VulnerableCode Package Details - pkg:deb/debian/thunderbird@1:128.11.0esr-1~deb12u1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-3h5z-s28y-auhk	Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks.	CVE-2025-5263
VCID-bkak-uvkp-kqdf	Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.	CVE-2025-5268
VCID-bxes-dw64-juaw	Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code.	CVE-2025-5269
VCID-kx62-2e3g-f7gd	Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system.	CVE-2025-5264
VCID-w9bn-uw8f-tkhu	An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object.	CVE-2025-4918
VCID-wf3e-41zq-a3h1	Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)	CVE-2025-5283

Vulnerability

Summary

Aliases

VCID-3h5z-s28y-auhk

Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks.

CVE-2025-5263

VCID-bkak-uvkp-kqdf

Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

CVE-2025-5268

VCID-bxes-dw64-juaw

Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code.

CVE-2025-5269

VCID-kx62-2e3g-f7gd

Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system.

CVE-2025-5264

VCID-w9bn-uw8f-tkhu

An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object.

CVE-2025-4918

VCID-wf3e-41zq-a3h1

Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

CVE-2025-5283

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-22T18:16:02.075124+00:00	Debian Importer	Fixing	VCID-kx62-2e3g-f7gd	https://security-tracker.debian.org/tracker/data/json	36.1.3
2025-06-22T07:43:00.991203+00:00	Debian Importer	Fixing	VCID-bxes-dw64-juaw	https://security-tracker.debian.org/tracker/data/json	36.1.3
2025-06-21T02:11:35.175606+00:00	Debian Importer	Fixing	VCID-bkak-uvkp-kqdf	https://security-tracker.debian.org/tracker/data/json	36.1.3
2025-06-21T00:25:53.915050+00:00	Debian Importer	Fixing	VCID-w9bn-uw8f-tkhu	https://security-tracker.debian.org/tracker/data/json	36.1.3
2025-06-02T09:09:20.730393+00:00	Debian Importer	Fixing	VCID-3h5z-s28y-auhk	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-06-02T08:57:46.223888+00:00	Debian Importer	Fixing	VCID-wf3e-41zq-a3h1	https://security-tracker.debian.org/tracker/data/json	36.0.0