Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/thunderbird@102.10.0-2?arch=el9_0
purl pkg:rpm/redhat/thunderbird@102.10.0-2?arch=el9_0
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.0
Vulnerabilities affecting this package (12)
Vulnerability Summary Fixed by
VCID-5hzf-gdbj-8ud8
Aliases:
CVE-2023-1999
Double Free There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free. There are no reported fixed by versions.
VCID-73wu-d7y3-7bge
Aliases:
CVE-2023-1945
Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. There are no reported fixed by versions.
VCID-7b8k-mgs3-cud5
Aliases:
CVE-2023-29550
Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. There are no reported fixed by versions.
VCID-a8gt-y9j7-zuhs
Aliases:
CVE-2023-29548
Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. There are no reported fixed by versions.
VCID-as8g-vnyj-u7hk
Aliases:
CVE-2023-29539
Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. There are no reported fixed by versions.
VCID-bc7q-srps-sfd7
Aliases:
CVE-2023-29541
Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. There are no reported fixed by versions.
VCID-eu3v-wzxr-pbd3
Aliases:
CVE-2023-29479
Certain malformed OpenPGP messages could trigger incorrect parsing of PKESK/SKESK packets due to a bug in the Ribose RNP library used by Thunderbird up to version 102.9.1, which would cause the Thunderbird user interface to hang. The issue was discovered using Google's oss-fuzz. There are no reported fixed by versions.
VCID-fs3v-8fsn-uygj
Aliases:
CVE-2023-28427
GHSA-mwq8-fjpf-c2gr
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data presented to the consumer. This vulnerability is distinct from GHSA-rfv9-x7hh-xc32 which covers a similar issue. The issue has been patched in matrix-js-sdk 24.0.0 and users are advised to upgrade. There are no known workarounds for this vulnerability. There are no reported fixed by versions.
VCID-j6c3-817n-zydj
Aliases:
CVE-2023-0547
OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug. There are no reported fixed by versions.
VCID-w814-2cmz-ruhz
Aliases:
CVE-2023-29535
Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. There are no reported fixed by versions.
VCID-yhj1-h62u-mud5
Aliases:
CVE-2023-29533
Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. There are no reported fixed by versions.
VCID-yjyu-u73t-u7bh
Aliases:
CVE-2023-29536
Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T13:54:40.255929+00:00 RedHat Importer Affected by VCID-fs3v-8fsn-uygj https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28427.json 38.0.0
2026-04-01T13:54:31.061417+00:00 RedHat Importer Affected by VCID-eu3v-wzxr-pbd3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29479.json 38.0.0
2026-04-01T13:54:30.868022+00:00 RedHat Importer Affected by VCID-j6c3-817n-zydj https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0547.json 38.0.0
2026-04-01T13:54:30.282980+00:00 RedHat Importer Affected by VCID-7b8k-mgs3-cud5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29550.json 38.0.0
2026-04-01T13:54:29.703364+00:00 RedHat Importer Affected by VCID-a8gt-y9j7-zuhs https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29548.json 38.0.0
2026-04-01T13:54:29.170189+00:00 RedHat Importer Affected by VCID-73wu-d7y3-7bge https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1945.json 38.0.0
2026-04-01T13:54:28.563675+00:00 RedHat Importer Affected by VCID-bc7q-srps-sfd7 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29541.json 38.0.0
2026-04-01T13:54:28.034576+00:00 RedHat Importer Affected by VCID-as8g-vnyj-u7hk https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29539.json 38.0.0
2026-04-01T13:54:27.449033+00:00 RedHat Importer Affected by VCID-yjyu-u73t-u7bh https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29536.json 38.0.0
2026-04-01T13:54:26.917454+00:00 RedHat Importer Affected by VCID-w814-2cmz-ruhz https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29535.json 38.0.0
2026-04-01T13:54:25.882801+00:00 RedHat Importer Affected by VCID-5hzf-gdbj-8ud8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1999.json 38.0.0
2026-04-01T13:54:25.260762+00:00 RedHat Importer Affected by VCID-yhj1-h62u-mud5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29533.json 38.0.0