Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:alpm/archlinux/thunderbird@78.8.0-1

Type alpm

Namespace archlinux

Name thunderbird

Version 78.8.0-1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 78.9.1-1

Latest_non_vulnerable_version 91.10-1

Affected_by_vulnerabilities

url VCID-egmy-hc3v-eyen

vulnerability_id VCID-egmy-hc3v-eyen

summary Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key import task. If the task runs into a failure, the secret key may remain in memory in its unprotected state.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29950.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29950.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-29950

reference_id

reference_type

scores

value	0.00131
scoring_system	epss
scoring_elements	0.32131
published_at	2026-06-04T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32203
published_at	2026-06-05T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32172
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-29950

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23981
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23981

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23982
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23982

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23984
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23984

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23987
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23987

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29950
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29950

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4127
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4127

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1951873
reference_id	1951873
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1951873

reference_url

https://security.archlinux.org/AVG-1845

reference_id

AVG-1845

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1845

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2021-17

reference_id

mfsa2021-17

reference_type

scores

value	none
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2021-17

reference_url	https://access.redhat.com/errata/RHSA-2021:1190
reference_id	RHSA-2021:1190
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1190

reference_url	https://access.redhat.com/errata/RHSA-2021:1192
reference_id	RHSA-2021:1192
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1192

reference_url	https://access.redhat.com/errata/RHSA-2021:1193
reference_id	RHSA-2021:1193
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1193

reference_url	https://access.redhat.com/errata/RHSA-2021:1201
reference_id	RHSA-2021:1201
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1201

reference_url	https://usn.ubuntu.com/4936-1/
reference_id	USN-4936-1
reference_type
scores
url	https://usn.ubuntu.com/4936-1/

fixed_packages

url pkg:alpm/archlinux/thunderbird@78.8.1-1

purl pkg:alpm/archlinux/thunderbird@78.8.1-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dvbc-un9c-dka7

vulnerability	VCID-mnc8-vfr4-s7a2

vulnerability	VCID-t42j-3sa7-dbdz

vulnerability	VCID-uqnd-w9j9-9yh7

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/thunderbird@78.8.1-1

aliases CVE-2021-29950

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-egmy-hc3v-eyen

Fixing_vulnerabilities

url VCID-72xt-c9m7-kqfj

vulnerability_id VCID-72xt-c9m7-kqfj

summary If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23968.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23968.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-23968

reference_id

reference_type

scores

value	0.00425
scoring_system	epss
scoring_elements	0.62624
published_at	2026-06-06T12:55:00Z

value	0.00425
scoring_system	epss
scoring_elements	0.6257
published_at	2026-06-04T12:55:00Z

value	0.00425
scoring_system	epss
scoring_elements	0.62615
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-23968

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23968
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23968

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23969
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23969

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23973
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23973

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23978
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23978

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1932110
reference_id	1932110
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1932110

reference_url

https://security.archlinux.org/AVG-1599

reference_id

AVG-1599

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1599

reference_url

https://security.archlinux.org/AVG-1601

reference_id

AVG-1601

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1601

reference_url	https://security.gentoo.org/glsa/202104-09
reference_id	GLSA-202104-09
reference_type
scores
url	https://security.gentoo.org/glsa/202104-09

reference_url	https://security.gentoo.org/glsa/202104-10
reference_id	GLSA-202104-10
reference_type
scores
url	https://security.gentoo.org/glsa/202104-10

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2021-07

reference_id

mfsa2021-07

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2021-07

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2021-08

reference_id

mfsa2021-08

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2021-08

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2021-09

reference_id

mfsa2021-09

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2021-09

reference_url	https://access.redhat.com/errata/RHSA-2021:0655
reference_id	RHSA-2021:0655
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0655

reference_url	https://access.redhat.com/errata/RHSA-2021:0656
reference_id	RHSA-2021:0656
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0656

reference_url	https://access.redhat.com/errata/RHSA-2021:0657
reference_id	RHSA-2021:0657
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0657

reference_url	https://access.redhat.com/errata/RHSA-2021:0658
reference_id	RHSA-2021:0658
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0658

reference_url	https://access.redhat.com/errata/RHSA-2021:0659
reference_id	RHSA-2021:0659
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0659

reference_url	https://access.redhat.com/errata/RHSA-2021:0660
reference_id	RHSA-2021:0660
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0660

reference_url	https://access.redhat.com/errata/RHSA-2021:0661
reference_id	RHSA-2021:0661
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0661

reference_url	https://access.redhat.com/errata/RHSA-2021:0662
reference_id	RHSA-2021:0662
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0662

reference_url	https://usn.ubuntu.com/4756-1/
reference_id	USN-4756-1
reference_type
scores
url	https://usn.ubuntu.com/4756-1/

reference_url	https://usn.ubuntu.com/4936-1/
reference_id	USN-4936-1
reference_type
scores
url	https://usn.ubuntu.com/4936-1/

fixed_packages

url pkg:alpm/archlinux/thunderbird@78.8.0-1

purl pkg:alpm/archlinux/thunderbird@78.8.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-egmy-hc3v-eyen

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/thunderbird@78.8.0-1

aliases CVE-2021-23968

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-72xt-c9m7-kqfj

url VCID-8kxd-bque-r3ed

vulnerability_id VCID-8kxd-bque-r3ed

summary Mozilla developers Alexis Beingessner, Tyson Smith, Nika Layzell, and Mats Palmgren reported memory safety bugs present in Thunderbird 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23978.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23978.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-23978

reference_id

reference_type

scores

value	0.01222
scoring_system	epss
scoring_elements	0.79472
published_at	2026-06-06T12:55:00Z

value	0.01222
scoring_system	epss
scoring_elements	0.7944
published_at	2026-06-04T12:55:00Z

value	0.01222
scoring_system	epss
scoring_elements	0.79467
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-23978

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23968
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23968

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23969
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23969

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23973
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23973

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23978
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23978

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1932112
reference_id	1932112
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1932112

reference_url

https://security.archlinux.org/AVG-1599

reference_id

AVG-1599

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1599

reference_url

https://security.archlinux.org/AVG-1601

reference_id

AVG-1601

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1601

reference_url	https://security.gentoo.org/glsa/202104-09
reference_id	GLSA-202104-09
reference_type
scores
url	https://security.gentoo.org/glsa/202104-09

reference_url	https://security.gentoo.org/glsa/202104-10
reference_id	GLSA-202104-10
reference_type
scores
url	https://security.gentoo.org/glsa/202104-10

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2021-07

reference_id

mfsa2021-07

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2021-07

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2021-08

reference_id

mfsa2021-08

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2021-08

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2021-09

reference_id

mfsa2021-09

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2021-09

reference_url	https://access.redhat.com/errata/RHSA-2021:0655
reference_id	RHSA-2021:0655
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0655

reference_url	https://access.redhat.com/errata/RHSA-2021:0656
reference_id	RHSA-2021:0656
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0656

reference_url	https://access.redhat.com/errata/RHSA-2021:0657
reference_id	RHSA-2021:0657
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0657

reference_url	https://access.redhat.com/errata/RHSA-2021:0658
reference_id	RHSA-2021:0658
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0658

reference_url	https://access.redhat.com/errata/RHSA-2021:0659
reference_id	RHSA-2021:0659
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0659

reference_url	https://access.redhat.com/errata/RHSA-2021:0660
reference_id	RHSA-2021:0660
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0660

reference_url	https://access.redhat.com/errata/RHSA-2021:0661
reference_id	RHSA-2021:0661
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0661

reference_url	https://access.redhat.com/errata/RHSA-2021:0662
reference_id	RHSA-2021:0662
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0662

reference_url	https://usn.ubuntu.com/4756-1/
reference_id	USN-4756-1
reference_type
scores
url	https://usn.ubuntu.com/4756-1/

reference_url	https://usn.ubuntu.com/4936-1/
reference_id	USN-4936-1
reference_type
scores
url	https://usn.ubuntu.com/4936-1/

fixed_packages

url pkg:alpm/archlinux/thunderbird@78.8.0-1

purl pkg:alpm/archlinux/thunderbird@78.8.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-egmy-hc3v-eyen

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/thunderbird@78.8.0-1

aliases CVE-2021-23978

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8kxd-bque-r3ed

url VCID-d36z-y6r2-r7a1

vulnerability_id VCID-d36z-y6r2-r7a1

summary When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23973.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23973.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-23973

reference_id

reference_type

scores

value	0.00845
scoring_system	epss
scoring_elements	0.75206
published_at	2026-06-06T12:55:00Z

value	0.00845
scoring_system	epss
scoring_elements	0.75173
published_at	2026-06-04T12:55:00Z

value	0.00845
scoring_system	epss
scoring_elements	0.75203
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-23973

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23968
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23968

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23969
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23969

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23973
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23973

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23978
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23978

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1932111
reference_id	1932111
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1932111

reference_url

https://security.archlinux.org/AVG-1599

reference_id

AVG-1599

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1599

reference_url

https://security.archlinux.org/AVG-1601

reference_id

AVG-1601

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1601

reference_url	https://security.gentoo.org/glsa/202104-09
reference_id	GLSA-202104-09
reference_type
scores
url	https://security.gentoo.org/glsa/202104-09

reference_url	https://security.gentoo.org/glsa/202104-10
reference_id	GLSA-202104-10
reference_type
scores
url	https://security.gentoo.org/glsa/202104-10

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2021-07

reference_id

mfsa2021-07

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2021-07

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2021-08

reference_id

mfsa2021-08

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2021-08

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2021-09

reference_id

mfsa2021-09

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2021-09

reference_url	https://access.redhat.com/errata/RHSA-2021:0655
reference_id	RHSA-2021:0655
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0655

reference_url	https://access.redhat.com/errata/RHSA-2021:0656
reference_id	RHSA-2021:0656
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0656

reference_url	https://access.redhat.com/errata/RHSA-2021:0657
reference_id	RHSA-2021:0657
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0657

reference_url	https://access.redhat.com/errata/RHSA-2021:0658
reference_id	RHSA-2021:0658
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0658

reference_url	https://access.redhat.com/errata/RHSA-2021:0659
reference_id	RHSA-2021:0659
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0659

reference_url	https://access.redhat.com/errata/RHSA-2021:0660
reference_id	RHSA-2021:0660
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0660

reference_url	https://access.redhat.com/errata/RHSA-2021:0661
reference_id	RHSA-2021:0661
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0661

reference_url	https://access.redhat.com/errata/RHSA-2021:0662
reference_id	RHSA-2021:0662
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0662

reference_url	https://usn.ubuntu.com/4756-1/
reference_id	USN-4756-1
reference_type
scores
url	https://usn.ubuntu.com/4756-1/

reference_url	https://usn.ubuntu.com/4936-1/
reference_id	USN-4936-1
reference_type
scores
url	https://usn.ubuntu.com/4936-1/

fixed_packages

url pkg:alpm/archlinux/thunderbird@78.8.0-1

purl pkg:alpm/archlinux/thunderbird@78.8.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-egmy-hc3v-eyen

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/thunderbird@78.8.0-1

aliases CVE-2021-23973

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d36z-y6r2-r7a1

url VCID-nq1q-218q-rbe4

vulnerability_id VCID-nq1q-218q-rbe4

summary As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage." Under certain types of redirects, Thunderbird incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination's origin.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23969.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23969.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-23969

reference_id

reference_type

scores

value	0.01203
scoring_system	epss
scoring_elements	0.79298
published_at	2026-06-06T12:55:00Z

value	0.01203
scoring_system	epss
scoring_elements	0.79266
published_at	2026-06-04T12:55:00Z

value	0.01203
scoring_system	epss
scoring_elements	0.79292
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-23969

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23968
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23968

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23969
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23969

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23973
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23973

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23978
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23978

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1932109
reference_id	1932109
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1932109

reference_url

https://security.archlinux.org/AVG-1599

reference_id

AVG-1599

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1599

reference_url

https://security.archlinux.org/AVG-1601

reference_id

AVG-1601

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1601

reference_url	https://security.gentoo.org/glsa/202104-09
reference_id	GLSA-202104-09
reference_type
scores
url	https://security.gentoo.org/glsa/202104-09

reference_url	https://security.gentoo.org/glsa/202104-10
reference_id	GLSA-202104-10
reference_type
scores
url	https://security.gentoo.org/glsa/202104-10

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2021-07

reference_id

mfsa2021-07

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2021-07

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2021-08

reference_id

mfsa2021-08

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2021-08

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2021-09

reference_id

mfsa2021-09

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2021-09

reference_url	https://access.redhat.com/errata/RHSA-2021:0655
reference_id	RHSA-2021:0655
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0655

reference_url	https://access.redhat.com/errata/RHSA-2021:0656
reference_id	RHSA-2021:0656
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0656

reference_url	https://access.redhat.com/errata/RHSA-2021:0657
reference_id	RHSA-2021:0657
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0657

reference_url	https://access.redhat.com/errata/RHSA-2021:0658
reference_id	RHSA-2021:0658
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0658

reference_url	https://access.redhat.com/errata/RHSA-2021:0659
reference_id	RHSA-2021:0659
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0659

reference_url	https://access.redhat.com/errata/RHSA-2021:0660
reference_id	RHSA-2021:0660
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0660

reference_url	https://access.redhat.com/errata/RHSA-2021:0661
reference_id	RHSA-2021:0661
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0661

reference_url	https://access.redhat.com/errata/RHSA-2021:0662
reference_id	RHSA-2021:0662
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0662

reference_url	https://usn.ubuntu.com/4756-1/
reference_id	USN-4756-1
reference_type
scores
url	https://usn.ubuntu.com/4756-1/

reference_url	https://usn.ubuntu.com/4936-1/
reference_id	USN-4936-1
reference_type
scores
url	https://usn.ubuntu.com/4936-1/

fixed_packages

url pkg:alpm/archlinux/thunderbird@78.8.0-1

purl pkg:alpm/archlinux/thunderbird@78.8.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-egmy-hc3v-eyen

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/thunderbird@78.8.0-1

aliases CVE-2021-23969

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nq1q-218q-rbe4

Risk_score 3.4

Resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/thunderbird@78.8.0-1

Package Instance