Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/thunderbird@1:91.2.1-1?distro=trixie

Type deb

Namespace debian

Name thunderbird

Version 1:91.2.1-1

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 1:91.3.0-1

Latest_non_vulnerable_version 1:140.10.2esr-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-2k99-39yt-gkbe

vulnerability_id VCID-2k99-39yt-gkbe

summary During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38496.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38496.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-38496

reference_id

reference_type

scores

value	0.0109
scoring_system	epss
scoring_elements	0.78124
published_at	2026-05-14T12:55:00Z

value	0.0109
scoring_system	epss
scoring_elements	0.77938
published_at	2026-04-12T12:55:00Z

value	0.0109
scoring_system	epss
scoring_elements	0.77937
published_at	2026-04-13T12:55:00Z

value	0.0109
scoring_system	epss
scoring_elements	0.77972
published_at	2026-04-16T12:55:00Z

value	0.0109
scoring_system	epss
scoring_elements	0.77971
published_at	2026-04-18T12:55:00Z

value	0.0109
scoring_system	epss
scoring_elements	0.77965
published_at	2026-04-21T12:55:00Z

value	0.0109
scoring_system	epss
scoring_elements	0.77998
published_at	2026-04-24T12:55:00Z

value	0.0109
scoring_system	epss
scoring_elements	0.78005
published_at	2026-04-26T12:55:00Z

value	0.0109
scoring_system	epss
scoring_elements	0.78018
published_at	2026-04-29T12:55:00Z

value	0.0109
scoring_system	epss
scoring_elements	0.78027
published_at	2026-05-05T12:55:00Z

value	0.0109
scoring_system	epss
scoring_elements	0.78055
published_at	2026-05-07T12:55:00Z

value	0.0109
scoring_system	epss
scoring_elements	0.78071
published_at	2026-05-09T12:55:00Z

value	0.0109
scoring_system	epss
scoring_elements	0.78063
published_at	2026-05-11T12:55:00Z

value	0.0109
scoring_system	epss
scoring_elements	0.7808
published_at	2026-05-12T12:55:00Z

value	0.0149
scoring_system	epss
scoring_elements	0.81076
published_at	2026-04-11T12:55:00Z

value	0.0149
scoring_system	epss
scoring_elements	0.81025
published_at	2026-04-04T12:55:00Z

value	0.0149
scoring_system	epss
scoring_elements	0.81023
published_at	2026-04-07T12:55:00Z

value	0.0149
scoring_system	epss
scoring_elements	0.81051
published_at	2026-04-08T12:55:00Z

value	0.0149
scoring_system	epss
scoring_elements	0.81058
published_at	2026-04-09T12:55:00Z

value	0.0149
scoring_system	epss
scoring_elements	0.80992
published_at	2026-04-01T12:55:00Z

value	0.0149
scoring_system	epss
scoring_elements	0.81001
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-38496

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2011097
reference_id	2011097
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2011097

reference_url

https://security.archlinux.org/AVG-2443

reference_id

AVG-2443

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2443

reference_url

https://security.archlinux.org/AVG-2459

reference_id

AVG-2459

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2459

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2021-43

reference_id

mfsa2021-43

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2021-43

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2021-44

reference_id

mfsa2021-44

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2021-44

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2021-45

reference_id

mfsa2021-45

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2021-45

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2021-47

reference_id

mfsa2021-47

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2021-47

reference_url	https://access.redhat.com/errata/RHSA-2021:3755
reference_id	RHSA-2021:3755
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3755

reference_url	https://access.redhat.com/errata/RHSA-2021:3756
reference_id	RHSA-2021:3756
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3756

reference_url	https://access.redhat.com/errata/RHSA-2021:3757
reference_id	RHSA-2021:3757
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3757

reference_url	https://access.redhat.com/errata/RHSA-2021:3791
reference_id	RHSA-2021:3791
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3791

reference_url	https://access.redhat.com/errata/RHSA-2021:3838
reference_id	RHSA-2021:3838
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3838

reference_url	https://access.redhat.com/errata/RHSA-2021:3839
reference_id	RHSA-2021:3839
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3839

reference_url	https://access.redhat.com/errata/RHSA-2021:3840
reference_id	RHSA-2021:3840
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3840

reference_url	https://access.redhat.com/errata/RHSA-2021:3841
reference_id	RHSA-2021:3841
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3841

reference_url	https://usn.ubuntu.com/5107-1/
reference_id	USN-5107-1
reference_type
scores
url	https://usn.ubuntu.com/5107-1/

reference_url	https://usn.ubuntu.com/5132-1/
reference_id	USN-5132-1
reference_type
scores
url	https://usn.ubuntu.com/5132-1/

reference_url	https://usn.ubuntu.com/5248-1/
reference_id	USN-5248-1
reference_type
scores
url	https://usn.ubuntu.com/5248-1/

fixed_packages

url	pkg:deb/debian/thunderbird@1:91.2.1-1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:91.2.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:91.2.1-1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:91.4.1-1~deb11u1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:91.4.1-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:91.4.1-1~deb11u1%3Fdistro=trixie

url pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie

purl pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2fqb-r5zb-a7dp

vulnerability	VCID-3a6f-173h-fqbz

vulnerability	VCID-3kv6-c148-nkhq

vulnerability	VCID-4e49-6tg2-e7d9

vulnerability	VCID-59d3-343b-e3aw

vulnerability	VCID-61r1-arbe-dke4

vulnerability	VCID-7jt2-zr49-7ye5

vulnerability	VCID-95et-ezmb-buau

vulnerability	VCID-9nbw-7c9e-13af

vulnerability	VCID-av7u-3g4m-mugm

vulnerability	VCID-bwth-uepr-z7a3

vulnerability	VCID-cjsm-7gxr-8ygw

vulnerability	VCID-d16s-p141-qbft

vulnerability	VCID-fxjm-ywug-f3d5

vulnerability	VCID-hk2m-rbdy-nqhc

vulnerability	VCID-ma29-qa7e-9qb4

vulnerability	VCID-nge1-4cvg-zqb2

vulnerability	VCID-nyum-jpbc-abew

vulnerability	VCID-p6yz-xs58-u3gm

vulnerability	VCID-pfmd-zv8f-8bfc

vulnerability	VCID-pszh-x9gd-xyg4

vulnerability	VCID-q689-wneh-hbdq

vulnerability	VCID-q8qp-5szp-mfe8

vulnerability	VCID-ruqn-mk9t-57hb

vulnerability	VCID-tv7r-qf2c-dqbm

vulnerability	VCID-ufku-v5vq-4yef

vulnerability	VCID-w98r-yagc-kkec

vulnerability	VCID-z6tm-b352-5uhk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie

url pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie

purl pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3a6f-173h-fqbz

vulnerability	VCID-4e49-6tg2-e7d9

vulnerability	VCID-pszh-x9gd-xyg4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie

purl pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3a6f-173h-fqbz

vulnerability	VCID-4e49-6tg2-e7d9

vulnerability	VCID-pszh-x9gd-xyg4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie

purl pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5dw5-vpt8-zqbz

vulnerability	VCID-9ag7-z86d-nba9

vulnerability	VCID-qbzp-euvv-q7c7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie

url pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie

purl pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2fqb-r5zb-a7dp

vulnerability	VCID-3kv6-c148-nkhq

vulnerability	VCID-59d3-343b-e3aw

vulnerability	VCID-61r1-arbe-dke4

vulnerability	VCID-7jt2-zr49-7ye5

vulnerability	VCID-95et-ezmb-buau

vulnerability	VCID-9nbw-7c9e-13af

vulnerability	VCID-av7u-3g4m-mugm

vulnerability	VCID-bwth-uepr-z7a3

vulnerability	VCID-cjsm-7gxr-8ygw

vulnerability	VCID-d16s-p141-qbft

vulnerability	VCID-fxjm-ywug-f3d5

vulnerability	VCID-hk2m-rbdy-nqhc

vulnerability	VCID-ma29-qa7e-9qb4

vulnerability	VCID-nge1-4cvg-zqb2

vulnerability	VCID-nyum-jpbc-abew

vulnerability	VCID-p6yz-xs58-u3gm

vulnerability	VCID-pfmd-zv8f-8bfc

vulnerability	VCID-q689-wneh-hbdq

vulnerability	VCID-q8qp-5szp-mfe8

vulnerability	VCID-ruqn-mk9t-57hb

vulnerability	VCID-tv7r-qf2c-dqbm

vulnerability	VCID-w98r-yagc-kkec

vulnerability	VCID-z6tm-b352-5uhk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie

url pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie

purl pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3a6f-173h-fqbz

vulnerability	VCID-4e49-6tg2-e7d9

vulnerability	VCID-pszh-x9gd-xyg4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie

aliases CVE-2021-38496

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2k99-39yt-gkbe

url VCID-6fkp-5fzu-fydp

vulnerability_id VCID-6fkp-5fzu-fydp

summary Mozilla developers and community members Andreas Pehrson and Christian Holler reported memory safety bugs present in Thunderbird 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38500.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38500.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-38500

reference_id

reference_type

scores

value	0.0109
scoring_system	epss
scoring_elements	0.78124
published_at	2026-05-14T12:55:00Z

value	0.0109
scoring_system	epss
scoring_elements	0.77938
published_at	2026-04-12T12:55:00Z

value	0.0109
scoring_system	epss
scoring_elements	0.77937
published_at	2026-04-13T12:55:00Z

value	0.0109
scoring_system	epss
scoring_elements	0.77972
published_at	2026-04-16T12:55:00Z

value	0.0109
scoring_system	epss
scoring_elements	0.77971
published_at	2026-04-18T12:55:00Z

value	0.0109
scoring_system	epss
scoring_elements	0.77965
published_at	2026-04-21T12:55:00Z

value	0.0109
scoring_system	epss
scoring_elements	0.77998
published_at	2026-04-24T12:55:00Z

value	0.0109
scoring_system	epss
scoring_elements	0.78005
published_at	2026-04-26T12:55:00Z

value	0.0109
scoring_system	epss
scoring_elements	0.78018
published_at	2026-04-29T12:55:00Z

value	0.0109
scoring_system	epss
scoring_elements	0.78027
published_at	2026-05-05T12:55:00Z

value	0.0109
scoring_system	epss
scoring_elements	0.78055
published_at	2026-05-07T12:55:00Z

value	0.0109
scoring_system	epss
scoring_elements	0.78071
published_at	2026-05-09T12:55:00Z

value	0.0109
scoring_system	epss
scoring_elements	0.78063
published_at	2026-05-11T12:55:00Z

value	0.0109
scoring_system	epss
scoring_elements	0.7808
published_at	2026-05-12T12:55:00Z

value	0.0149
scoring_system	epss
scoring_elements	0.81076
published_at	2026-04-11T12:55:00Z

value	0.0149
scoring_system	epss
scoring_elements	0.81025
published_at	2026-04-04T12:55:00Z

value	0.0149
scoring_system	epss
scoring_elements	0.81023
published_at	2026-04-07T12:55:00Z

value	0.0149
scoring_system	epss
scoring_elements	0.81051
published_at	2026-04-08T12:55:00Z

value	0.0149
scoring_system	epss
scoring_elements	0.81058
published_at	2026-04-09T12:55:00Z

value	0.0149
scoring_system	epss
scoring_elements	0.80992
published_at	2026-04-01T12:55:00Z

value	0.0149
scoring_system	epss
scoring_elements	0.81001
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-38500

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2011100
reference_id	2011100
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2011100

reference_url

https://security.archlinux.org/AVG-2443

reference_id

AVG-2443

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2443

reference_url

https://security.archlinux.org/AVG-2459

reference_id

AVG-2459

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2459

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2021-43

reference_id

mfsa2021-43

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2021-43

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2021-44

reference_id

mfsa2021-44

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2021-44

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2021-45

reference_id

mfsa2021-45

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2021-45

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2021-47

reference_id

mfsa2021-47

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2021-47

reference_url	https://access.redhat.com/errata/RHSA-2021:3755
reference_id	RHSA-2021:3755
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3755

reference_url	https://access.redhat.com/errata/RHSA-2021:3756
reference_id	RHSA-2021:3756
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3756

reference_url	https://access.redhat.com/errata/RHSA-2021:3757
reference_id	RHSA-2021:3757
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3757

reference_url	https://access.redhat.com/errata/RHSA-2021:3791
reference_id	RHSA-2021:3791
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3791

reference_url	https://access.redhat.com/errata/RHSA-2021:3838
reference_id	RHSA-2021:3838
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3838

reference_url	https://access.redhat.com/errata/RHSA-2021:3839
reference_id	RHSA-2021:3839
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3839

reference_url	https://access.redhat.com/errata/RHSA-2021:3840
reference_id	RHSA-2021:3840
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3840

reference_url	https://access.redhat.com/errata/RHSA-2021:3841
reference_id	RHSA-2021:3841
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3841

reference_url	https://usn.ubuntu.com/5107-1/
reference_id	USN-5107-1
reference_type
scores
url	https://usn.ubuntu.com/5107-1/

reference_url	https://usn.ubuntu.com/5132-1/
reference_id	USN-5132-1
reference_type
scores
url	https://usn.ubuntu.com/5132-1/

reference_url	https://usn.ubuntu.com/5248-1/
reference_id	USN-5248-1
reference_type
scores
url	https://usn.ubuntu.com/5248-1/

fixed_packages

url	pkg:deb/debian/thunderbird@1:91.2.1-1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:91.2.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:91.2.1-1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:91.4.1-1~deb11u1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:91.4.1-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:91.4.1-1~deb11u1%3Fdistro=trixie

url pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie

purl pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2fqb-r5zb-a7dp

vulnerability	VCID-3a6f-173h-fqbz

vulnerability	VCID-3kv6-c148-nkhq

vulnerability	VCID-4e49-6tg2-e7d9

vulnerability	VCID-59d3-343b-e3aw

vulnerability	VCID-61r1-arbe-dke4

vulnerability	VCID-7jt2-zr49-7ye5

vulnerability	VCID-95et-ezmb-buau

vulnerability	VCID-9nbw-7c9e-13af

vulnerability	VCID-av7u-3g4m-mugm

vulnerability	VCID-bwth-uepr-z7a3

vulnerability	VCID-cjsm-7gxr-8ygw

vulnerability	VCID-d16s-p141-qbft

vulnerability	VCID-fxjm-ywug-f3d5

vulnerability	VCID-hk2m-rbdy-nqhc

vulnerability	VCID-ma29-qa7e-9qb4

vulnerability	VCID-nge1-4cvg-zqb2

vulnerability	VCID-nyum-jpbc-abew

vulnerability	VCID-p6yz-xs58-u3gm

vulnerability	VCID-pfmd-zv8f-8bfc

vulnerability	VCID-pszh-x9gd-xyg4

vulnerability	VCID-q689-wneh-hbdq

vulnerability	VCID-q8qp-5szp-mfe8

vulnerability	VCID-ruqn-mk9t-57hb

vulnerability	VCID-tv7r-qf2c-dqbm

vulnerability	VCID-ufku-v5vq-4yef

vulnerability	VCID-w98r-yagc-kkec

vulnerability	VCID-z6tm-b352-5uhk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie

url pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie

purl pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3a6f-173h-fqbz

vulnerability	VCID-4e49-6tg2-e7d9

vulnerability	VCID-pszh-x9gd-xyg4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie

purl pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3a6f-173h-fqbz

vulnerability	VCID-4e49-6tg2-e7d9

vulnerability	VCID-pszh-x9gd-xyg4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie

purl pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5dw5-vpt8-zqbz

vulnerability	VCID-9ag7-z86d-nba9

vulnerability	VCID-qbzp-euvv-q7c7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie

url pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie

purl pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2fqb-r5zb-a7dp

vulnerability	VCID-3kv6-c148-nkhq

vulnerability	VCID-59d3-343b-e3aw

vulnerability	VCID-61r1-arbe-dke4

vulnerability	VCID-7jt2-zr49-7ye5

vulnerability	VCID-95et-ezmb-buau

vulnerability	VCID-9nbw-7c9e-13af

vulnerability	VCID-av7u-3g4m-mugm

vulnerability	VCID-bwth-uepr-z7a3

vulnerability	VCID-cjsm-7gxr-8ygw

vulnerability	VCID-d16s-p141-qbft

vulnerability	VCID-fxjm-ywug-f3d5

vulnerability	VCID-hk2m-rbdy-nqhc

vulnerability	VCID-ma29-qa7e-9qb4

vulnerability	VCID-nge1-4cvg-zqb2

vulnerability	VCID-nyum-jpbc-abew

vulnerability	VCID-p6yz-xs58-u3gm

vulnerability	VCID-pfmd-zv8f-8bfc

vulnerability	VCID-q689-wneh-hbdq

vulnerability	VCID-q8qp-5szp-mfe8

vulnerability	VCID-ruqn-mk9t-57hb

vulnerability	VCID-tv7r-qf2c-dqbm

vulnerability	VCID-w98r-yagc-kkec

vulnerability	VCID-z6tm-b352-5uhk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie

url pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie

purl pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3a6f-173h-fqbz

vulnerability	VCID-4e49-6tg2-e7d9

vulnerability	VCID-pszh-x9gd-xyg4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie

aliases CVE-2021-38500

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6fkp-5fzu-fydp

url VCID-zwz9-pt55-t3c6

vulnerability_id VCID-zwz9-pt55-t3c6

summary Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was configured, the MITM could obtain the authentication credentials, too.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38502.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38502.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-38502

reference_id

reference_type

scores

value	0.00461
scoring_system	epss
scoring_elements	0.64057
published_at	2026-04-01T12:55:00Z

value	0.00461
scoring_system	epss
scoring_elements	0.64313
published_at	2026-05-14T12:55:00Z

value	0.00461
scoring_system	epss
scoring_elements	0.64235
published_at	2026-05-11T12:55:00Z

value	0.00461
scoring_system	epss
scoring_elements	0.64261
published_at	2026-05-12T12:55:00Z

value	0.00461
scoring_system	epss
scoring_elements	0.64114
published_at	2026-04-02T12:55:00Z

value	0.00461
scoring_system	epss
scoring_elements	0.64141
published_at	2026-04-04T12:55:00Z

value	0.00461
scoring_system	epss
scoring_elements	0.641
published_at	2026-04-07T12:55:00Z

value	0.00461
scoring_system	epss
scoring_elements	0.64151
published_at	2026-04-08T12:55:00Z

value	0.00461
scoring_system	epss
scoring_elements	0.64167
published_at	2026-04-09T12:55:00Z

value	0.00461
scoring_system	epss
scoring_elements	0.64179
published_at	2026-05-05T12:55:00Z

value	0.00461
scoring_system	epss
scoring_elements	0.64168
published_at	2026-04-12T12:55:00Z

value	0.00461
scoring_system	epss
scoring_elements	0.6414
published_at	2026-04-13T12:55:00Z

value	0.00461
scoring_system	epss
scoring_elements	0.64176
published_at	2026-04-21T12:55:00Z

value	0.00461
scoring_system	epss
scoring_elements	0.64187
published_at	2026-04-18T12:55:00Z

value	0.00461
scoring_system	epss
scoring_elements	0.64196
published_at	2026-04-24T12:55:00Z

value	0.00461
scoring_system	epss
scoring_elements	0.64209
published_at	2026-04-29T12:55:00Z

value	0.00461
scoring_system	epss
scoring_elements	0.64223
published_at	2026-05-07T12:55:00Z

value	0.00461
scoring_system	epss
scoring_elements	0.64269
published_at	2026-05-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-38502

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38496

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38500

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38502

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38503

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38504

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38506

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38507

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38508

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38509

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4129

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43528

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43529

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43534

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43535

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43536

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43537

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43538

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43539

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43541

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43542

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43543

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43545

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43546

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2013469
reference_id	2013469
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2013469

reference_url

https://security.archlinux.org/AVG-2459

reference_id

AVG-2459

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2459

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2021-47

reference_id

mfsa2021-47

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2021-47

reference_url	https://access.redhat.com/errata/RHSA-2021:3838
reference_id	RHSA-2021:3838
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3838

reference_url	https://access.redhat.com/errata/RHSA-2021:3839
reference_id	RHSA-2021:3839
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3839

reference_url	https://access.redhat.com/errata/RHSA-2021:3840
reference_id	RHSA-2021:3840
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3840

reference_url	https://access.redhat.com/errata/RHSA-2021:3841
reference_id	RHSA-2021:3841
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3841

reference_url	https://usn.ubuntu.com/5248-1/
reference_id	USN-5248-1
reference_type
scores
url	https://usn.ubuntu.com/5248-1/

fixed_packages

url	pkg:deb/debian/thunderbird@1:91.2.1-1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:91.2.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:91.2.1-1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:91.4.1-1~deb11u1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:91.4.1-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:91.4.1-1~deb11u1%3Fdistro=trixie

url pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie

purl pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2fqb-r5zb-a7dp

vulnerability	VCID-3a6f-173h-fqbz

vulnerability	VCID-3kv6-c148-nkhq

vulnerability	VCID-4e49-6tg2-e7d9

vulnerability	VCID-59d3-343b-e3aw

vulnerability	VCID-61r1-arbe-dke4

vulnerability	VCID-7jt2-zr49-7ye5

vulnerability	VCID-95et-ezmb-buau

vulnerability	VCID-9nbw-7c9e-13af

vulnerability	VCID-av7u-3g4m-mugm

vulnerability	VCID-bwth-uepr-z7a3

vulnerability	VCID-cjsm-7gxr-8ygw

vulnerability	VCID-d16s-p141-qbft

vulnerability	VCID-fxjm-ywug-f3d5

vulnerability	VCID-hk2m-rbdy-nqhc

vulnerability	VCID-ma29-qa7e-9qb4

vulnerability	VCID-nge1-4cvg-zqb2

vulnerability	VCID-nyum-jpbc-abew

vulnerability	VCID-p6yz-xs58-u3gm

vulnerability	VCID-pfmd-zv8f-8bfc

vulnerability	VCID-pszh-x9gd-xyg4

vulnerability	VCID-q689-wneh-hbdq

vulnerability	VCID-q8qp-5szp-mfe8

vulnerability	VCID-ruqn-mk9t-57hb

vulnerability	VCID-tv7r-qf2c-dqbm

vulnerability	VCID-ufku-v5vq-4yef

vulnerability	VCID-w98r-yagc-kkec

vulnerability	VCID-z6tm-b352-5uhk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie

url pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie

purl pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3a6f-173h-fqbz

vulnerability	VCID-4e49-6tg2-e7d9

vulnerability	VCID-pszh-x9gd-xyg4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie

purl pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3a6f-173h-fqbz

vulnerability	VCID-4e49-6tg2-e7d9

vulnerability	VCID-pszh-x9gd-xyg4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie

purl pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5dw5-vpt8-zqbz

vulnerability	VCID-9ag7-z86d-nba9

vulnerability	VCID-qbzp-euvv-q7c7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie

url pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie

purl pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2fqb-r5zb-a7dp

vulnerability	VCID-3kv6-c148-nkhq

vulnerability	VCID-59d3-343b-e3aw

vulnerability	VCID-61r1-arbe-dke4

vulnerability	VCID-7jt2-zr49-7ye5

vulnerability	VCID-95et-ezmb-buau

vulnerability	VCID-9nbw-7c9e-13af

vulnerability	VCID-av7u-3g4m-mugm

vulnerability	VCID-bwth-uepr-z7a3

vulnerability	VCID-cjsm-7gxr-8ygw

vulnerability	VCID-d16s-p141-qbft

vulnerability	VCID-fxjm-ywug-f3d5

vulnerability	VCID-hk2m-rbdy-nqhc

vulnerability	VCID-ma29-qa7e-9qb4

vulnerability	VCID-nge1-4cvg-zqb2

vulnerability	VCID-nyum-jpbc-abew

vulnerability	VCID-p6yz-xs58-u3gm

vulnerability	VCID-pfmd-zv8f-8bfc

vulnerability	VCID-q689-wneh-hbdq

vulnerability	VCID-q8qp-5szp-mfe8

vulnerability	VCID-ruqn-mk9t-57hb

vulnerability	VCID-tv7r-qf2c-dqbm

vulnerability	VCID-w98r-yagc-kkec

vulnerability	VCID-z6tm-b352-5uhk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie

url pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie

purl pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3a6f-173h-fqbz

vulnerability	VCID-4e49-6tg2-e7d9

vulnerability	VCID-pszh-x9gd-xyg4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie

url	pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie
purl	pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie

aliases CVE-2021-38502

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zwz9-pt55-t3c6

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:91.2.1-1%3Fdistro=trixie

Package Instance