VulnerableCode Package Details - pkg:alpm/archlinux/thunderbird@60.0-1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-1gu8-tmv3-aaak	An integer overflow can occur in the SwizzleData code while calculating buffer sizes. The overflowed value is used for subsequent graphics computations when their inputs are not sanitized which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61.	CVE-2018-12361
VCID-3s95-jxx3-aaaj	Memory safety bugs present in Firefox 60 and Firefox ESR 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61.	CVE-2018-5187
VCID-5jup-v8gh-aaap	A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.	CVE-2018-5156
VCID-9frm-yu4p-aaah	In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. In that work PerformanceNavigationTiming was not adjusted but it was found that it could be used as a precision timer. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61.	CVE-2018-12367
VCID-p3cw-6kpn-aaab	An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 16 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.1, Thunderbird < 60, and Firefox < 61.	CVE-2018-12371

Vulnerability

Summary

Aliases

VCID-1gu8-tmv3-aaak

An integer overflow can occur in the SwizzleData code while calculating buffer sizes. The overflowed value is used for subsequent graphics computations when their inputs are not sanitized which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61.

CVE-2018-12361

VCID-3s95-jxx3-aaaj

Memory safety bugs present in Firefox 60 and Firefox ESR 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61.

CVE-2018-5187

VCID-5jup-v8gh-aaap

A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.

CVE-2018-5156

VCID-9frm-yu4p-aaah

In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. In that work PerformanceNavigationTiming was not adjusted but it was found that it could be used as a precision timer. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61.

CVE-2018-12367

VCID-p3cw-6kpn-aaab

An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 16 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.1, Thunderbird < 60, and Firefox < 61.

CVE-2018-12371

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T07:44:32.857635+00:00	Arch Linux Importer	Fixing	VCID-1gu8-tmv3-aaak	https://security.archlinux.org/AVG-751	36.0.0
2025-03-28T07:44:32.821617+00:00	Arch Linux Importer	Fixing	VCID-9frm-yu4p-aaah	https://security.archlinux.org/AVG-751	36.0.0
2025-03-28T07:44:32.800702+00:00	Arch Linux Importer	Fixing	VCID-p3cw-6kpn-aaab	https://security.archlinux.org/AVG-751	36.0.0
2025-03-28T07:44:32.780300+00:00	Arch Linux Importer	Fixing	VCID-5jup-v8gh-aaap	https://security.archlinux.org/AVG-751	36.0.0
2025-03-28T07:44:32.759542+00:00	Arch Linux Importer	Fixing	VCID-3s95-jxx3-aaaj	https://security.archlinux.org/AVG-751	36.0.0
2024-09-18T01:59:37.300799+00:00	Arch Linux Importer	Fixing	VCID-1gu8-tmv3-aaak	https://security.archlinux.org/AVG-751	34.0.1
2024-09-18T01:59:37.273757+00:00	Arch Linux Importer	Fixing	VCID-9frm-yu4p-aaah	https://security.archlinux.org/AVG-751	34.0.1
2024-09-18T01:59:37.247105+00:00	Arch Linux Importer	Fixing	VCID-p3cw-6kpn-aaab	https://security.archlinux.org/AVG-751	34.0.1
2024-09-18T01:59:37.217453+00:00	Arch Linux Importer	Fixing	VCID-5jup-v8gh-aaap	https://security.archlinux.org/AVG-751	34.0.1
2024-09-18T01:59:37.187830+00:00	Arch Linux Importer	Fixing	VCID-3s95-jxx3-aaaj	https://security.archlinux.org/AVG-751	34.0.1
2024-01-09T19:34:36.900333+00:00	Arch Linux Importer	Fixing	VCID-1gu8-tmv3-aaak	https://security.archlinux.org/AVG-751	34.0.0rc2
2024-01-09T19:34:36.878318+00:00	Arch Linux Importer	Fixing	VCID-9frm-yu4p-aaah	https://security.archlinux.org/AVG-751	34.0.0rc2
2024-01-09T19:34:36.856393+00:00	Arch Linux Importer	Fixing	VCID-p3cw-6kpn-aaab	https://security.archlinux.org/AVG-751	34.0.0rc2
2024-01-09T19:34:36.834366+00:00	Arch Linux Importer	Fixing	VCID-5jup-v8gh-aaap	https://security.archlinux.org/AVG-751	34.0.0rc2
2024-01-09T19:34:36.811940+00:00	Arch Linux Importer	Fixing	VCID-3s95-jxx3-aaaj	https://security.archlinux.org/AVG-751	34.0.0rc2
2024-01-03T22:25:53.268738+00:00	Arch Linux Importer	Fixing	VCID-1gu8-tmv3-aaak	https://security.archlinux.org/AVG-751	34.0.0rc1
2024-01-03T22:25:53.244991+00:00	Arch Linux Importer	Fixing	VCID-9frm-yu4p-aaah	https://security.archlinux.org/AVG-751	34.0.0rc1
2024-01-03T22:25:53.221210+00:00	Arch Linux Importer	Fixing	VCID-p3cw-6kpn-aaab	https://security.archlinux.org/AVG-751	34.0.0rc1
2024-01-03T22:25:53.194657+00:00	Arch Linux Importer	Fixing	VCID-5jup-v8gh-aaap	https://security.archlinux.org/AVG-751	34.0.0rc1
2024-01-03T22:25:53.167844+00:00	Arch Linux Importer	Fixing	VCID-3s95-jxx3-aaaj	https://security.archlinux.org/AVG-751	34.0.0rc1

2025-03-28T07:44:32.857635+00:00

Arch Linux Importer

Fixing