VulnerableCode Package Details - pkg:rpm/redhat/thunderbird@128.3.0-1?arch=el8_4

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:rpm/redhat/thunderbird@128.3.0-1?arch=el8_4

Essentials
History (11)

purl	pkg:rpm/redhat/thunderbird@128.3.0-1?arch=el8_4

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	4.4

Vulnerabilities affecting this package (11)

Vulnerability	Summary	Fixed by
VCID-1z5d-4wfm-8yfk Aliases: CVE-2024-9396	Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.	There are no reported fixed by versions.
VCID-7wvh-upas-2bgh Aliases: CVE-2024-9394	An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin. This could allow them to access cross-origin JSON content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions.	There are no reported fixed by versions.
VCID-9caj-c15z-xuf5 Aliases: CVE-2024-9403	Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.	There are no reported fixed by versions.
VCID-bsnh-1chq-z7ae Aliases: CVE-2024-9400	Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.	There are no reported fixed by versions.
VCID-jebk-6hja-ukfc Aliases: CVE-2024-9402	Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.	There are no reported fixed by versions.
VCID-k3ec-bt9r-pkhg Aliases: CVE-2024-9397	Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.	There are no reported fixed by versions.
VCID-ka9e-ps8e-ryc8 Aliases: CVE-2024-9392	Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.	There are no reported fixed by versions.
VCID-kpun-mgtm-5uhd Aliases: CVE-2024-9399	Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.	There are no reported fixed by versions.
VCID-kx3j-abfc-qfh2 Aliases: CVE-2024-9393	An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin. This could allow them to access cross-origin PDF content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions.	There are no reported fixed by versions.
VCID-pmkt-c3bw-zkhz Aliases: CVE-2024-9398	By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed.	There are no reported fixed by versions.
VCID-z6yt-va55-s3ey Aliases: CVE-2024-9401	Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T13:44:57.894254+00:00	RedHat Importer	Affected by	VCID-ka9e-ps8e-ryc8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9392.json	38.0.0
2026-04-01T13:44:57.281887+00:00	RedHat Importer	Affected by	VCID-7wvh-upas-2bgh	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9394.json	38.0.0
2026-04-01T13:44:56.709762+00:00	RedHat Importer	Affected by	VCID-kx3j-abfc-qfh2	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9393.json	38.0.0
2026-04-01T13:44:56.187444+00:00	RedHat Importer	Affected by	VCID-1z5d-4wfm-8yfk	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9396.json	38.0.0
2026-04-01T13:44:55.664001+00:00	RedHat Importer	Affected by	VCID-bsnh-1chq-z7ae	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9400.json	38.0.0
2026-04-01T13:44:55.105809+00:00	RedHat Importer	Affected by	VCID-pmkt-c3bw-zkhz	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9398.json	38.0.0
2026-04-01T13:44:54.585863+00:00	RedHat Importer	Affected by	VCID-k3ec-bt9r-pkhg	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9397.json	38.0.0
2026-04-01T13:44:54.066397+00:00	RedHat Importer	Affected by	VCID-kpun-mgtm-5uhd	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9399.json	38.0.0
2026-04-01T13:44:53.499034+00:00	RedHat Importer	Affected by	VCID-jebk-6hja-ukfc	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9402.json	38.0.0
2026-04-01T13:44:52.927099+00:00	RedHat Importer	Affected by	VCID-z6yt-va55-s3ey	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9401.json	38.0.0
2026-04-01T13:44:52.406627+00:00	RedHat Importer	Affected by	VCID-9caj-c15z-xuf5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9403.json	38.0.0