian Importer Fixing VCID-kpun-mgtm-5uhd https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:18:08.172094+00:00 Debian Importer Fixing VCID-z6yt-va55-s3ey https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-03T07:54:51.815808+00:00 Debian Importer Fixing VCID-jebk-6hja-ukfc https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:54:51.763988+00:00 Debian Importer Fixing VCID-z6yt-va55-s3ey https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:54:51.707831+00:00 Debian Importer Fixing VCID-bsnh-1chq-z7ae https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:54:51.658924+00:00 Debian Importer Fixing VCID-kpun-mgtm-5uhd https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:54:51.609954+00:00 Debian Importer Fixing VCID-pmkt-c3bw-zkhz https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:54:51.560214+00:00 Debian Importer Fixing VCID-k3ec-bt9r-pkhg https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:54:51.511369+00:00 Debian Importer Fixing VCID-1z5d-4wfm-8yfk https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:54:51.462807+00:00 Debian Importer Fixing VCID-7wvh-upas-2bgh https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:54:51.407976+00:00 Debian Importer Fixing VCID-kx3j-abfc-qfh2 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:54:51.352856+00:00 Debian Importer Fixing VCID-ka9e-ps8e-ryc8 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:54:51.295972+00:00 Debian Importer Fixing VCID-b6ug-rdyx-4uaw https://security-tracker.debian.org/tracker/data/json 38.1.0