VulnerableCode Package Details - pkg:alpm/archlinux/thunderbird@78.10.0-1

Search for packages

Vulnerability	Summary	Fixed by
VCID-x2f5-abf4-aaap Aliases: CVE-2021-29951	The Mozilla Maintenance Service granted SERVICE_START access to BUILTIN\|Users which, in a domain network, grants normal remote users access to start or stop the service. This could be used to prevent the browser update service from operating (if an attacker spammed the 'Stop' command); but also exposed attack surface in the maintenance service. Note: This issue only affected Windows operating systems older than Win 10 build 1709. Other operating systems are unaffected.. This vulnerability affects Thunderbird < 78.10.1, Firefox < 87, and Firefox ESR < 78.10.1.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-x2f5-abf4-aaap
Aliases:
CVE-2021-29951

The Mozilla Maintenance Service granted SERVICE_START access to BUILTIN|Users which, in a domain network, grants normal remote users access to start or stop the service. This could be used to prevent the browser update service from operating (if an attacker spammed the 'Stop' command); but also exposed attack surface in the maintenance service. *Note: This issue only affected Windows operating systems older than Win 10 build 1709. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 78.10.1, Firefox < 87, and Firefox ESR < 78.10.1.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
VCID-6rtk-4prh-aaag	Signatures are written to disk before and read during verification, which might be subject to a race condition when a malicious local process or user is replacing the file. This vulnerability affects Thunderbird < 78.10.	CVE-2021-29948
VCID-6sbr-5wh6-aaaj	When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.	CVE-2021-23995
VCID-7czg-22gd-aaak	When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.	CVE-2021-24002
VCID-831f-qtke-aaaa	If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.	CVE-2021-23999
VCID-ajhw-h67b-aaaq	Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.	CVE-2021-29946
VCID-n35k-ra7d-aaas	A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.	CVE-2021-23994
VCID-tyq3-9fh9-aaar	Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 85.	CVE-2021-23961
VCID-vhvv-xjnk-aaac	Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.	CVE-2021-23998

Vulnerability

Summary

Aliases

VCID-6rtk-4prh-aaag

Signatures are written to disk before and read during verification, which might be subject to a race condition when a malicious local process or user is replacing the file. This vulnerability affects Thunderbird < 78.10.

CVE-2021-29948

VCID-6sbr-5wh6-aaaj

When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.

CVE-2021-23995

VCID-7czg-22gd-aaak

When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.

CVE-2021-24002

VCID-831f-qtke-aaaa

If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.

CVE-2021-23999

VCID-ajhw-h67b-aaaq

Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.

CVE-2021-29946

VCID-n35k-ra7d-aaas

A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.

CVE-2021-23994

VCID-tyq3-9fh9-aaar

Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 85.

CVE-2021-23961

VCID-vhvv-xjnk-aaac

Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.

CVE-2021-23998

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T07:46:37.122166+00:00	Arch Linux Importer	Affected by	VCID-x2f5-abf4-aaap	https://security.archlinux.org/AVG-1914	36.0.0
2025-03-28T07:45:40.197793+00:00	Arch Linux Importer	Fixing	VCID-tyq3-9fh9-aaar	https://security.archlinux.org/AVG-1836	36.0.0
2025-03-28T07:45:40.177122+00:00	Arch Linux Importer	Fixing	VCID-n35k-ra7d-aaas	https://security.archlinux.org/AVG-1836	36.0.0
2025-03-28T07:45:40.156435+00:00	Arch Linux Importer	Fixing	VCID-6sbr-5wh6-aaaj	https://security.archlinux.org/AVG-1836	36.0.0
2025-03-28T07:45:40.135803+00:00	Arch Linux Importer	Fixing	VCID-vhvv-xjnk-aaac	https://security.archlinux.org/AVG-1836	36.0.0
2025-03-28T07:45:40.115297+00:00	Arch Linux Importer	Fixing	VCID-831f-qtke-aaaa	https://security.archlinux.org/AVG-1836	36.0.0
2025-03-28T07:45:40.094843+00:00	Arch Linux Importer	Fixing	VCID-7czg-22gd-aaak	https://security.archlinux.org/AVG-1836	36.0.0
2025-03-28T07:45:40.074210+00:00	Arch Linux Importer	Fixing	VCID-ajhw-h67b-aaaq	https://security.archlinux.org/AVG-1836	36.0.0
2025-03-28T07:45:40.053818+00:00	Arch Linux Importer	Fixing	VCID-6rtk-4prh-aaag	https://security.archlinux.org/AVG-1836	36.0.0
2024-09-18T02:01:56.991696+00:00	Arch Linux Importer	Affected by	VCID-x2f5-abf4-aaap	https://security.archlinux.org/AVG-1914	34.0.1
2024-09-18T02:00:39.356750+00:00	Arch Linux Importer	Fixing	VCID-tyq3-9fh9-aaar	https://security.archlinux.org/AVG-1836	34.0.1
2024-09-18T02:00:39.330153+00:00	Arch Linux Importer	Fixing	VCID-n35k-ra7d-aaas	https://security.archlinux.org/AVG-1836	34.0.1
2024-09-18T02:00:39.304795+00:00	Arch Linux Importer	Fixing	VCID-6sbr-5wh6-aaaj	https://security.archlinux.org/AVG-1836	34.0.1
2024-09-18T02:00:39.277148+00:00	Arch Linux Importer	Fixing	VCID-vhvv-xjnk-aaac	https://security.archlinux.org/AVG-1836	34.0.1
2024-09-18T02:00:39.251611+00:00	Arch Linux Importer	Fixing	VCID-831f-qtke-aaaa	https://security.archlinux.org/AVG-1836	34.0.1
2024-09-18T02:00:39.226501+00:00	Arch Linux Importer	Fixing	VCID-7czg-22gd-aaak	https://security.archlinux.org/AVG-1836	34.0.1
2024-09-18T02:00:39.200049+00:00	Arch Linux Importer	Fixing	VCID-ajhw-h67b-aaaq	https://security.archlinux.org/AVG-1836	34.0.1
2024-09-18T02:00:39.171900+00:00	Arch Linux Importer	Fixing	VCID-6rtk-4prh-aaag	https://security.archlinux.org/AVG-1836	34.0.1
2024-01-09T19:34:39.551457+00:00	Arch Linux Importer	Fixing	VCID-tyq3-9fh9-aaar	https://security.archlinux.org/AVG-1836	34.0.0rc2
2024-01-09T19:34:39.529375+00:00	Arch Linux Importer	Fixing	VCID-n35k-ra7d-aaas	https://security.archlinux.org/AVG-1836	34.0.0rc2
2024-01-09T19:34:39.507319+00:00	Arch Linux Importer	Fixing	VCID-6sbr-5wh6-aaaj	https://security.archlinux.org/AVG-1836	34.0.0rc2
2024-01-09T19:34:39.485513+00:00	Arch Linux Importer	Fixing	VCID-vhvv-xjnk-aaac	https://security.archlinux.org/AVG-1836	34.0.0rc2
2024-01-09T19:34:39.463725+00:00	Arch Linux Importer	Fixing	VCID-831f-qtke-aaaa	https://security.archlinux.org/AVG-1836	34.0.0rc2
2024-01-09T19:34:39.439816+00:00	Arch Linux Importer	Fixing	VCID-7czg-22gd-aaak	https://security.archlinux.org/AVG-1836	34.0.0rc2
2024-01-09T19:34:39.416665+00:00	Arch Linux Importer	Fixing	VCID-ajhw-h67b-aaaq	https://security.archlinux.org/AVG-1836	34.0.0rc2
2024-01-09T19:34:39.394500+00:00	Arch Linux Importer	Fixing	VCID-6rtk-4prh-aaag	https://security.archlinux.org/AVG-1836	34.0.0rc2
2024-01-03T22:28:00.859315+00:00	Arch Linux Importer	Affected by	VCID-x2f5-abf4-aaap	https://security.archlinux.org/AVG-1914	34.0.0rc1
2024-01-03T22:26:56.758084+00:00	Arch Linux Importer	Fixing	VCID-tyq3-9fh9-aaar	https://security.archlinux.org/AVG-1836	34.0.0rc1
2024-01-03T22:26:56.731966+00:00	Arch Linux Importer	Fixing	VCID-n35k-ra7d-aaas	https://security.archlinux.org/AVG-1836	34.0.0rc1
2024-01-03T22:26:56.708006+00:00	Arch Linux Importer	Fixing	VCID-6sbr-5wh6-aaaj	https://security.archlinux.org/AVG-1836	34.0.0rc1
2024-01-03T22:26:56.686729+00:00	Arch Linux Importer	Fixing	VCID-vhvv-xjnk-aaac	https://security.archlinux.org/AVG-1836	34.0.0rc1
2024-01-03T22:26:56.665543+00:00	Arch Linux Importer	Fixing	VCID-831f-qtke-aaaa	https://security.archlinux.org/AVG-1836	34.0.0rc1
2024-01-03T22:26:56.644631+00:00	Arch Linux Importer	Fixing	VCID-7czg-22gd-aaak	https://security.archlinux.org/AVG-1836	34.0.0rc1
2024-01-03T22:26:56.623324+00:00	Arch Linux Importer	Fixing	VCID-ajhw-h67b-aaaq	https://security.archlinux.org/AVG-1836	34.0.0rc1
2024-01-03T22:26:56.602202+00:00	Arch Linux Importer	Fixing	VCID-6rtk-4prh-aaag	https://security.archlinux.org/AVG-1836	34.0.0rc1

2025-03-28T07:46:37.122166+00:00

Arch Linux Importer

Affected by

VCID-x2f5-abf4-aaap

https://security.archlinux.org/AVG-1914

36.0.0

2025-03-28T07:45:40.197793+00:00

Arch Linux Importer

Fixing

Next non-vulnerable version	91.1.0-1
Latest non-vulnerable version	91.10-1
Risk	4.0