VulnerableCode Package Details - pkg:alpm/archlinux/thunderbird@78.13.0-1

Search for packages

Vulnerability	Summary	Fixed by
VCID-95rd-be75-aaae Aliases: CVE-2021-38492	When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. This bug only affects Firefox for Windows. Other operating systems are unaffected.. This vulnerability affects Firefox < 92, Thunderbird < 91.1, Thunderbird < 78.14, Firefox ESR < 78.14, and Firefox ESR < 91.1.	78.14.0-1 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-wv46-3gkh-aaam Aliases: CVE-2021-38493	Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14, and Firefox < 92.	78.14.0-1 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-95rd-be75-aaae
Aliases:
CVE-2021-38492

When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. *This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 92, Thunderbird < 91.1, Thunderbird < 78.14, Firefox ESR < 78.14, and Firefox ESR < 91.1.

78.14.0-1
Affected by 5 other vulnerabilities.

VCID-wv46-3gkh-aaam
Aliases:
CVE-2021-38493

Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14, and Firefox < 92.

78.14.0-1
Affected by 5 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-4d5s-zzcw-aaaj	Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.	CVE-2021-29984
VCID-7pxp-zs62-aaae	Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.	CVE-2021-29988
VCID-d11z-q6pp-aaah	A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.	CVE-2021-29985
VCID-hc8x-cusp-aaam	Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.13, Firefox ESR < 78.13, and Firefox < 91.	CVE-2021-29989
VCID-uwbt-ejee-aaan	A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. Note: This issue only affected Linux operating systems. Other operating systems are unaffected. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.	CVE-2021-29986
VCID-vhe2-uxqw-aaas	Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.	CVE-2021-29980

Vulnerability

Summary

Aliases

VCID-4d5s-zzcw-aaaj

Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.

CVE-2021-29984

VCID-7pxp-zs62-aaae

Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.

CVE-2021-29988

VCID-d11z-q6pp-aaah

A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.

CVE-2021-29985

VCID-hc8x-cusp-aaam

Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.13, Firefox ESR < 78.13, and Firefox < 91.

CVE-2021-29989

VCID-uwbt-ejee-aaan

A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. *Note: This issue only affected Linux operating systems. Other operating systems are unaffected.* This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.

CVE-2021-29986

VCID-vhe2-uxqw-aaas

Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.

CVE-2021-29980

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T07:46:29.387056+00:00	Arch Linux Importer	Affected by	VCID-95rd-be75-aaae	https://security.archlinux.org/AVG-2353	36.0.0
2025-03-28T07:45:30.745528+00:00	Arch Linux Importer	Fixing	VCID-vhe2-uxqw-aaas	https://security.archlinux.org/AVG-2270	36.0.0
2025-03-28T07:45:30.726999+00:00	Arch Linux Importer	Fixing	VCID-4d5s-zzcw-aaaj	https://security.archlinux.org/AVG-2270	36.0.0
2025-03-28T07:45:30.708275+00:00	Arch Linux Importer	Fixing	VCID-d11z-q6pp-aaah	https://security.archlinux.org/AVG-2270	36.0.0
2025-03-28T07:45:30.689613+00:00	Arch Linux Importer	Fixing	VCID-uwbt-ejee-aaan	https://security.archlinux.org/AVG-2270	36.0.0
2025-03-28T07:45:30.671002+00:00	Arch Linux Importer	Fixing	VCID-7pxp-zs62-aaae	https://security.archlinux.org/AVG-2270	36.0.0
2025-03-28T07:45:30.652100+00:00	Arch Linux Importer	Fixing	VCID-hc8x-cusp-aaam	https://security.archlinux.org/AVG-2270	36.0.0
2025-03-28T07:44:05.225080+00:00	Arch Linux Importer	Affected by	VCID-wv46-3gkh-aaam	https://security.archlinux.org/AVG-2344	36.0.0
2024-09-18T02:01:46.506078+00:00	Arch Linux Importer	Affected by	VCID-95rd-be75-aaae	https://security.archlinux.org/AVG-2353	34.0.1
2024-09-18T02:00:27.331088+00:00	Arch Linux Importer	Fixing	VCID-vhe2-uxqw-aaas	https://security.archlinux.org/AVG-2270	34.0.1
2024-09-18T02:00:27.302353+00:00	Arch Linux Importer	Fixing	VCID-4d5s-zzcw-aaaj	https://security.archlinux.org/AVG-2270	34.0.1
2024-09-18T02:00:27.281558+00:00	Arch Linux Importer	Fixing	VCID-d11z-q6pp-aaah	https://security.archlinux.org/AVG-2270	34.0.1
2024-09-18T02:00:27.255803+00:00	Arch Linux Importer	Fixing	VCID-uwbt-ejee-aaan	https://security.archlinux.org/AVG-2270	34.0.1
2024-09-18T02:00:27.232081+00:00	Arch Linux Importer	Fixing	VCID-7pxp-zs62-aaae	https://security.archlinux.org/AVG-2270	34.0.1
2024-09-18T02:00:27.209414+00:00	Arch Linux Importer	Fixing	VCID-hc8x-cusp-aaam	https://security.archlinux.org/AVG-2270	34.0.1
2024-09-18T01:59:12.966055+00:00	Arch Linux Importer	Affected by	VCID-wv46-3gkh-aaam	https://security.archlinux.org/AVG-2344	34.0.1
2024-01-03T22:27:51.868845+00:00	Arch Linux Importer	Affected by	VCID-95rd-be75-aaae	https://security.archlinux.org/AVG-2353	34.0.0rc1
2024-01-03T22:26:43.173571+00:00	Arch Linux Importer	Fixing	VCID-vhe2-uxqw-aaas	https://security.archlinux.org/AVG-2270	34.0.0rc1
2024-01-03T22:26:43.151774+00:00	Arch Linux Importer	Fixing	VCID-4d5s-zzcw-aaaj	https://security.archlinux.org/AVG-2270	34.0.0rc1
2024-01-03T22:26:43.130023+00:00	Arch Linux Importer	Fixing	VCID-d11z-q6pp-aaah	https://security.archlinux.org/AVG-2270	34.0.0rc1
2024-01-03T22:26:43.108070+00:00	Arch Linux Importer	Fixing	VCID-uwbt-ejee-aaan	https://security.archlinux.org/AVG-2270	34.0.0rc1
2024-01-03T22:26:43.085674+00:00	Arch Linux Importer	Fixing	VCID-7pxp-zs62-aaae	https://security.archlinux.org/AVG-2270	34.0.0rc1
2024-01-03T22:26:43.063254+00:00	Arch Linux Importer	Fixing	VCID-hc8x-cusp-aaam	https://security.archlinux.org/AVG-2270	34.0.0rc1
2024-01-03T22:25:30.602412+00:00	Arch Linux Importer	Affected by	VCID-wv46-3gkh-aaam	https://security.archlinux.org/AVG-2344	34.0.0rc1

2025-03-28T07:46:29.387056+00:00

Arch Linux Importer

Affected by

VCID-95rd-be75-aaae

https://security.archlinux.org/AVG-2353

36.0.0

2025-03-28T07:45:30.745528+00:00

Arch Linux Importer

Fixing

Next non-vulnerable version	91.1.0-1
Latest non-vulnerable version	91.10-1
Risk	4.5