VulnerableCode Package Details - pkg:deb/debian/thunderbird@1:91.2.1-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-2k99-39yt-gkbe	During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash.	CVE-2021-38496
VCID-6fkp-5fzu-fydp	Mozilla developers and community members Andreas Pehrson and Christian Holler reported memory safety bugs present in Thunderbird 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.	CVE-2021-38500
VCID-zwz9-pt55-t3c6	Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was configured, the MITM could obtain the authentication credentials, too.	CVE-2021-38502

Vulnerability

Summary

Aliases

VCID-2k99-39yt-gkbe

During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash.

CVE-2021-38496

VCID-6fkp-5fzu-fydp

Mozilla developers and community members Andreas Pehrson and Christian Holler reported memory safety bugs present in Thunderbird 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

CVE-2021-38500

VCID-zwz9-pt55-t3c6

Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was configured, the MITM could obtain the authentication credentials, too.

CVE-2021-38502

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T13:19:19.282214+00:00	Debian Importer	Fixing	VCID-2k99-39yt-gkbe	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:55:32.898397+00:00	Debian Importer	Fixing	VCID-6fkp-5fzu-fydp	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:32:58.267535+00:00	Debian Importer	Fixing	VCID-zwz9-pt55-t3c6	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T09:10:45.965580+00:00	Debian Importer	Fixing	VCID-2k99-39yt-gkbe	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:38:37.839993+00:00	Debian Importer	Fixing	VCID-6fkp-5fzu-fydp	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:21:56.389670+00:00	Debian Importer	Fixing	VCID-zwz9-pt55-t3c6	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:54:33.307984+00:00	Debian Importer	Fixing	VCID-zwz9-pt55-t3c6	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:54:33.213172+00:00	Debian Importer	Fixing	VCID-6fkp-5fzu-fydp	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:54:33.079389+00:00	Debian Importer	Fixing	VCID-2k99-39yt-gkbe	https://security-tracker.debian.org/tracker/data/json	38.1.0