Search for packages
| purl | pkg:deb/debian/thunderbird@1:128.8.0esr-1 |
| Tags | Ghost |
| Next non-vulnerable version | 1:128.11.0esr-1~deb12u1 |
| Latest non-vulnerable version | 1:138.0-1 |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-7sc8-a717-63gf
Aliases: CVE-2025-3029 |
firefox: thunderbird: URL Bar Spoofing via non-BMP Unicode characters |
Affected by 0 other vulnerabilities. Affected by 7 other vulnerabilities. |
|
VCID-8121-3cdm-ayc8
Aliases: CVE-2025-3030 |
firefox: thunderbird: Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9 |
Affected by 0 other vulnerabilities. Affected by 7 other vulnerabilities. |
|
VCID-mxra-ay5t-g3bp
Aliases: CVE-2025-3028 |
firefox: thunderbird: Use-after-free triggered by XSLTProcessor |
Affected by 0 other vulnerabilities. Affected by 7 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-04-05T09:52:11.304249+00:00 | Debian Importer | Affected by | VCID-7sc8-a717-63gf | https://security-tracker.debian.org/tracker/data/json | 36.0.0 |
| 2025-04-05T05:03:24.712963+00:00 | Debian Importer | Affected by | VCID-8121-3cdm-ayc8 | https://security-tracker.debian.org/tracker/data/json | 36.0.0 |
| 2025-04-04T17:20:48.525316+00:00 | Debian Importer | Affected by | VCID-mxra-ay5t-g3bp | https://security-tracker.debian.org/tracker/data/json | 36.0.0 |