VulnerableCode Package Details - pkg:alpm/archlinux/thunderbird@68.9.0-1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-2b52-b4dy-aaae	Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.	CVE-2020-12410
VCID-3ewf-dckr-aaam	NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.	CVE-2020-12399
VCID-dtgr-6wma-aaae	When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.	CVE-2020-12405
VCID-mfz6-t932-aaap	If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection. This vulnerability affects Thunderbird < 68.9.0.	CVE-2020-12398
VCID-re8g-wf24-aaar	Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.	CVE-2020-12406

Vulnerability

Summary

Aliases

VCID-2b52-b4dy-aaae

Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.

CVE-2020-12410

VCID-3ewf-dckr-aaam

NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.

CVE-2020-12399

VCID-dtgr-6wma-aaae

When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.

CVE-2020-12405

VCID-mfz6-t932-aaap

If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection. This vulnerability affects Thunderbird < 68.9.0.

CVE-2020-12398

VCID-re8g-wf24-aaar

Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.

CVE-2020-12406

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T07:45:50.484647+00:00	Arch Linux Importer	Fixing	VCID-mfz6-t932-aaap	https://security.archlinux.org/AVG-1179	36.0.0
2025-03-28T07:45:50.464296+00:00	Arch Linux Importer	Fixing	VCID-3ewf-dckr-aaam	https://security.archlinux.org/AVG-1179	36.0.0
2025-03-28T07:45:50.443807+00:00	Arch Linux Importer	Fixing	VCID-dtgr-6wma-aaae	https://security.archlinux.org/AVG-1179	36.0.0
2025-03-28T07:45:50.423262+00:00	Arch Linux Importer	Fixing	VCID-re8g-wf24-aaar	https://security.archlinux.org/AVG-1179	36.0.0
2025-03-28T07:45:50.402631+00:00	Arch Linux Importer	Fixing	VCID-2b52-b4dy-aaae	https://security.archlinux.org/AVG-1179	36.0.0
2024-09-18T02:00:52.750307+00:00	Arch Linux Importer	Fixing	VCID-mfz6-t932-aaap	https://security.archlinux.org/AVG-1179	34.0.1
2024-09-18T02:00:52.718080+00:00	Arch Linux Importer	Fixing	VCID-3ewf-dckr-aaam	https://security.archlinux.org/AVG-1179	34.0.1
2024-09-18T02:00:52.692380+00:00	Arch Linux Importer	Fixing	VCID-dtgr-6wma-aaae	https://security.archlinux.org/AVG-1179	34.0.1
2024-09-18T02:00:52.667002+00:00	Arch Linux Importer	Fixing	VCID-re8g-wf24-aaar	https://security.archlinux.org/AVG-1179	34.0.1
2024-09-18T02:00:52.641268+00:00	Arch Linux Importer	Fixing	VCID-2b52-b4dy-aaae	https://security.archlinux.org/AVG-1179	34.0.1
2024-01-09T19:34:39.968996+00:00	Arch Linux Importer	Fixing	VCID-mfz6-t932-aaap	https://security.archlinux.org/AVG-1179	34.0.0rc2
2024-01-09T19:34:39.946893+00:00	Arch Linux Importer	Fixing	VCID-3ewf-dckr-aaam	https://security.archlinux.org/AVG-1179	34.0.0rc2
2024-01-09T19:34:39.925012+00:00	Arch Linux Importer	Fixing	VCID-dtgr-6wma-aaae	https://security.archlinux.org/AVG-1179	34.0.0rc2
2024-01-09T19:34:39.903057+00:00	Arch Linux Importer	Fixing	VCID-re8g-wf24-aaar	https://security.archlinux.org/AVG-1179	34.0.0rc2
2024-01-09T19:34:39.881372+00:00	Arch Linux Importer	Fixing	VCID-2b52-b4dy-aaae	https://security.archlinux.org/AVG-1179	34.0.0rc2
2024-01-03T22:27:10.032776+00:00	Arch Linux Importer	Fixing	VCID-mfz6-t932-aaap	https://security.archlinux.org/AVG-1179	34.0.0rc1
2024-01-03T22:27:10.006423+00:00	Arch Linux Importer	Fixing	VCID-3ewf-dckr-aaam	https://security.archlinux.org/AVG-1179	34.0.0rc1
2024-01-03T22:27:09.975464+00:00	Arch Linux Importer	Fixing	VCID-dtgr-6wma-aaae	https://security.archlinux.org/AVG-1179	34.0.0rc1
2024-01-03T22:27:09.953975+00:00	Arch Linux Importer	Fixing	VCID-re8g-wf24-aaar	https://security.archlinux.org/AVG-1179	34.0.0rc1
2024-01-03T22:27:09.932526+00:00	Arch Linux Importer	Fixing	VCID-2b52-b4dy-aaae	https://security.archlinux.org/AVG-1179	34.0.0rc1

2025-03-28T07:45:50.484647+00:00

Arch Linux Importer

Fixing