VulnerableCode Package Details - pkg:alpm/archlinux/thunderbird@91.2.0-1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-11kx-sata-aaam	Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.	CVE-2021-38501
VCID-7ufv-sfcu-aaae	Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was configured, the MITM could obtain the authentication credentials, too. This vulnerability affects Thunderbird < 91.2.	CVE-2021-38502
VCID-esyb-cntz-aaan	Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.	CVE-2021-38497
VCID-frqc-3ef7-aaaf	crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this can cause double free and a memory leak. If not, this still can cause a logical bug. Crates using `Stealer::steal`, `Stealer::steal_batch`, or `Stealer::steal_batch_and_pop` are affected by this issue. This has been fixed in crossbeam-deque 0.8.1 and 0.7.4.	CVE-2021-32810 GHSA-pqqp-xmhj-wgcw
VCID-pvf2-grsk-aaak	Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.	CVE-2021-38500
VCID-ta46-hat4-aaah	During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.	CVE-2021-38496
VCID-wqd8-gd9j-aaar	During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.	CVE-2021-38498

Vulnerability

Summary

Aliases

VCID-11kx-sata-aaam

Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.

CVE-2021-38501

VCID-7ufv-sfcu-aaae

Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was configured, the MITM could obtain the authentication credentials, too. This vulnerability affects Thunderbird < 91.2.

CVE-2021-38502

VCID-esyb-cntz-aaan

Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.

CVE-2021-38497

VCID-frqc-3ef7-aaaf

crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this can cause double free and a memory leak. If not, this still can cause a logical bug. Crates using `Stealer::steal`, `Stealer::steal_batch`, or `Stealer::steal_batch_and_pop` are affected by this issue. This has been fixed in crossbeam-deque 0.8.1 and 0.7.4.

CVE-2021-32810
GHSA-pqqp-xmhj-wgcw

VCID-pvf2-grsk-aaak

Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.

CVE-2021-38500

VCID-ta46-hat4-aaah

During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.

CVE-2021-38496

VCID-wqd8-gd9j-aaar

During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.

CVE-2021-38498

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T07:45:25.101274+00:00	Arch Linux Importer	Fixing	VCID-frqc-3ef7-aaaf	https://security.archlinux.org/AVG-2459	36.0.0
2025-03-28T07:45:25.082776+00:00	Arch Linux Importer	Fixing	VCID-ta46-hat4-aaah	https://security.archlinux.org/AVG-2459	36.0.0
2025-03-28T07:45:25.064168+00:00	Arch Linux Importer	Fixing	VCID-esyb-cntz-aaan	https://security.archlinux.org/AVG-2459	36.0.0
2025-03-28T07:45:25.045553+00:00	Arch Linux Importer	Fixing	VCID-wqd8-gd9j-aaar	https://security.archlinux.org/AVG-2459	36.0.0
2025-03-28T07:45:25.026407+00:00	Arch Linux Importer	Fixing	VCID-pvf2-grsk-aaak	https://security.archlinux.org/AVG-2459	36.0.0
2025-03-28T07:45:25.007419+00:00	Arch Linux Importer	Fixing	VCID-11kx-sata-aaam	https://security.archlinux.org/AVG-2459	36.0.0
2025-03-28T07:45:24.988277+00:00	Arch Linux Importer	Fixing	VCID-7ufv-sfcu-aaae	https://security.archlinux.org/AVG-2459	36.0.0
2024-09-18T02:00:20.991625+00:00	Arch Linux Importer	Fixing	VCID-frqc-3ef7-aaaf	https://security.archlinux.org/AVG-2459	34.0.1
2024-09-18T02:00:20.969309+00:00	Arch Linux Importer	Fixing	VCID-ta46-hat4-aaah	https://security.archlinux.org/AVG-2459	34.0.1
2024-09-18T02:00:20.948548+00:00	Arch Linux Importer	Fixing	VCID-esyb-cntz-aaan	https://security.archlinux.org/AVG-2459	34.0.1
2024-09-18T02:00:20.927418+00:00	Arch Linux Importer	Fixing	VCID-wqd8-gd9j-aaar	https://security.archlinux.org/AVG-2459	34.0.1
2024-09-18T02:00:20.906578+00:00	Arch Linux Importer	Fixing	VCID-pvf2-grsk-aaak	https://security.archlinux.org/AVG-2459	34.0.1
2024-09-18T02:00:20.879614+00:00	Arch Linux Importer	Fixing	VCID-11kx-sata-aaam	https://security.archlinux.org/AVG-2459	34.0.1
2024-09-18T02:00:20.850436+00:00	Arch Linux Importer	Fixing	VCID-7ufv-sfcu-aaae	https://security.archlinux.org/AVG-2459	34.0.1
2024-01-03T22:26:36.607781+00:00	Arch Linux Importer	Fixing	VCID-frqc-3ef7-aaaf	https://security.archlinux.org/AVG-2459	34.0.0rc1
2024-01-03T22:26:36.588724+00:00	Arch Linux Importer	Fixing	VCID-ta46-hat4-aaah	https://security.archlinux.org/AVG-2459	34.0.0rc1
2024-01-03T22:26:36.569678+00:00	Arch Linux Importer	Fixing	VCID-esyb-cntz-aaan	https://security.archlinux.org/AVG-2459	34.0.0rc1
2024-01-03T22:26:36.550884+00:00	Arch Linux Importer	Fixing	VCID-wqd8-gd9j-aaar	https://security.archlinux.org/AVG-2459	34.0.0rc1
2024-01-03T22:26:36.531805+00:00	Arch Linux Importer	Fixing	VCID-pvf2-grsk-aaak	https://security.archlinux.org/AVG-2459	34.0.0rc1
2024-01-03T22:26:36.512836+00:00	Arch Linux Importer	Fixing	VCID-11kx-sata-aaam	https://security.archlinux.org/AVG-2459	34.0.0rc1
2024-01-03T22:26:36.493733+00:00	Arch Linux Importer	Fixing	VCID-7ufv-sfcu-aaae	https://security.archlinux.org/AVG-2459	34.0.0rc1

2025-03-28T07:45:25.101274+00:00

Arch Linux Importer

Fixing