Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/thunderbird@1:140.7.0esr-1?distro=trixie
purl pkg:deb/debian/thunderbird@1:140.7.0esr-1?distro=trixie
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (13)
Vulnerability Summary Aliases
VCID-6cx1-8t9m-u3av Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. CVE-2026-0886
VCID-8u4y-zrhv-8fe9 Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. CVE-2026-0887
VCID-a98z-hwzc-wkcj Use-after-free in the IPC component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. CVE-2026-0882
VCID-deth-9krh-kufj Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. CVE-2026-0890
VCID-h2gc-zk2a-1fg6 Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. CVE-2026-0884
VCID-jybh-8px4-pqau Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. CVE-2026-0885
VCID-kk2m-2mxz-sbex Spoofing issue in the Downloads Panel component. This vulnerability affects Firefox < 146, Thunderbird < 146, Firefox ESR < 140.7, and Thunderbird < 140.7. CVE-2025-14327
VCID-ndd4-kd1y-z7ep Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. CVE-2026-0878
VCID-nkpq-9gd6-nuc4 Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. CVE-2026-0891
VCID-pemg-ndu8-wbbc Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. CVE-2026-0879
VCID-qm8f-f8nr-qba9 Sandbox escape due to integer overflow in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. CVE-2026-0880
VCID-t2c3-smqc-zkba Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. CVE-2026-0877
VCID-zdxh-fp2e-47dd Information disclosure in the Networking component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. CVE-2026-0883

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T12:17:24.871073+00:00 Debian Importer Fixing VCID-nkpq-9gd6-nuc4 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:09:38.501028+00:00 Debian Importer Fixing VCID-kk2m-2mxz-sbex https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:55:33.705159+00:00 Debian Importer Fixing VCID-a98z-hwzc-wkcj https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:37:11.865746+00:00 Debian Importer Fixing VCID-ndd4-kd1y-z7ep https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:29:18.183491+00:00 Debian Importer Fixing VCID-jybh-8px4-pqau https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:09:47.044463+00:00 Debian Importer Fixing VCID-deth-9krh-kufj https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:03:53.135743+00:00 Debian Importer Fixing VCID-h2gc-zk2a-1fg6 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:36:47.425164+00:00 Debian Importer Fixing VCID-t2c3-smqc-zkba https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:29:55.110137+00:00 Debian Importer Fixing VCID-qm8f-f8nr-qba9 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:26:29.704841+00:00 Debian Importer Fixing VCID-6cx1-8t9m-u3av https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:21:59.952479+00:00 Debian Importer Fixing VCID-zdxh-fp2e-47dd https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:20:51.016351+00:00 Debian Importer Fixing VCID-8u4y-zrhv-8fe9 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T08:37:53.281812+00:00 Debian Importer Fixing VCID-pemg-ndu8-wbbc https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-13T09:16:17.267490+00:00 Debian Importer Fixing VCID-jybh-8px4-pqau https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T09:07:21.167389+00:00 Debian Importer Fixing VCID-ndd4-kd1y-z7ep https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T09:04:39.677061+00:00 Debian Importer Fixing VCID-t2c3-smqc-zkba https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:53:51.733751+00:00 Debian Importer Fixing VCID-kk2m-2mxz-sbex https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:24:18.312848+00:00 Debian Importer Fixing VCID-nkpq-9gd6-nuc4 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:52:04.405538+00:00 Debian Importer Fixing VCID-deth-9krh-kufj https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:24:25.272395+00:00 Debian Importer Fixing VCID-a98z-hwzc-wkcj https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:16:17.578713+00:00 Debian Importer Fixing VCID-6cx1-8t9m-u3av https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:02:03.177712+00:00 Debian Importer Fixing VCID-8u4y-zrhv-8fe9 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T06:45:08.234174+00:00 Debian Importer Fixing VCID-h2gc-zk2a-1fg6 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:20:04.685365+00:00 Debian Importer Fixing VCID-qm8f-f8nr-qba9 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:15:21.695947+00:00 Debian Importer Fixing VCID-zdxh-fp2e-47dd https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T17:48:17.443119+00:00 Debian Importer Fixing VCID-pemg-ndu8-wbbc https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-03T07:54:58.918789+00:00 Debian Importer Fixing VCID-nkpq-9gd6-nuc4 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:54:58.855587+00:00 Debian Importer Fixing VCID-deth-9krh-kufj https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:54:58.792773+00:00 Debian Importer Fixing VCID-8u4y-zrhv-8fe9 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:54:58.729981+00:00 Debian Importer Fixing VCID-6cx1-8t9m-u3av https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:54:58.667408+00:00 Debian Importer Fixing VCID-jybh-8px4-pqau https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:54:58.605140+00:00 Debian Importer Fixing VCID-h2gc-zk2a-1fg6 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:54:58.543686+00:00 Debian Importer Fixing VCID-zdxh-fp2e-47dd https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:54:58.482338+00:00 Debian Importer Fixing VCID-a98z-hwzc-wkcj https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:54:58.419386+00:00 Debian Importer Fixing VCID-qm8f-f8nr-qba9 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:54:58.357557+00:00 Debian Importer Fixing VCID-pemg-ndu8-wbbc https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:54:58.294559+00:00 Debian Importer Fixing VCID-ndd4-kd1y-z7ep https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:54:58.231750+00:00 Debian Importer Fixing VCID-t2c3-smqc-zkba https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:54:54.656667+00:00 Debian Importer Fixing VCID-kk2m-2mxz-sbex https://security-tracker.debian.org/tracker/data/json 38.1.0