VulnerableCode Package Details - pkg:deb/debian/thunderbird@1:128.10.0esr-1~deb12u1

Search for packages

Package details: pkg:deb/debian/thunderbird@1:128.10.0esr-1~deb12u1

Essentials
History (14)

purl	pkg:deb/debian/thunderbird@1:128.10.0esr-1~deb12u1

Next non-vulnerable version	1:128.11.0esr-1~deb12u1
Latest non-vulnerable version	1:138.0-1
Risk	4.5

Vulnerabilities affecting this package (6)

Vulnerability	Summary	Fixed by
VCID-3h5z-s28y-auhk Aliases: CVE-2025-5263	Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks.	1:128.11.0esr-1~deb12u1 Affected by 0 other vulnerabilities.
VCID-bkak-uvkp-kqdf Aliases: CVE-2025-5268	Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.	1:128.10.1esr-1~deb12u1 Affected by 0 other vulnerabilities. 1:128.11.0esr-1~deb12u1 Affected by 0 other vulnerabilities.
VCID-bxes-dw64-juaw Aliases: CVE-2025-5269	Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code.	1:128.10.1esr-1~deb12u1 Affected by 0 other vulnerabilities. 1:128.11.0esr-1~deb12u1 Affected by 0 other vulnerabilities.
VCID-kx62-2e3g-f7gd Aliases: CVE-2025-5264	Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system.	1:128.10.1esr-1~deb12u1 Affected by 0 other vulnerabilities. 1:128.11.0esr-1~deb12u1 Affected by 0 other vulnerabilities.
VCID-w9bn-uw8f-tkhu Aliases: CVE-2025-4918	An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object.	1:128.10.1esr-1~deb12u1 Affected by 0 other vulnerabilities. 1:128.11.0esr-1~deb12u1 Affected by 0 other vulnerabilities.
VCID-wf3e-41zq-a3h1 Aliases: CVE-2025-5283	Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)	1:128.11.0esr-1~deb12u1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (4)

Vulnerability	Summary	Aliases
VCID-12vf-f2r4-bqge	Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 128.10 and Thunderbird ESR < 128.10.	CVE-2025-4093
VCID-8h5s-cdt9-guh9	Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Thunderbird < 138, and Thunderbird ESR < 128.10.	CVE-2025-4091
VCID-92ju-8t11-sqf7	A vulnerability was identified in Firefox where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Thunderbird < 138, and Thunderbird ESR < 128.10.	CVE-2025-4087
VCID-qdcz-15x5-6qfp	A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape.	CVE-2025-4083

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-22T18:16:02.071899+00:00	Debian Importer	Affected by	VCID-kx62-2e3g-f7gd	https://security-tracker.debian.org/tracker/data/json	36.1.3
2025-06-22T07:43:00.988734+00:00	Debian Importer	Affected by	VCID-bxes-dw64-juaw	https://security-tracker.debian.org/tracker/data/json	36.1.3
2025-06-21T02:11:35.173560+00:00	Debian Importer	Affected by	VCID-bkak-uvkp-kqdf	https://security-tracker.debian.org/tracker/data/json	36.1.3
2025-06-21T00:25:53.912004+00:00	Debian Importer	Affected by	VCID-w9bn-uw8f-tkhu	https://security-tracker.debian.org/tracker/data/json	36.1.3
2025-06-02T09:09:20.727969+00:00	Debian Importer	Affected by	VCID-3h5z-s28y-auhk	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-06-02T08:57:46.221765+00:00	Debian Importer	Affected by	VCID-wf3e-41zq-a3h1	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-06-01T23:36:38.483531+00:00	Debian Importer	Affected by	VCID-kx62-2e3g-f7gd	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-06-01T15:39:30.810364+00:00	Debian Importer	Affected by	VCID-bxes-dw64-juaw	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-05-31T16:56:30.707007+00:00	Debian Importer	Affected by	VCID-bkak-uvkp-kqdf	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-05-31T15:21:28.325673+00:00	Debian Importer	Affected by	VCID-w9bn-uw8f-tkhu	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-05-05T03:21:18.017514+00:00	Debian Importer	Fixing	VCID-12vf-f2r4-bqge	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-05-05T00:56:52.243848+00:00	Debian Importer	Fixing	VCID-8h5s-cdt9-guh9	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-05-04T17:25:48.952865+00:00	Debian Importer	Fixing	VCID-92ju-8t11-sqf7	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-05-04T05:07:55.246252+00:00	Debian Importer	Fixing	VCID-qdcz-15x5-6qfp	https://security-tracker.debian.org/tracker/data/json	36.0.0