VulnerableCode Package Details - pkg:alpm/archlinux/thunderbird@52.9.1-1

Search for packages

Package details: pkg:alpm/archlinux/thunderbird@52.9.1-1

Essentials
History (64)

purl	pkg:alpm/archlinux/thunderbird@52.9.1-1

Next non-vulnerable version	60.0-1
Latest non-vulnerable version	91.10-1
Risk	4.5

Vulnerabilities affecting this package (5)

Vulnerability	Summary	Fixed by
VCID-1gu8-tmv3-aaak Aliases: CVE-2018-12361	An integer overflow can occur in the SwizzleData code while calculating buffer sizes. The overflowed value is used for subsequent graphics computations when their inputs are not sanitized which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61.	60.0-1 Affected by 0 other vulnerabilities.
VCID-3s95-jxx3-aaaj Aliases: CVE-2018-5187	Memory safety bugs present in Firefox 60 and Firefox ESR 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61.	60.0-1 Affected by 0 other vulnerabilities.
VCID-5jup-v8gh-aaap Aliases: CVE-2018-5156	A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.	60.0-1 Affected by 0 other vulnerabilities.
VCID-9frm-yu4p-aaah Aliases: CVE-2018-12367	In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. In that work PerformanceNavigationTiming was not adjusted but it was found that it could be used as a precision timer. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61.	60.0-1 Affected by 0 other vulnerabilities.
VCID-p3cw-6kpn-aaab Aliases: CVE-2018-12371	An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 16 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.1, Thunderbird < 60, and Firefox < 61.	60.0-1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (11)

Vulnerability	Summary	Aliases
VCID-7xdq-fp87-aaaj	Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field. This vulnerability affects Thunderbird < 52.9.	CVE-2018-12374
VCID-bh6q-kgtf-aaas	A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.	CVE-2018-12363
VCID-ez2m-adz4-aaaa	A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.	CVE-2018-12365
VCID-grr1-jyaq-aaap	A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.	CVE-2018-12359
VCID-m8d8-atpd-aaad	dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward. This vulnerability affects Thunderbird < 52.9.	CVE-2018-12373
VCID-rk7f-zak9-aaaq	Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.	CVE-2018-5188
VCID-sz1k-zg5z-aaar	Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird < 52.9.	CVE-2018-12372
VCID-twfq-b8em-aaad	NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.	CVE-2018-12364
VCID-u1y6-p645-aaaj	An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.	CVE-2018-12362
VCID-x42q-qfup-aaaf	An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.	CVE-2018-12366
VCID-y3fh-t8ds-aaar	A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.	CVE-2018-12360

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T07:44:33.195152+00:00	Arch Linux Importer	Fixing	VCID-grr1-jyaq-aaap	https://security.archlinux.org/AVG-728	36.0.0
2025-03-28T07:44:33.161477+00:00	Arch Linux Importer	Fixing	VCID-y3fh-t8ds-aaar	https://security.archlinux.org/AVG-728	36.0.0
2025-03-28T07:44:33.128241+00:00	Arch Linux Importer	Fixing	VCID-u1y6-p645-aaaj	https://security.archlinux.org/AVG-728	36.0.0
2025-03-28T07:44:33.094518+00:00	Arch Linux Importer	Fixing	VCID-bh6q-kgtf-aaas	https://security.archlinux.org/AVG-728	36.0.0
2025-03-28T07:44:33.060848+00:00	Arch Linux Importer	Fixing	VCID-twfq-b8em-aaad	https://security.archlinux.org/AVG-728	36.0.0
2025-03-28T07:44:33.027514+00:00	Arch Linux Importer	Fixing	VCID-ez2m-adz4-aaaa	https://security.archlinux.org/AVG-728	36.0.0
2025-03-28T07:44:32.994014+00:00	Arch Linux Importer	Fixing	VCID-x42q-qfup-aaaf	https://security.archlinux.org/AVG-728	36.0.0
2025-03-28T07:44:32.960689+00:00	Arch Linux Importer	Fixing	VCID-sz1k-zg5z-aaar	https://security.archlinux.org/AVG-728	36.0.0
2025-03-28T07:44:32.940184+00:00	Arch Linux Importer	Fixing	VCID-m8d8-atpd-aaad	https://security.archlinux.org/AVG-728	36.0.0
2025-03-28T07:44:32.919617+00:00	Arch Linux Importer	Fixing	VCID-7xdq-fp87-aaaj	https://security.archlinux.org/AVG-728	36.0.0
2025-03-28T07:44:32.899230+00:00	Arch Linux Importer	Fixing	VCID-rk7f-zak9-aaaq	https://security.archlinux.org/AVG-728	36.0.0
2025-03-28T07:44:32.852183+00:00	Arch Linux Importer	Affected by	VCID-1gu8-tmv3-aaak	https://security.archlinux.org/AVG-751	36.0.0
2025-03-28T07:44:32.816570+00:00	Arch Linux Importer	Affected by	VCID-9frm-yu4p-aaah	https://security.archlinux.org/AVG-751	36.0.0
2025-03-28T07:44:32.795824+00:00	Arch Linux Importer	Affected by	VCID-p3cw-6kpn-aaab	https://security.archlinux.org/AVG-751	36.0.0
2025-03-28T07:44:32.775345+00:00	Arch Linux Importer	Affected by	VCID-5jup-v8gh-aaap	https://security.archlinux.org/AVG-751	36.0.0
2025-03-28T07:44:32.754614+00:00	Arch Linux Importer	Affected by	VCID-3s95-jxx3-aaaj	https://security.archlinux.org/AVG-751	36.0.0
2024-09-18T01:59:37.606278+00:00	Arch Linux Importer	Fixing	VCID-grr1-jyaq-aaap	https://security.archlinux.org/AVG-728	34.0.1
2024-09-18T01:59:37.582796+00:00	Arch Linux Importer	Fixing	VCID-y3fh-t8ds-aaar	https://security.archlinux.org/AVG-728	34.0.1
2024-09-18T01:59:37.559366+00:00	Arch Linux Importer	Fixing	VCID-u1y6-p645-aaaj	https://security.archlinux.org/AVG-728	34.0.1
2024-09-18T01:59:37.537141+00:00	Arch Linux Importer	Fixing	VCID-bh6q-kgtf-aaas	https://security.archlinux.org/AVG-728	34.0.1
2024-09-18T01:59:37.511125+00:00	Arch Linux Importer	Fixing	VCID-twfq-b8em-aaad	https://security.archlinux.org/AVG-728	34.0.1
2024-09-18T01:59:37.486002+00:00	Arch Linux Importer	Fixing	VCID-ez2m-adz4-aaaa	https://security.archlinux.org/AVG-728	34.0.1
2024-09-18T01:59:37.461453+00:00	Arch Linux Importer	Fixing	VCID-x42q-qfup-aaaf	https://security.archlinux.org/AVG-728	34.0.1
2024-09-18T01:59:37.436535+00:00	Arch Linux Importer	Fixing	VCID-sz1k-zg5z-aaar	https://security.archlinux.org/AVG-728	34.0.1
2024-09-18T01:59:37.411594+00:00	Arch Linux Importer	Fixing	VCID-m8d8-atpd-aaad	https://security.archlinux.org/AVG-728	34.0.1
2024-09-18T01:59:37.386123+00:00	Arch Linux Importer	Fixing	VCID-7xdq-fp87-aaaj	https://security.archlinux.org/AVG-728	34.0.1
2024-09-18T01:59:37.358391+00:00	Arch Linux Importer	Fixing	VCID-rk7f-zak9-aaaq	https://security.archlinux.org/AVG-728	34.0.1
2024-09-18T01:59:37.295762+00:00	Arch Linux Importer	Affected by	VCID-1gu8-tmv3-aaak	https://security.archlinux.org/AVG-751	34.0.1
2024-09-18T01:59:37.268722+00:00	Arch Linux Importer	Affected by	VCID-9frm-yu4p-aaah	https://security.archlinux.org/AVG-751	34.0.1
2024-09-18T01:59:37.242098+00:00	Arch Linux Importer	Affected by	VCID-p3cw-6kpn-aaab	https://security.archlinux.org/AVG-751	34.0.1
2024-09-18T01:59:37.212469+00:00	Arch Linux Importer	Affected by	VCID-5jup-v8gh-aaap	https://security.archlinux.org/AVG-751	34.0.1
2024-09-18T01:59:37.182620+00:00	Arch Linux Importer	Affected by	VCID-3s95-jxx3-aaaj	https://security.archlinux.org/AVG-751	34.0.1
2024-01-09T19:34:37.142159+00:00	Arch Linux Importer	Fixing	VCID-grr1-jyaq-aaap	https://security.archlinux.org/AVG-728	34.0.0rc2
2024-01-09T19:34:37.120189+00:00	Arch Linux Importer	Fixing	VCID-y3fh-t8ds-aaar	https://security.archlinux.org/AVG-728	34.0.0rc2
2024-01-09T19:34:37.097966+00:00	Arch Linux Importer	Fixing	VCID-u1y6-p645-aaaj	https://security.archlinux.org/AVG-728	34.0.0rc2
2024-01-09T19:34:37.075961+00:00	Arch Linux Importer	Fixing	VCID-bh6q-kgtf-aaas	https://security.archlinux.org/AVG-728	34.0.0rc2
2024-01-09T19:34:37.053951+00:00	Arch Linux Importer	Fixing	VCID-twfq-b8em-aaad	https://security.archlinux.org/AVG-728	34.0.0rc2
2024-01-09T19:34:37.031587+00:00	Arch Linux Importer	Fixing	VCID-ez2m-adz4-aaaa	https://security.archlinux.org/AVG-728	34.0.0rc2
2024-01-09T19:34:37.009589+00:00	Arch Linux Importer	Fixing	VCID-x42q-qfup-aaaf	https://security.archlinux.org/AVG-728	34.0.0rc2
2024-01-09T19:34:36.987482+00:00	Arch Linux Importer	Fixing	VCID-sz1k-zg5z-aaar	https://security.archlinux.org/AVG-728	34.0.0rc2
2024-01-09T19:34:36.966187+00:00	Arch Linux Importer	Fixing	VCID-m8d8-atpd-aaad	https://security.archlinux.org/AVG-728	34.0.0rc2
2024-01-09T19:34:36.944757+00:00	Arch Linux Importer	Fixing	VCID-7xdq-fp87-aaaj	https://security.archlinux.org/AVG-728	34.0.0rc2
2024-01-09T19:34:36.922350+00:00	Arch Linux Importer	Fixing	VCID-rk7f-zak9-aaaq	https://security.archlinux.org/AVG-728	34.0.0rc2
2024-01-09T19:34:36.895600+00:00	Arch Linux Importer	Affected by	VCID-1gu8-tmv3-aaak	https://security.archlinux.org/AVG-751	34.0.0rc2
2024-01-09T19:34:36.873690+00:00	Arch Linux Importer	Affected by	VCID-9frm-yu4p-aaah	https://security.archlinux.org/AVG-751	34.0.0rc2
2024-01-09T19:34:36.851653+00:00	Arch Linux Importer	Affected by	VCID-p3cw-6kpn-aaab	https://security.archlinux.org/AVG-751	34.0.0rc2
2024-01-09T19:34:36.829739+00:00	Arch Linux Importer	Affected by	VCID-5jup-v8gh-aaap	https://security.archlinux.org/AVG-751	34.0.0rc2
2024-01-09T19:34:36.806956+00:00	Arch Linux Importer	Affected by	VCID-3s95-jxx3-aaaj	https://security.archlinux.org/AVG-751	34.0.0rc2
2024-01-03T22:25:53.542205+00:00	Arch Linux Importer	Fixing	VCID-grr1-jyaq-aaap	https://security.archlinux.org/AVG-728	34.0.0rc1
2024-01-03T22:25:53.520721+00:00	Arch Linux Importer	Fixing	VCID-y3fh-t8ds-aaar	https://security.archlinux.org/AVG-728	34.0.0rc1
2024-01-03T22:25:53.498105+00:00	Arch Linux Importer	Fixing	VCID-u1y6-p645-aaaj	https://security.archlinux.org/AVG-728	34.0.0rc1
2024-01-03T22:25:53.475495+00:00	Arch Linux Importer	Fixing	VCID-bh6q-kgtf-aaas	https://security.archlinux.org/AVG-728	34.0.0rc1
2024-01-03T22:25:53.452950+00:00	Arch Linux Importer	Fixing	VCID-twfq-b8em-aaad	https://security.archlinux.org/AVG-728	34.0.0rc1
2024-01-03T22:25:53.430544+00:00	Arch Linux Importer	Fixing	VCID-ez2m-adz4-aaaa	https://security.archlinux.org/AVG-728	34.0.0rc1
2024-01-03T22:25:53.408071+00:00	Arch Linux Importer	Fixing	VCID-x42q-qfup-aaaf	https://security.archlinux.org/AVG-728	34.0.0rc1
2024-01-03T22:25:53.385481+00:00	Arch Linux Importer	Fixing	VCID-sz1k-zg5z-aaar	https://security.archlinux.org/AVG-728	34.0.0rc1
2024-01-03T22:25:53.363027+00:00	Arch Linux Importer	Fixing	VCID-m8d8-atpd-aaad	https://security.archlinux.org/AVG-728	34.0.0rc1
2024-01-03T22:25:53.340516+00:00	Arch Linux Importer	Fixing	VCID-7xdq-fp87-aaaj	https://security.archlinux.org/AVG-728	34.0.0rc1
2024-01-03T22:25:53.316658+00:00	Arch Linux Importer	Fixing	VCID-rk7f-zak9-aaaq	https://security.archlinux.org/AVG-728	34.0.0rc1
2024-01-03T22:25:53.264121+00:00	Arch Linux Importer	Affected by	VCID-1gu8-tmv3-aaak	https://security.archlinux.org/AVG-751	34.0.0rc1
2024-01-03T22:25:53.240371+00:00	Arch Linux Importer	Affected by	VCID-9frm-yu4p-aaah	https://security.archlinux.org/AVG-751	34.0.0rc1
2024-01-03T22:25:53.216491+00:00	Arch Linux Importer	Affected by	VCID-p3cw-6kpn-aaab	https://security.archlinux.org/AVG-751	34.0.0rc1
2024-01-03T22:25:53.189940+00:00	Arch Linux Importer	Affected by	VCID-5jup-v8gh-aaap	https://security.archlinux.org/AVG-751	34.0.0rc1
2024-01-03T22:25:53.163106+00:00	Arch Linux Importer	Affected by	VCID-3s95-jxx3-aaaj	https://security.archlinux.org/AVG-751	34.0.0rc1