VulnerableCode Package Details - pkg:rpm/redhat/thunderbird@91.3.0-2?arch=el8_4

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:rpm/redhat/thunderbird@91.3.0-2?arch=el8_4

Essentials
History (9)

purl	pkg:rpm/redhat/thunderbird@91.3.0-2?arch=el8_4

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	4.5

Vulnerabilities affecting this package (9)

Vulnerability	Summary	Fixed by
VCID-1ryc-yvxd-93e2 Aliases: CVE-2021-43529	Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.	There are no reported fixed by versions.
VCID-b8c2-qrxm-sybt Aliases: CVE-2021-38508	Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.	There are no reported fixed by versions.
VCID-b911-qnc2-x3aj Aliases: CVE-2021-38509	Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.	There are no reported fixed by versions.
VCID-c51s-yenc-4yab Aliases: CVE-2021-38504	Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.	There are no reported fixed by versions.
VCID-ddem-1dt1-uff7 Aliases: CVE-2021-38503	Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.	There are no reported fixed by versions.
VCID-jy6e-d578-nkcg Aliases: CVE-2021-38507	Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.	There are no reported fixed by versions.
VCID-k4e4-363e-xyff Aliases: CVE-2021-43534	Mozilla developers and community members Christian Holler, Valentin Gosu, and Andrew McCreight reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.	There are no reported fixed by versions.
VCID-khsw-jwtm-8faq Aliases: CVE-2021-43535	A use-after-free could have occurred when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash.	There are no reported fixed by versions.
VCID-n4kc-y37w-qkdk Aliases: CVE-2021-38506	Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:01:06.868045+00:00	RedHat Importer	Affected by	VCID-k4e4-363e-xyff	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43534.json	38.0.0
2026-04-01T14:01:06.658536+00:00	RedHat Importer	Affected by	VCID-b911-qnc2-x3aj	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38509.json	38.0.0
2026-04-01T14:01:06.467727+00:00	RedHat Importer	Affected by	VCID-b8c2-qrxm-sybt	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38508.json	38.0.0
2026-04-01T14:01:06.276420+00:00	RedHat Importer	Affected by	VCID-khsw-jwtm-8faq	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43535.json	38.0.0
2026-04-01T14:01:06.078064+00:00	RedHat Importer	Affected by	VCID-jy6e-d578-nkcg	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38507.json	38.0.0
2026-04-01T14:01:05.876790+00:00	RedHat Importer	Affected by	VCID-n4kc-y37w-qkdk	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38506.json	38.0.0
2026-04-01T14:01:05.639191+00:00	RedHat Importer	Affected by	VCID-c51s-yenc-4yab	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38504.json	38.0.0
2026-04-01T14:01:05.431481+00:00	RedHat Importer	Affected by	VCID-ddem-1dt1-uff7	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38503.json	38.0.0
2026-04-01T14:01:00.107090+00:00	RedHat Importer	Affected by	VCID-1ryc-yvxd-93e2	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43529.json	38.0.0