Nixpkgs security tracker
9.1 CRITICAL
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): None (N)
- User Interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality (C): High (H)
- Integrity (I): High (H)
- Availability (A): None (N)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): High (H)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): High (H)
- Modified Availability (MA): None (N)
Activity log
- Created suggestion
Mitigation bypass in the DOM: Security component
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
References
Affected products
- =<140.*
- =<*
- =<140.*
- =<*
Matching in nixpkgs
pkgs.faust2firefox
None
pkgs.firefox_decrypt
Tool to extract passwords from profiles of Mozilla Firefox and derivates
pkgs.thunderbird-cli
Low-level CLI to manage Mozilla Thunderbird email from the shell
pkgs.thunderbird-mcp
MCP server for Thunderbird - enables AI assistants to access email, contacts, and calendars
pkgs.pkgsRocm.firefox
Web browser built from Firefox source tree
pkgs.firefox-unwrapped
None
pkgs.firefox-gnome-theme
GNOME theme for Firefox
pkgs.firefox-sync-client
Commandline-utility to list/view/edit/delete entries in a firefox-sync account
pkgs.pkgsRocm.firefoxpwa
Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)
pkgs.thunderbird-cli-mcp
MCP server that gives full access to your email through Mozilla Thunderbird
pkgs.firefoxpwa-unwrapped
None
pkgs.pkgsRocm.thunderbird
Full-featured e-mail client
pkgs.firefox-esr-unwrapped
None
-
nixos-unstable 140.11.0esr
- nixos-unstable-small 140.11.0esr
-
nixos-26.05 -
- nixos-26.05-small 140.11.0esr
- nixpkgs-26.05-darwin 140.11.0esr
pkgs.pkgsRocm.firefox-beta
Web browser built from Firefox Beta Release source tree
pkgs.thunderbird-unwrapped
Full-featured e-mail client
pkgs.firefox-beta-unwrapped
Web browser built from Firefox Beta Release source tree
pkgs.thunderbird-cli-bridge
HTTP/WebSocket bridge daemon between thunderbird-cli (or any HTTP client) and the Thunderbird-cli WebExtension. Stateless proxy, localhost-only.
pkgs.pkgsRocm.firefox-mobile
Web browser built from Firefox source tree
pkgs.firefox-esr-140-unwrapped
None
-
nixos-unstable 140.11.0esr
- nixos-unstable-small 140.11.0esr
-
nixos-26.05 -
- nixos-26.05-small 140.11.0esr
- nixpkgs-26.05-darwin 140.11.0esr
pkgs.thunderbird-140-unwrapped
Full-featured e-mail client
-
nixos-unstable 140.7.2esr
- nixpkgs-unstable 140.11.1esr
- nixos-unstable-small 140.11.1esr
-
nixos-26.05 -
- nixos-26.05-small 140.11.1esr
- nixpkgs-26.05-darwin 140.11.1esr
pkgs.thunderbird-esr-unwrapped
Full-featured e-mail client
-
nixos-unstable 140.7.2esr
- nixpkgs-unstable 140.11.1esr
- nixos-unstable-small 140.11.1esr
-
nixos-26.05 -
- nixos-26.05-small 140.11.1esr
- nixpkgs-26.05-darwin 140.11.1esr
pkgs.pkgsRocm.firefox-unwrapped
Web browser built from Firefox source tree
pkgs.pkgsRocm.firefox-devedition
Web browser built from Firefox Developer Edition source tree
pkgs.pkgsRocm.thunderbird-latest
Full-featured e-mail client
pkgs.firefox-devedition-unwrapped
Web browser built from Firefox Developer Edition source tree
pkgs.thunderbird-latest-unwrapped
Full-featured e-mail client
pkgs.pkgsRocm.thunderbird-unwrapped
Full-featured e-mail client
pkgs.pkgsRocm.firefox-beta-unwrapped
Web browser built from Firefox Beta Release source tree
pkgs.thunderbirdPackages.thunderbird
Full-featured e-mail client
pkgs.gnomeExtensions.firefox-profiles
Easily launch Firefox with your favorite profile right from the indicator menu!
pkgs.roundcubePlugins.thunderbird_labels
None
pkgs.thunderbirdPackages.thunderbird-140
Full-featured e-mail client
-
nixos-unstable 140.7.2esr
- nixpkgs-unstable 140.11.1esr
- nixos-unstable-small 140.11.1esr
-
nixos-26.05 -
- nixos-26.05-small 140.11.1esr
- nixpkgs-26.05-darwin 140.11.1esr
pkgs.thunderbirdPackages.thunderbird-esr
Full-featured e-mail client
-
nixos-unstable 140.7.2esr
- nixpkgs-unstable 140.11.1esr
- nixos-unstable-small 140.11.1esr
-
nixos-26.05 -
- nixos-26.05-small 140.11.1esr
- nixpkgs-26.05-darwin 140.11.1esr
pkgs.pkgsRocm.firefox-devedition-unwrapped
Web browser built from Firefox Developer Edition source tree
pkgs.pkgsRocm.thunderbird-latest-unwrapped
Full-featured e-mail client
pkgs.thunderbirdPackages.thunderbird-latest
Full-featured e-mail client
pkgs.pkgsRocm.thunderbirdPackages.thunderbird
Full-featured e-mail client
pkgs.gnomeExtensions.firefox-pip-always-on-top
Automatically sets Picture-in-Picture windows to always be on top and visible on all workspaces
pkgs.gnomeExtensions.pip-alwaysontop-for-firefox
Enable Picture-in-Picture(PIP) mode to always be on for Firefox in Gnome.
pkgs.pkgsRocm.thunderbirdPackages.thunderbird-latest
Full-featured e-mail client
Package maintainers
-
@jopejoe1 jopejoe1 <nixpkgs@missing.ninja>
-
@rhendric Ryan Hendrickson
-
@nekowinston winston <hey@winston.sh>
-
@ambroisie Bruno BELANYI <bruno.nixpkgs@belanyi.fr>
-
@unode Renato Alves <alves.rjc@gmail.com>
-
@schnusch schnusch
-
@honnip Jung seungwoo <me@honnip.page>
-
@booxter Ihar Hrachyshka <ihar.hrachyshka@gmail.com>
-
@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>
-
@pasqui23 pasqui23 <p3dimaria@hotmail.it>
-
@camillemndn Camille M. <camillemondon@free.fr>
-
@vcunat Vladimír Čunát <v@cunat.cz>
-
@lovesegfault Bernardo Meurer <meurerbernardo@gmail.com>
-
@nbp Nicolas B. Pierron <nixos@nbp.name>
-
@drupol Pol Dellaiera <pol.dellaiera@protonmail.com>
-
@felschr Felix Schröter <dev@felschr.com>