VulnerableCode Package Details - pkg:rpm/redhat/thunderbird@140.3.0-1?arch=el8_4

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:rpm/redhat/thunderbird@140.3.0-1?arch=el8_4

Essentials
History (7)

purl	pkg:rpm/redhat/thunderbird@140.3.0-1?arch=el8_4

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	4.0

Vulnerabilities affecting this package (7)

Vulnerability	Summary	Fixed by
VCID-3qfb-sxha-v3cw Aliases: CVE-2025-10529	Same-origin policy bypass in the Layout component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.	There are no reported fixed by versions.
VCID-66z1-8zeg-9qh1 Aliases: CVE-2025-10528	Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.	There are no reported fixed by versions.
VCID-93au-w2zh-3yhg Aliases: CVE-2025-10533	Integer overflow in the SVG component. This vulnerability affects Firefox < 143, Firefox ESR < 115.28, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.	There are no reported fixed by versions.
VCID-c6rx-p235-9bdz Aliases: CVE-2025-10537	Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.	There are no reported fixed by versions.
VCID-ddwf-z514-hbbj Aliases: CVE-2025-10536	Information disclosure in the Networking: Cache component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.	There are no reported fixed by versions.
VCID-rg63-avu7-2bdc Aliases: CVE-2025-10527	Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.	There are no reported fixed by versions.
VCID-ruc1-kmaz-fkbb Aliases: CVE-2025-10532	Incorrect boundary conditions in the JavaScript: GC component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T13:36:49.925500+00:00	RedHat Importer	Affected by	VCID-93au-w2zh-3yhg	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10533.json	38.0.0
2026-04-01T13:36:49.080132+00:00	RedHat Importer	Affected by	VCID-3qfb-sxha-v3cw	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10529.json	38.0.0
2026-04-01T13:36:48.225047+00:00	RedHat Importer	Affected by	VCID-66z1-8zeg-9qh1	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10528.json	38.0.0
2026-04-01T13:36:47.391510+00:00	RedHat Importer	Affected by	VCID-rg63-avu7-2bdc	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10527.json	38.0.0
2026-04-01T13:36:46.607847+00:00	RedHat Importer	Affected by	VCID-ddwf-z514-hbbj	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10536.json	38.0.0
2026-04-01T13:36:45.809769+00:00	RedHat Importer	Affected by	VCID-ruc1-kmaz-fkbb	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10532.json	38.0.0
2026-04-01T13:36:44.961216+00:00	RedHat Importer	Affected by	VCID-c6rx-p235-9bdz	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10537.json	38.0.0