Search for packages
Package details: pkg:alpm/archlinux/thunderbird@68.2.2-2
purl pkg:alpm/archlinux/thunderbird@68.2.2-2
Next non-vulnerable version 68.3.0-1
Latest non-vulnerable version 91.10-1
Risk 4.5
Vulnerabilities affecting this package (6)
Vulnerability Summary Fixed by
VCID-7c9z-ngku-e3fc
Aliases:
CVE-2019-17005
The plain text serializer used a fixed-size array for the number of elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash.
68.3.0-1
Affected by 0 other vulnerabilities.
VCID-ake6-cm2x-8ubs
Aliases:
CVE-2019-11745
When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash.
68.3.0-1
Affected by 0 other vulnerabilities.
VCID-cjms-c8g8-fbe9
Aliases:
CVE-2019-17012
Mozilla developers Christoph Diehl, Nathan Froyd, Jason Kratzer, Christian Holler, Karl Tomlinson, Tyson Smith reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
68.3.0-1
Affected by 0 other vulnerabilities.
VCID-pg3m-r65a-2ya6
Aliases:
CVE-2019-17008
When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash.
68.3.0-1
Affected by 0 other vulnerabilities.
VCID-q8sq-w28t-vkcj
Aliases:
CVE-2019-17011
Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash.
68.3.0-1
Affected by 0 other vulnerabilities.
VCID-z1kd-h5ma-gyed
Aliases:
CVE-2019-17010
Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash.
68.3.0-1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-07-31T11:35:11.729339+00:00 Arch Linux Importer Affected by VCID-ake6-cm2x-8ubs https://security.archlinux.org/AVG-1072 37.0.0
2025-07-31T11:35:11.698385+00:00 Arch Linux Importer Affected by VCID-7c9z-ngku-e3fc https://security.archlinux.org/AVG-1072 37.0.0
2025-07-31T11:35:11.671507+00:00 Arch Linux Importer Affected by VCID-pg3m-r65a-2ya6 https://security.archlinux.org/AVG-1072 37.0.0
2025-07-31T11:35:11.643561+00:00 Arch Linux Importer Affected by VCID-z1kd-h5ma-gyed https://security.archlinux.org/AVG-1072 37.0.0
2025-07-31T11:35:11.615066+00:00 Arch Linux Importer Affected by VCID-q8sq-w28t-vkcj https://security.archlinux.org/AVG-1072 37.0.0
2025-07-31T11:35:11.584811+00:00 Arch Linux Importer Affected by VCID-cjms-c8g8-fbe9 https://security.archlinux.org/AVG-1072 37.0.0