VulnerableCode Package Details - pkg:alpm/archlinux/thunderbird@78.6.0-1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-38x7-vzgt-aaab	Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.	CVE-2020-16042
VCID-51y4-62zh-aaam	Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.	CVE-2020-35113
VCID-gcj9-dta3-aaah	Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.	CVE-2020-26978
VCID-gs4m-md5m-aaan	When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.	CVE-2020-26974
VCID-he22-dw9a-aaag	When an extension with the proxy permission registered to receive <all_urls>, the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have inadvertently leaked their IP address. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.	CVE-2020-35111
VCID-kvrc-hr7g-aaam	Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.	CVE-2020-26971
VCID-rj58-m29v-aaan	Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.	CVE-2020-26973
VCID-ywv1-b6gf-aaac	When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable. This vulnerability affects Thunderbird < 78.5.1.	CVE-2020-26970

Vulnerability

Summary

Aliases

VCID-38x7-vzgt-aaab

Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

CVE-2020-16042

VCID-51y4-62zh-aaam

Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.

CVE-2020-35113

VCID-gcj9-dta3-aaah

Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.

CVE-2020-26978

VCID-gs4m-md5m-aaan

When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.

CVE-2020-26974

VCID-he22-dw9a-aaag

When an extension with the proxy permission registered to receive <all_urls>, the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have inadvertently leaked their IP address. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.

CVE-2020-35111

VCID-kvrc-hr7g-aaam

Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.

CVE-2020-26971

VCID-rj58-m29v-aaan

Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.

CVE-2020-26973

VCID-ywv1-b6gf-aaac

When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable. This vulnerability affects Thunderbird < 78.5.1.

CVE-2020-26970

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T07:45:47.052836+00:00	Arch Linux Importer	Fixing	VCID-38x7-vzgt-aaab	https://security.archlinux.org/AVG-1315	36.0.0
2025-03-28T07:45:47.032066+00:00	Arch Linux Importer	Fixing	VCID-ywv1-b6gf-aaac	https://security.archlinux.org/AVG-1315	36.0.0
2025-03-28T07:45:47.011261+00:00	Arch Linux Importer	Fixing	VCID-kvrc-hr7g-aaam	https://security.archlinux.org/AVG-1315	36.0.0
2025-03-28T07:45:46.990543+00:00	Arch Linux Importer	Fixing	VCID-rj58-m29v-aaan	https://security.archlinux.org/AVG-1315	36.0.0
2025-03-28T07:45:46.969851+00:00	Arch Linux Importer	Fixing	VCID-gs4m-md5m-aaan	https://security.archlinux.org/AVG-1315	36.0.0
2025-03-28T07:45:46.949547+00:00	Arch Linux Importer	Fixing	VCID-gcj9-dta3-aaah	https://security.archlinux.org/AVG-1315	36.0.0
2025-03-28T07:45:46.928955+00:00	Arch Linux Importer	Fixing	VCID-he22-dw9a-aaag	https://security.archlinux.org/AVG-1315	36.0.0
2025-03-28T07:45:46.908107+00:00	Arch Linux Importer	Fixing	VCID-51y4-62zh-aaam	https://security.archlinux.org/AVG-1315	36.0.0
2024-09-18T02:00:48.330274+00:00	Arch Linux Importer	Fixing	VCID-38x7-vzgt-aaab	https://security.archlinux.org/AVG-1315	34.0.1
2024-09-18T02:00:48.303730+00:00	Arch Linux Importer	Fixing	VCID-ywv1-b6gf-aaac	https://security.archlinux.org/AVG-1315	34.0.1
2024-09-18T02:00:48.277256+00:00	Arch Linux Importer	Fixing	VCID-kvrc-hr7g-aaam	https://security.archlinux.org/AVG-1315	34.0.1
2024-09-18T02:00:48.251243+00:00	Arch Linux Importer	Fixing	VCID-rj58-m29v-aaan	https://security.archlinux.org/AVG-1315	34.0.1
2024-09-18T02:00:48.225646+00:00	Arch Linux Importer	Fixing	VCID-gs4m-md5m-aaan	https://security.archlinux.org/AVG-1315	34.0.1
2024-09-18T02:00:48.199186+00:00	Arch Linux Importer	Fixing	VCID-gcj9-dta3-aaah	https://security.archlinux.org/AVG-1315	34.0.1
2024-09-18T02:00:48.172428+00:00	Arch Linux Importer	Fixing	VCID-he22-dw9a-aaag	https://security.archlinux.org/AVG-1315	34.0.1
2024-09-18T02:00:48.146355+00:00	Arch Linux Importer	Fixing	VCID-51y4-62zh-aaam	https://security.archlinux.org/AVG-1315	34.0.1
2024-01-09T19:34:39.859400+00:00	Arch Linux Importer	Fixing	VCID-38x7-vzgt-aaab	https://security.archlinux.org/AVG-1315	34.0.0rc2
2024-01-09T19:34:39.837326+00:00	Arch Linux Importer	Fixing	VCID-ywv1-b6gf-aaac	https://security.archlinux.org/AVG-1315	34.0.0rc2
2024-01-09T19:34:39.815224+00:00	Arch Linux Importer	Fixing	VCID-kvrc-hr7g-aaam	https://security.archlinux.org/AVG-1315	34.0.0rc2
2024-01-09T19:34:39.792956+00:00	Arch Linux Importer	Fixing	VCID-rj58-m29v-aaan	https://security.archlinux.org/AVG-1315	34.0.0rc2
2024-01-09T19:34:39.771105+00:00	Arch Linux Importer	Fixing	VCID-gs4m-md5m-aaan	https://security.archlinux.org/AVG-1315	34.0.0rc2
2024-01-09T19:34:39.749289+00:00	Arch Linux Importer	Fixing	VCID-gcj9-dta3-aaah	https://security.archlinux.org/AVG-1315	34.0.0rc2
2024-01-09T19:34:39.727360+00:00	Arch Linux Importer	Fixing	VCID-he22-dw9a-aaag	https://security.archlinux.org/AVG-1315	34.0.0rc2
2024-01-09T19:34:39.705514+00:00	Arch Linux Importer	Fixing	VCID-51y4-62zh-aaam	https://security.archlinux.org/AVG-1315	34.0.0rc2
2024-01-03T22:27:06.106206+00:00	Arch Linux Importer	Fixing	VCID-38x7-vzgt-aaab	https://security.archlinux.org/AVG-1315	34.0.0rc1
2024-01-03T22:27:06.084687+00:00	Arch Linux Importer	Fixing	VCID-ywv1-b6gf-aaac	https://security.archlinux.org/AVG-1315	34.0.0rc1
2024-01-03T22:27:06.063204+00:00	Arch Linux Importer	Fixing	VCID-kvrc-hr7g-aaam	https://security.archlinux.org/AVG-1315	34.0.0rc1
2024-01-03T22:27:06.041811+00:00	Arch Linux Importer	Fixing	VCID-rj58-m29v-aaan	https://security.archlinux.org/AVG-1315	34.0.0rc1
2024-01-03T22:27:06.020613+00:00	Arch Linux Importer	Fixing	VCID-gs4m-md5m-aaan	https://security.archlinux.org/AVG-1315	34.0.0rc1
2024-01-03T22:27:05.999178+00:00	Arch Linux Importer	Fixing	VCID-gcj9-dta3-aaah	https://security.archlinux.org/AVG-1315	34.0.0rc1
2024-01-03T22:27:05.975446+00:00	Arch Linux Importer	Fixing	VCID-he22-dw9a-aaag	https://security.archlinux.org/AVG-1315	34.0.0rc1
2024-01-03T22:27:05.949562+00:00	Arch Linux Importer	Fixing	VCID-51y4-62zh-aaam	https://security.archlinux.org/AVG-1315	34.0.0rc1

2025-03-28T07:45:47.052836+00:00

Arch Linux Importer

Fixing