VulnerableCode Package Details - pkg:alpm/archlinux/thunderbird@68.3.0-1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-7c9z-ngku-e3fc	The plain text serializer used a fixed-size array for the number of elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash.	CVE-2019-17005
VCID-ake6-cm2x-8ubs	When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash.	CVE-2019-11745
VCID-cjms-c8g8-fbe9	Mozilla developers Christoph Diehl, Nathan Froyd, Jason Kratzer, Christian Holler, Karl Tomlinson, Tyson Smith reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.	CVE-2019-17012
VCID-pg3m-r65a-2ya6	When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash.	CVE-2019-17008
VCID-q8sq-w28t-vkcj	Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash.	CVE-2019-17011
VCID-z1kd-h5ma-gyed	Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash.	CVE-2019-17010

Vulnerability

Summary

Aliases

VCID-7c9z-ngku-e3fc

The plain text serializer used a fixed-size array for the number of elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash.

CVE-2019-17005

VCID-ake6-cm2x-8ubs

When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash.

CVE-2019-11745

VCID-cjms-c8g8-fbe9

Mozilla developers Christoph Diehl, Nathan Froyd, Jason Kratzer, Christian Holler, Karl Tomlinson, Tyson Smith reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

CVE-2019-17012

VCID-pg3m-r65a-2ya6

When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash.

CVE-2019-17008

VCID-q8sq-w28t-vkcj

Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash.

CVE-2019-17011

VCID-z1kd-h5ma-gyed

Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash.

CVE-2019-17010

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-31T11:35:11.734344+00:00	Arch Linux Importer	Fixing	VCID-ake6-cm2x-8ubs	https://security.archlinux.org/AVG-1072	37.0.0
2025-07-31T11:35:11.703389+00:00	Arch Linux Importer	Fixing	VCID-7c9z-ngku-e3fc	https://security.archlinux.org/AVG-1072	37.0.0
2025-07-31T11:35:11.676192+00:00	Arch Linux Importer	Fixing	VCID-pg3m-r65a-2ya6	https://security.archlinux.org/AVG-1072	37.0.0
2025-07-31T11:35:11.648637+00:00	Arch Linux Importer	Fixing	VCID-z1kd-h5ma-gyed	https://security.archlinux.org/AVG-1072	37.0.0
2025-07-31T11:35:11.620050+00:00	Arch Linux Importer	Fixing	VCID-q8sq-w28t-vkcj	https://security.archlinux.org/AVG-1072	37.0.0
2025-07-31T11:35:11.591573+00:00	Arch Linux Importer	Fixing	VCID-cjms-c8g8-fbe9	https://security.archlinux.org/AVG-1072	37.0.0