VulnerableCode Package Details - pkg:deb/debian/thunderbird@1:128.6.0esr-1~deb12u1?distro=trixie

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/thunderbird@1:128.6.0esr-1~deb12u1?distro=trixie

Essentials
History (24)

purl	pkg:deb/debian/thunderbird@1:128.6.0esr-1~deb12u1?distro=trixie

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (8)

Vulnerability	Summary	Aliases
VCID-4zjw-4gjw-pqh1	Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution.	CVE-2025-0242
VCID-6szy-r2cd-9kfw	matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal ### Summary matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the client's homeserver. ### Details The Matrix specification demands homeservers to [perform validation](https://spec.matrix.org/v1.12/client-server-api/#security-considerations-5) of the `server-name` and `media-id` components of MXC URIs with the intent to prevent path traversal. However, it is not mentioned that a similar check must also be performed on the client to prevent client-side path traversal. matrix-js-sdk fails to perform this validation. ### Patches Fixed in matrix-js-sdk 34.11.1. ### Workarounds None. ### References - https://spec.matrix.org/v1.12/client-server-api/#security-considerations-5 - https://blog.doyensec.com/2024/07/02/cspt2csrf.html	CVE-2024-50336 GHSA-xvg8-m4x3-w6xr
VCID-f1zm-g4es-vfbz	Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution.	CVE-2025-0239
VCID-j5k8-ztxb-uffb	Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution.	CVE-2025-0238
VCID-qtcm-9z3v-dydn	Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution.	CVE-2025-0241
VCID-r7ss-g876-c7fg	Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution.	CVE-2025-0237
VCID-tgpf-32kg-rqc2	Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution.	CVE-2025-0240
VCID-ukf2-qcjg-u7bg	Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution.	CVE-2025-0243

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T11:21:42.846602+00:00	Debian Importer	Fixing	VCID-f1zm-g4es-vfbz	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:20:08.881140+00:00	Debian Importer	Fixing	VCID-j5k8-ztxb-uffb	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:18:24.354725+00:00	Debian Importer	Fixing	VCID-tgpf-32kg-rqc2	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:16:54.983175+00:00	Debian Importer	Fixing	VCID-6szy-r2cd-9kfw	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:11:45.428038+00:00	Debian Importer	Fixing	VCID-qtcm-9z3v-dydn	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:55:18.291767+00:00	Debian Importer	Fixing	VCID-r7ss-g876-c7fg	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:09:07.545782+00:00	Debian Importer	Fixing	VCID-ukf2-qcjg-u7bg	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:48:05.667497+00:00	Debian Importer	Fixing	VCID-4zjw-4gjw-pqh1	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T07:44:08.379478+00:00	Debian Importer	Fixing	VCID-f1zm-g4es-vfbz	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:42:54.284903+00:00	Debian Importer	Fixing	VCID-j5k8-ztxb-uffb	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:41:35.259162+00:00	Debian Importer	Fixing	VCID-tgpf-32kg-rqc2	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:23:57.212723+00:00	Debian Importer	Fixing	VCID-ukf2-qcjg-u7bg	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:55:03.640866+00:00	Debian Importer	Fixing	VCID-6szy-r2cd-9kfw	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:51:08.680502+00:00	Debian Importer	Fixing	VCID-qtcm-9z3v-dydn	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:38:26.132259+00:00	Debian Importer	Fixing	VCID-r7ss-g876-c7fg	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T17:54:49.081462+00:00	Debian Importer	Fixing	VCID-4zjw-4gjw-pqh1	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:54:52.248934+00:00	Debian Importer	Fixing	VCID-ukf2-qcjg-u7bg	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:54:52.193464+00:00	Debian Importer	Fixing	VCID-4zjw-4gjw-pqh1	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:54:52.137643+00:00	Debian Importer	Fixing	VCID-qtcm-9z3v-dydn	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:54:52.080472+00:00	Debian Importer	Fixing	VCID-tgpf-32kg-rqc2	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:54:52.025486+00:00	Debian Importer	Fixing	VCID-f1zm-g4es-vfbz	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:54:51.969020+00:00	Debian Importer	Fixing	VCID-j5k8-ztxb-uffb	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:54:51.911986+00:00	Debian Importer	Fixing	VCID-r7ss-g876-c7fg	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:54:49.703758+00:00	Debian Importer	Fixing	VCID-6szy-r2cd-9kfw	https://security-tracker.debian.org/tracker/data/json	38.1.0