VulnerableCode Package Details - pkg:rpm/redhat/thunderbird@140.5.0-1?arch=el9_4

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:rpm/redhat/thunderbird@140.5.0-1?arch=el9_4

Essentials
History (9)

purl	pkg:rpm/redhat/thunderbird@140.5.0-1?arch=el9_4

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	4.0

Vulnerabilities affecting this package (9)

Vulnerability	Summary	Fixed by
VCID-4bw1-v6ze-kbds Aliases: CVE-2025-13018	Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.	There are no reported fixed by versions.
VCID-4kd3-95cm-g3fc Aliases: CVE-2025-13019	Same-origin policy bypass in the DOM: Workers component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.	There are no reported fixed by versions.
VCID-962a-dwqf-3ycg Aliases: CVE-2025-13016	Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.	There are no reported fixed by versions.
VCID-dgwm-n1zx-qkbq Aliases: CVE-2025-13012	Race condition in the Graphics component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5.	There are no reported fixed by versions.
VCID-e7jk-vs8y-fyhr Aliases: CVE-2025-13020	Use-after-free in the WebRTC: Audio/Video component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.	There are no reported fixed by versions.
VCID-kdwy-7p45-hbcs Aliases: CVE-2025-13015	Spoofing issue in Firefox. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5.	There are no reported fixed by versions.
VCID-qgvy-hzsx-hkge Aliases: CVE-2025-13014	Use-after-free in the Audio/Video component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5.	There are no reported fixed by versions.
VCID-ukut-zyjx-93gq Aliases: CVE-2025-13013	Mitigation bypass in the DOM: Core & HTML component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5.	There are no reported fixed by versions.
VCID-wz6r-xzm9-m7hp Aliases: CVE-2025-13017	Same-origin policy bypass in the DOM: Notifications component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T13:35:14.624144+00:00	RedHat Importer	Affected by	VCID-ukut-zyjx-93gq	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13013.json	38.0.0
2026-04-01T13:35:13.468949+00:00	RedHat Importer	Affected by	VCID-dgwm-n1zx-qkbq	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13012.json	38.0.0
2026-04-01T13:35:12.336622+00:00	RedHat Importer	Affected by	VCID-kdwy-7p45-hbcs	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13015.json	38.0.0
2026-04-01T13:35:11.235724+00:00	RedHat Importer	Affected by	VCID-qgvy-hzsx-hkge	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13014.json	38.0.0
2026-04-01T13:35:10.055622+00:00	RedHat Importer	Affected by	VCID-962a-dwqf-3ycg	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13016.json	38.0.0
2026-04-01T13:35:08.828597+00:00	RedHat Importer	Affected by	VCID-wz6r-xzm9-m7hp	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13017.json	38.0.0
2026-04-01T13:35:07.632719+00:00	RedHat Importer	Affected by	VCID-4kd3-95cm-g3fc	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13019.json	38.0.0
2026-04-01T13:35:06.540018+00:00	RedHat Importer	Affected by	VCID-4bw1-v6ze-kbds	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13018.json	38.0.0
2026-04-01T13:35:05.386614+00:00	RedHat Importer	Affected by	VCID-e7jk-vs8y-fyhr	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13020.json	38.0.0