VulnerableCode Package Details - pkg:deb/debian/thunderbird@1:128.6.0esr-1~deb11u1?distro=trixie

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/thunderbird@1:128.6.0esr-1~deb11u1?distro=trixie

Essentials
History (24)

purl	pkg:deb/debian/thunderbird@1:128.6.0esr-1~deb11u1?distro=trixie

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (8)

Vulnerability	Summary	Aliases
VCID-4zjw-4gjw-pqh1	Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution.	CVE-2025-0242
VCID-6szy-r2cd-9kfw	matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal ### Summary matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the client's homeserver. ### Details The Matrix specification demands homeservers to [perform validation](https://spec.matrix.org/v1.12/client-server-api/#security-considerations-5) of the `server-name` and `media-id` components of MXC URIs with the intent to prevent path traversal. However, it is not mentioned that a similar check must also be performed on the client to prevent client-side path traversal. matrix-js-sdk fails to perform this validation. ### Patches Fixed in matrix-js-sdk 34.11.1. ### Workarounds None. ### References - https://spec.matrix.org/v1.12/client-server-api/#security-considerations-5 - https://blog.doyensec.com/2024/07/02/cspt2csrf.html	CVE-2024-50336 GHSA-xvg8-m4x3-w6xr
VCID-f1zm-g4es-vfbz	Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution.	CVE-2025-0239
VCID-j5k8-ztxb-uffb	Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution.	CVE-2025-0238
VCID-qtcm-9z3v-dydn	Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution.	CVE-2025-0241
VCID-r7ss-g876-c7fg	Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution.	CVE-2025-0237
VCID-tgpf-32kg-rqc2	Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution.	CVE-2025-0240
VCID-ukf2-qcjg-u7bg	Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution.	CVE-2025-0243

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T11:21:42.841540+00:00	Debian Importer	Fixing	VCID-f1zm-g4es-vfbz	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:20:08.876262+00:00	Debian Importer	Fixing	VCID-j5k8-ztxb-uffb	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:18:24.349649+00:00	Debian Importer	Fixing	VCID-tgpf-32kg-rqc2	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:16:54.977938+00:00	Debian Importer	Fixing	VCID-6szy-r2cd-9kfw	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:11:45.423795+00:00	Debian Importer	Fixing	VCID-qtcm-9z3v-dydn	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:55:18.286880+00:00	Debian Importer	Fixing	VCID-r7ss-g876-c7fg	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:09:07.540366+00:00	Debian Importer	Fixing	VCID-ukf2-qcjg-u7bg	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:48:05.664984+00:00	Debian Importer	Fixing	VCID-4zjw-4gjw-pqh1	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T07:44:08.373575+00:00	Debian Importer	Fixing	VCID-f1zm-g4es-vfbz	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:42:54.279614+00:00	Debian Importer	Fixing	VCID-j5k8-ztxb-uffb	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:41:35.253851+00:00	Debian Importer	Fixing	VCID-tgpf-32kg-rqc2	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:23:57.207033+00:00	Debian Importer	Fixing	VCID-ukf2-qcjg-u7bg	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:55:03.635833+00:00	Debian Importer	Fixing	VCID-6szy-r2cd-9kfw	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:51:08.675316+00:00	Debian Importer	Fixing	VCID-qtcm-9z3v-dydn	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:38:26.126863+00:00	Debian Importer	Fixing	VCID-r7ss-g876-c7fg	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T17:54:49.076140+00:00	Debian Importer	Fixing	VCID-4zjw-4gjw-pqh1	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:54:52.262610+00:00	Debian Importer	Fixing	VCID-ukf2-qcjg-u7bg	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:54:52.207173+00:00	Debian Importer	Fixing	VCID-4zjw-4gjw-pqh1	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:54:52.151488+00:00	Debian Importer	Fixing	VCID-qtcm-9z3v-dydn	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:54:52.094557+00:00	Debian Importer	Fixing	VCID-tgpf-32kg-rqc2	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:54:52.039323+00:00	Debian Importer	Fixing	VCID-f1zm-g4es-vfbz	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:54:51.982655+00:00	Debian Importer	Fixing	VCID-j5k8-ztxb-uffb	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:54:51.926031+00:00	Debian Importer	Fixing	VCID-r7ss-g876-c7fg	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:54:49.718281+00:00	Debian Importer	Fixing	VCID-6szy-r2cd-9kfw	https://security-tracker.debian.org/tracker/data/json	38.1.0