VulnerableCode Package Details - pkg:deb/ubuntu/thunderbird@1:78.12.0%2Bbuild2-0ubuntu1

Vulnerabilities affecting this package (11)

Vulnerability	Summary	Fixed by
VCID-1gkb-wc83-aaad Aliases: CVE-2021-30547	Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.	1:78.13.0+build1-0ubuntu0.20.04.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-4d5s-zzcw-aaaj Aliases: CVE-2021-29984	Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.	1:78.13.0+build1-0ubuntu0.20.04.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-7pxp-zs62-aaae Aliases: CVE-2021-29988	Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.	1:78.13.0+build1-0ubuntu0.20.04.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-d11z-q6pp-aaah Aliases: CVE-2021-29985	A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.	1:78.13.0+build1-0ubuntu0.20.04.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-dapf-1sew-aaaq Aliases: CVE-2021-29976	Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90.	1:78.13.0+build1-0ubuntu0.20.04.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-hc8x-cusp-aaam Aliases: CVE-2021-29989	Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.13, Firefox ESR < 78.13, and Firefox < 91.	1:78.13.0+build1-0ubuntu0.20.04.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-p935-2hns-aaah Aliases: CVE-2021-29970	A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. This bug could only be triggered when accessibility was enabled.. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90.	1:78.13.0+build1-0ubuntu0.20.04.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-spqx-m1br-aaaq Aliases: CVE-2021-29969	If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for example the attacker could have tricked Thunderbird to show folders that didn't exist on the IMAP server. This vulnerability affects Thunderbird < 78.12.	1:78.13.0+build1-0ubuntu0.20.04.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-uwbt-ejee-aaan Aliases: CVE-2021-29986	A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. Note: This issue only affected Linux operating systems. Other operating systems are unaffected. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.	1:78.13.0+build1-0ubuntu0.20.04.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-vhe2-uxqw-aaas Aliases: CVE-2021-29980	Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.	1:78.13.0+build1-0ubuntu0.20.04.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-wv46-3gkh-aaam Aliases: CVE-2021-38493	Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14, and Firefox < 92.	1:78.14.0+build1-0ubuntu0.20.04.1 Affected by 0 other vulnerabilities.

Next non-vulnerable version	1:78.14.0+build1-0ubuntu0.20.04.1
Latest non-vulnerable version	1:78.14.0+build1-0ubuntu0.20.04.1
Risk	4.5