VulnerableCode Package Details - pkg:alpm/archlinux/thunderbird@91.9.0-1

Search for packages

Package details: pkg:alpm/archlinux/thunderbird@91.9.0-1

Essentials
History (6)

purl	pkg:alpm/archlinux/thunderbird@91.9.0-1

Next non-vulnerable version	91.10-1
Latest non-vulnerable version	91.10-1
Risk	4.5

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-m9hk-hpu3-aaap Aliases: CVE-2022-1802	If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1.	91.9.1-1 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-rs5y-stw3-aaab Aliases: CVE-2022-1529	An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1.	91.9.1-1 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T07:44:03.153976+00:00	Arch Linux Importer	Affected by	VCID-rs5y-stw3-aaab	https://security.archlinux.org/AVG-2729	36.0.0
2025-03-28T07:44:03.126545+00:00	Arch Linux Importer	Affected by	VCID-m9hk-hpu3-aaap	https://security.archlinux.org/AVG-2729	36.0.0
2024-09-18T01:59:11.199390+00:00	Arch Linux Importer	Affected by	VCID-rs5y-stw3-aaab	https://security.archlinux.org/AVG-2729	34.0.1
2024-09-18T01:59:11.174967+00:00	Arch Linux Importer	Affected by	VCID-m9hk-hpu3-aaap	https://security.archlinux.org/AVG-2729	34.0.1
2024-01-03T22:25:28.844401+00:00	Arch Linux Importer	Affected by	VCID-rs5y-stw3-aaab	https://security.archlinux.org/AVG-2729	34.0.0rc1
2024-01-03T22:25:28.821812+00:00	Arch Linux Importer	Affected by	VCID-m9hk-hpu3-aaap	https://security.archlinux.org/AVG-2729	34.0.0rc1