Nixpkgs security tracker

Login with GitHub

Suggestions search

Untriaged
Filter by:
With package: thunderbird-mcp

Found 121 matching suggestions

View:
Compact
Detailed
Permalink CVE-2026-56211
7.1 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): Required (R)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): Low (L)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
created 13 hours ago Activity log
  • Created suggestion 13 hours ago
Libaom: libaom: remote code execution via svc layer context handling with attacker-controlled frames

A remote code execution vulnerability was found in libaom, the reference AV1 codec implementation. Insufficient bounds validation in the AV1 encoder's SVC (Scalable Video Coding) layer ID control allows an attacker to supply crafted video frame pixels that overlap with internal encoder layer context structures. In fork-based video processing services, an attacker can use this to hijack the cyclic refresh map pointer, brute-force the process base address via a crash oracle, and redirect control flow to achieve arbitrary command execution. Exploitation requires the target service to use libaom with SVC encoding enabled and accept attacker-supplied video frames.

Affected products

aom
firefox
thunderbird

Matching in nixpkgs

pkgs.mfaomp

Multiple Files At Once Media Player

pkgs.faust2firefox

The faust2firefox script, part of faust functional programming language for realtime audio signal processing

pkgs.firefox_decrypt

Tool to extract passwords from profiles of Mozilla Firefox and derivates

pkgs.thunderbird-cli

Low-level CLI to manage Mozilla Thunderbird email from the shell

pkgs.thunderbird-mcp

MCP server for Thunderbird - enables AI assistants to access email, contacts, and calendars

pkgs.firefox-sync-client

Commandline-utility to list/view/edit/delete entries in a firefox-sync account

pkgs.thunderbird-cli-bridge

HTTP/WebSocket bridge daemon between thunderbird-cli (or any HTTP client) and the Thunderbird-cli WebExtension. Stateless proxy, localhost-only.

pkgs.gnomeExtensions.firefox-profiles

Easily launch Firefox with your favorite profile right from the indicator menu!

  • nixos-unstable 7
    • nixpkgs-unstable 7
    • nixos-unstable-small 7
  • nixos-26.05 7
    • nixos-26.05-small 7
    • nixpkgs-26.05-darwin 7

pkgs.gnomeExtensions.firefox-pip-always-on-top

Automatically sets Picture-in-Picture windows to always be on top and visible on all workspaces

  • nixos-unstable 4
    • nixpkgs-unstable 4
    • nixos-unstable-small 4
  • nixos-26.05 4
    • nixos-26.05-small 4
    • nixpkgs-26.05-darwin 4

Package maintainers

Permalink CVE-2026-56210
7.1 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): Required (R)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): Low (L)
  • Integrity (I): None (N)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): High (H)
created 13 hours ago Activity log
  • Created suggestion 13 hours ago
Libaom: libaom: heap-buffer-overflow read via missing bounds check in ctrl_set_layer_id

A heap-buffer-overflow read vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC (Scalable Video Coding) layer ID control function allows setting a spatial_layer_id exceeding the configured number of layers. This causes an out-of-bounds heap read of approximately 40,728 bytes when computing a layer context array index. An attacker who can influence SVC encoder parameters in a network-facing service could exploit this for information disclosure (heap content leak) or denial of service (segmentation fault from hitting unmapped memory).

Affected products

aom
firefox
thunderbird

Matching in nixpkgs

pkgs.mfaomp

Multiple Files At Once Media Player

pkgs.faust2firefox

The faust2firefox script, part of faust functional programming language for realtime audio signal processing

pkgs.firefox_decrypt

Tool to extract passwords from profiles of Mozilla Firefox and derivates

pkgs.thunderbird-cli

Low-level CLI to manage Mozilla Thunderbird email from the shell

pkgs.thunderbird-mcp

MCP server for Thunderbird - enables AI assistants to access email, contacts, and calendars

pkgs.firefox-sync-client

Commandline-utility to list/view/edit/delete entries in a firefox-sync account

pkgs.thunderbird-cli-bridge

HTTP/WebSocket bridge daemon between thunderbird-cli (or any HTTP client) and the Thunderbird-cli WebExtension. Stateless proxy, localhost-only.

pkgs.gnomeExtensions.firefox-profiles

Easily launch Firefox with your favorite profile right from the indicator menu!

  • nixos-unstable 7
    • nixpkgs-unstable 7
    • nixos-unstable-small 7
  • nixos-26.05 7
    • nixos-26.05-small 7
    • nixpkgs-26.05-darwin 7

pkgs.gnomeExtensions.firefox-pip-always-on-top

Automatically sets Picture-in-Picture windows to always be on top and visible on all workspaces

  • nixos-unstable 4
    • nixpkgs-unstable 4
    • nixos-unstable-small 4
  • nixos-26.05 4
    • nixos-26.05-small 4
    • nixpkgs-26.05-darwin 4

Package maintainers

Permalink CVE-2026-56209
7.1 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): Required (R)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): Low (L)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): Low (L)
  • Modified Availability (MA): High (H)
created 13 hours ago Activity log
  • Created suggestion 13 hours ago
Libaom: libaom: arbitrary address write via svc layer context oob and cyclic refresh map pointer hijack

An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC (Scalable Video Coding) layer ID control function allows an attacker to inject an arbitrary pointer into the cyclic refresh map field via crafted image pixel values. The encoder then writes approximately 1,200 bytes at the attacker-controlled address. This is fully deterministic and does not require a separate information leak. An attacker who can supply frames to a network-facing libaom encoder with SVC enabled could exploit this for denial of service or potential code execution.

Affected products

aom
firefox
thunderbird

Matching in nixpkgs

pkgs.mfaomp

Multiple Files At Once Media Player

pkgs.faust2firefox

The faust2firefox script, part of faust functional programming language for realtime audio signal processing

pkgs.firefox_decrypt

Tool to extract passwords from profiles of Mozilla Firefox and derivates

pkgs.thunderbird-cli

Low-level CLI to manage Mozilla Thunderbird email from the shell

pkgs.thunderbird-mcp

MCP server for Thunderbird - enables AI assistants to access email, contacts, and calendars

pkgs.firefox-sync-client

Commandline-utility to list/view/edit/delete entries in a firefox-sync account

pkgs.thunderbird-cli-bridge

HTTP/WebSocket bridge daemon between thunderbird-cli (or any HTTP client) and the Thunderbird-cli WebExtension. Stateless proxy, localhost-only.

pkgs.gnomeExtensions.firefox-profiles

Easily launch Firefox with your favorite profile right from the indicator menu!

  • nixos-unstable 7
    • nixpkgs-unstable 7
    • nixos-unstable-small 7
  • nixos-26.05 7
    • nixos-26.05-small 7
    • nixpkgs-26.05-darwin 7

pkgs.gnomeExtensions.firefox-pip-always-on-top

Automatically sets Picture-in-Picture windows to always be on top and visible on all workspaces

  • nixos-unstable 4
    • nixpkgs-unstable 4
    • nixos-unstable-small 4
  • nixos-26.05 4
    • nixos-26.05-small 4
    • nixpkgs-26.05-darwin 4

Package maintainers

Permalink CVE-2026-56208
7.6 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): Required (R)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): Low (L)
  • Integrity (I): Low (L)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): Low (L)
  • Modified Availability (MA): High (H)
created 13 hours ago Activity log
  • Created suggestion 13 hours ago
Libaom: libaom: heap buffer overflow in av1 encoder first-pass stats buffer via lap mode

A heap buffer overflow vulnerability was found in libaom, the reference AV1 codec implementation. A flaw in the AV1 encoder's Look-Ahead Processing (LAP) mode causes the first-pass stats ring buffer wrap-around guard to be bypassed when g_lag_in_frames is set to 1 or higher. This results in a 232-byte out-of-bounds write on every encoded frame after the second, corrupting adjacent heap objects. An attacker who can influence encoder configuration in a transcoding service or WebRTC session could exploit this to cause a denial of service (process crash) or potentially achieve code execution.

Affected products

aom
firefox
thunderbird

Matching in nixpkgs

pkgs.mfaomp

Multiple Files At Once Media Player

pkgs.faust2firefox

The faust2firefox script, part of faust functional programming language for realtime audio signal processing

pkgs.firefox_decrypt

Tool to extract passwords from profiles of Mozilla Firefox and derivates

pkgs.thunderbird-cli

Low-level CLI to manage Mozilla Thunderbird email from the shell

pkgs.thunderbird-mcp

MCP server for Thunderbird - enables AI assistants to access email, contacts, and calendars

pkgs.firefox-sync-client

Commandline-utility to list/view/edit/delete entries in a firefox-sync account

pkgs.thunderbird-cli-bridge

HTTP/WebSocket bridge daemon between thunderbird-cli (or any HTTP client) and the Thunderbird-cli WebExtension. Stateless proxy, localhost-only.

pkgs.gnomeExtensions.firefox-profiles

Easily launch Firefox with your favorite profile right from the indicator menu!

  • nixos-unstable 7
    • nixpkgs-unstable 7
    • nixos-unstable-small 7
  • nixos-26.05 7
    • nixos-26.05-small 7
    • nixpkgs-26.05-darwin 7

pkgs.gnomeExtensions.firefox-pip-always-on-top

Automatically sets Picture-in-Picture windows to always be on top and visible on all workspaces

  • nixos-unstable 4
    • nixpkgs-unstable 4
    • nixos-unstable-small 4
  • nixos-26.05 4
    • nixos-26.05-small 4
    • nixpkgs-26.05-darwin 4

Package maintainers

Permalink CVE-2026-12302
6.5 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): Low (L)
  • Integrity (I): Low (L)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): Low (L)
  • Modified Availability (MA): None (N)
created 3 days, 13 hours ago Activity log
  • Created suggestion 3 days, 13 hours ago
Mitigation bypass in the DOM: Security component

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.

Affected products

Firefox
  • =<140.*
  • =<115.*
  • =<*
Thunderbird
  • =<140.*
  • =<*

Matching in nixpkgs

pkgs.firefox_decrypt

Tool to extract passwords from profiles of Mozilla Firefox and derivates

  • nixos-unstable 1.1.3
    • nixpkgs-unstable 1.1.3
    • nixos-unstable-small 1.1.3
  • nixos-26.05 -
    • nixos-26.05-small 1.1.3
    • nixpkgs-26.05-darwin 1.1.3

pkgs.thunderbird-cli

Low-level CLI to manage Mozilla Thunderbird email from the shell

  • nixos-unstable 1.0.2
    • nixpkgs-unstable 1.0.2
    • nixos-unstable-small 1.0.2
  • nixos-26.05 -
    • nixos-26.05-small 1.0.2
    • nixpkgs-26.05-darwin 1.0.2

pkgs.thunderbird-mcp

MCP server for Thunderbird - enables AI assistants to access email, contacts, and calendars

  • nixos-unstable 0.5.0
    • nixpkgs-unstable 0.6.0
    • nixos-unstable-small 0.6.0
  • nixos-26.05 -
    • nixos-26.05-small 0.5.0
    • nixpkgs-26.05-darwin 0.5.0

pkgs.firefox-sync-client

Commandline-utility to list/view/edit/delete entries in a firefox-sync account

  • nixos-unstable 1.9.0
    • nixpkgs-unstable 1.9.0
    • nixos-unstable-small 1.9.0
  • nixos-26.05 -
    • nixos-26.05-small 1.9.0
    • nixpkgs-26.05-darwin 1.9.0

pkgs.pkgsRocm.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

pkgs.thunderbird-cli-mcp

MCP server that gives full access to your email through Mozilla Thunderbird

  • nixos-unstable 1.0.2
    • nixpkgs-unstable 1.0.2
    • nixos-unstable-small 1.0.2
  • nixos-26.05 -
    • nixos-26.05-small 1.0.2
    • nixpkgs-26.05-darwin 1.0.2

pkgs.thunderbird-cli-bridge

HTTP/WebSocket bridge daemon between thunderbird-cli (or any HTTP client) and the Thunderbird-cli WebExtension. Stateless proxy, localhost-only.

  • nixos-unstable 1.0.2
    • nixpkgs-unstable 1.0.2
    • nixos-unstable-small 1.0.2
  • nixos-26.05 -
    • nixos-26.05-small 1.0.2
    • nixpkgs-26.05-darwin 1.0.2

pkgs.gnomeExtensions.firefox-profiles

Easily launch Firefox with your favorite profile right from the indicator menu!

  • nixos-unstable 7
    • nixpkgs-unstable 7
    • nixos-unstable-small 7
  • nixos-26.05 -
    • nixos-26.05-small 7
    • nixpkgs-26.05-darwin 7

pkgs.gnomeExtensions.firefox-pip-always-on-top

Automatically sets Picture-in-Picture windows to always be on top and visible on all workspaces

  • nixos-unstable 4
    • nixpkgs-unstable 4
    • nixos-unstable-small 4
  • nixos-26.05 -
    • nixos-26.05-small 4
    • nixpkgs-26.05-darwin 4

pkgs.gnomeExtensions.pip-alwaysontop-for-firefox

Enable Picture-in-Picture(PIP) mode to always be on for Firefox in Gnome.

  • nixos-unstable 1
    • nixpkgs-unstable 1
    • nixos-unstable-small 1
  • nixos-26.05 -
    • nixos-26.05-small 1
    • nixpkgs-26.05-darwin 1

Package maintainers

Permalink CVE-2026-12328
8.1 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
created 3 days, 13 hours ago Activity log
  • Created suggestion 3 days, 13 hours ago
Memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152

Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.

Affected products

Firefox
  • =<140.*
  • =<115.*
  • =<*
Thunderbird
  • =<140.*
  • =<*

Matching in nixpkgs

pkgs.firefox_decrypt

Tool to extract passwords from profiles of Mozilla Firefox and derivates

  • nixos-unstable 1.1.3
    • nixpkgs-unstable 1.1.3
    • nixos-unstable-small 1.1.3
  • nixos-26.05 -
    • nixos-26.05-small 1.1.3
    • nixpkgs-26.05-darwin 1.1.3

pkgs.thunderbird-cli

Low-level CLI to manage Mozilla Thunderbird email from the shell

  • nixos-unstable 1.0.2
    • nixpkgs-unstable 1.0.2
    • nixos-unstable-small 1.0.2
  • nixos-26.05 -
    • nixos-26.05-small 1.0.2
    • nixpkgs-26.05-darwin 1.0.2

pkgs.thunderbird-mcp

MCP server for Thunderbird - enables AI assistants to access email, contacts, and calendars

  • nixos-unstable 0.5.0
    • nixpkgs-unstable 0.6.0
    • nixos-unstable-small 0.6.0
  • nixos-26.05 -
    • nixos-26.05-small 0.5.0
    • nixpkgs-26.05-darwin 0.5.0

pkgs.firefox-sync-client

Commandline-utility to list/view/edit/delete entries in a firefox-sync account

  • nixos-unstable 1.9.0
    • nixpkgs-unstable 1.9.0
    • nixos-unstable-small 1.9.0
  • nixos-26.05 -
    • nixos-26.05-small 1.9.0
    • nixpkgs-26.05-darwin 1.9.0

pkgs.pkgsRocm.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

pkgs.thunderbird-cli-mcp

MCP server that gives full access to your email through Mozilla Thunderbird

  • nixos-unstable 1.0.2
    • nixpkgs-unstable 1.0.2
    • nixos-unstable-small 1.0.2
  • nixos-26.05 -
    • nixos-26.05-small 1.0.2
    • nixpkgs-26.05-darwin 1.0.2

pkgs.thunderbird-cli-bridge

HTTP/WebSocket bridge daemon between thunderbird-cli (or any HTTP client) and the Thunderbird-cli WebExtension. Stateless proxy, localhost-only.

  • nixos-unstable 1.0.2
    • nixpkgs-unstable 1.0.2
    • nixos-unstable-small 1.0.2
  • nixos-26.05 -
    • nixos-26.05-small 1.0.2
    • nixpkgs-26.05-darwin 1.0.2

pkgs.gnomeExtensions.firefox-profiles

Easily launch Firefox with your favorite profile right from the indicator menu!

  • nixos-unstable 7
    • nixpkgs-unstable 7
    • nixos-unstable-small 7
  • nixos-26.05 -
    • nixos-26.05-small 7
    • nixpkgs-26.05-darwin 7

pkgs.gnomeExtensions.firefox-pip-always-on-top

Automatically sets Picture-in-Picture windows to always be on top and visible on all workspaces

  • nixos-unstable 4
    • nixpkgs-unstable 4
    • nixos-unstable-small 4
  • nixos-26.05 -
    • nixos-26.05-small 4
    • nixpkgs-26.05-darwin 4

pkgs.gnomeExtensions.pip-alwaysontop-for-firefox

Enable Picture-in-Picture(PIP) mode to always be on for Firefox in Gnome.

  • nixos-unstable 1
    • nixpkgs-unstable 1
    • nixos-unstable-small 1
  • nixos-26.05 -
    • nixos-26.05-small 1
    • nixpkgs-26.05-darwin 1

Package maintainers

Permalink CVE-2026-12306
5.3 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): Low (L)
  • Integrity (I): None (N)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): None (N)
created 3 days, 13 hours ago Activity log
  • Created suggestion 3 days, 13 hours ago
Memory safety bug fixed in Thunderbird 152

Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.

Affected products

Firefox
  • =<140.*
  • =<*
Thunderbird
  • =<140.*
  • =<*

Matching in nixpkgs

pkgs.firefox_decrypt

Tool to extract passwords from profiles of Mozilla Firefox and derivates

  • nixos-unstable 1.1.3
    • nixpkgs-unstable 1.1.3
    • nixos-unstable-small 1.1.3
  • nixos-26.05 -
    • nixos-26.05-small 1.1.3
    • nixpkgs-26.05-darwin 1.1.3

pkgs.thunderbird-cli

Low-level CLI to manage Mozilla Thunderbird email from the shell

  • nixos-unstable 1.0.2
    • nixpkgs-unstable 1.0.2
    • nixos-unstable-small 1.0.2
  • nixos-26.05 -
    • nixos-26.05-small 1.0.2
    • nixpkgs-26.05-darwin 1.0.2

pkgs.thunderbird-mcp

MCP server for Thunderbird - enables AI assistants to access email, contacts, and calendars

  • nixos-unstable 0.5.0
    • nixpkgs-unstable 0.6.0
    • nixos-unstable-small 0.6.0
  • nixos-26.05 -
    • nixos-26.05-small 0.5.0
    • nixpkgs-26.05-darwin 0.5.0

pkgs.firefox-sync-client

Commandline-utility to list/view/edit/delete entries in a firefox-sync account

  • nixos-unstable 1.9.0
    • nixpkgs-unstable 1.9.0
    • nixos-unstable-small 1.9.0
  • nixos-26.05 -
    • nixos-26.05-small 1.9.0
    • nixpkgs-26.05-darwin 1.9.0

pkgs.pkgsRocm.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

pkgs.thunderbird-cli-mcp

MCP server that gives full access to your email through Mozilla Thunderbird

  • nixos-unstable 1.0.2
    • nixpkgs-unstable 1.0.2
    • nixos-unstable-small 1.0.2
  • nixos-26.05 -
    • nixos-26.05-small 1.0.2
    • nixpkgs-26.05-darwin 1.0.2

pkgs.thunderbird-cli-bridge

HTTP/WebSocket bridge daemon between thunderbird-cli (or any HTTP client) and the Thunderbird-cli WebExtension. Stateless proxy, localhost-only.

  • nixos-unstable 1.0.2
    • nixpkgs-unstable 1.0.2
    • nixos-unstable-small 1.0.2
  • nixos-26.05 -
    • nixos-26.05-small 1.0.2
    • nixpkgs-26.05-darwin 1.0.2

pkgs.gnomeExtensions.firefox-profiles

Easily launch Firefox with your favorite profile right from the indicator menu!

  • nixos-unstable 7
    • nixpkgs-unstable 7
    • nixos-unstable-small 7
  • nixos-26.05 -
    • nixos-26.05-small 7
    • nixpkgs-26.05-darwin 7

pkgs.gnomeExtensions.firefox-pip-always-on-top

Automatically sets Picture-in-Picture windows to always be on top and visible on all workspaces

  • nixos-unstable 4
    • nixpkgs-unstable 4
    • nixos-unstable-small 4
  • nixos-26.05 -
    • nixos-26.05-small 4
    • nixpkgs-26.05-darwin 4

pkgs.gnomeExtensions.pip-alwaysontop-for-firefox

Enable Picture-in-Picture(PIP) mode to always be on for Firefox in Gnome.

  • nixos-unstable 1
    • nixpkgs-unstable 1
    • nixos-unstable-small 1
  • nixos-26.05 -
    • nixos-26.05-small 1
    • nixpkgs-26.05-darwin 1

Package maintainers

Permalink CVE-2026-12313
4.7 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): Required (R)
  • Scope (S): Changed (C)
  • Confidentiality (C): Low (L)
  • Integrity (I): None (N)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Changed (C)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): None (N)
created 3 days, 13 hours ago Activity log
  • Created suggestion 3 days, 13 hours ago
Information disclosure, sandbox escape in the Security: Process Sandboxing component

Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.

Affected products

Firefox
  • =<140.*
  • =<*
Thunderbird
  • =<140.*
  • =<*

Matching in nixpkgs

pkgs.firefox_decrypt

Tool to extract passwords from profiles of Mozilla Firefox and derivates

  • nixos-unstable 1.1.3
    • nixpkgs-unstable 1.1.3
    • nixos-unstable-small 1.1.3
  • nixos-26.05 -
    • nixos-26.05-small 1.1.3
    • nixpkgs-26.05-darwin 1.1.3

pkgs.thunderbird-cli

Low-level CLI to manage Mozilla Thunderbird email from the shell

  • nixos-unstable 1.0.2
    • nixpkgs-unstable 1.0.2
    • nixos-unstable-small 1.0.2
  • nixos-26.05 -
    • nixos-26.05-small 1.0.2
    • nixpkgs-26.05-darwin 1.0.2

pkgs.thunderbird-mcp

MCP server for Thunderbird - enables AI assistants to access email, contacts, and calendars

  • nixos-unstable 0.5.0
    • nixpkgs-unstable 0.6.0
    • nixos-unstable-small 0.6.0
  • nixos-26.05 -
    • nixos-26.05-small 0.5.0
    • nixpkgs-26.05-darwin 0.5.0

pkgs.firefox-sync-client

Commandline-utility to list/view/edit/delete entries in a firefox-sync account

  • nixos-unstable 1.9.0
    • nixpkgs-unstable 1.9.0
    • nixos-unstable-small 1.9.0
  • nixos-26.05 -
    • nixos-26.05-small 1.9.0
    • nixpkgs-26.05-darwin 1.9.0

pkgs.pkgsRocm.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

pkgs.thunderbird-cli-mcp

MCP server that gives full access to your email through Mozilla Thunderbird

  • nixos-unstable 1.0.2
    • nixpkgs-unstable 1.0.2
    • nixos-unstable-small 1.0.2
  • nixos-26.05 -
    • nixos-26.05-small 1.0.2
    • nixpkgs-26.05-darwin 1.0.2

pkgs.thunderbird-cli-bridge

HTTP/WebSocket bridge daemon between thunderbird-cli (or any HTTP client) and the Thunderbird-cli WebExtension. Stateless proxy, localhost-only.

  • nixos-unstable 1.0.2
    • nixpkgs-unstable 1.0.2
    • nixos-unstable-small 1.0.2
  • nixos-26.05 -
    • nixos-26.05-small 1.0.2
    • nixpkgs-26.05-darwin 1.0.2

pkgs.gnomeExtensions.firefox-profiles

Easily launch Firefox with your favorite profile right from the indicator menu!

  • nixos-unstable 7
    • nixpkgs-unstable 7
    • nixos-unstable-small 7
  • nixos-26.05 -
    • nixos-26.05-small 7
    • nixpkgs-26.05-darwin 7

pkgs.gnomeExtensions.firefox-pip-always-on-top

Automatically sets Picture-in-Picture windows to always be on top and visible on all workspaces

  • nixos-unstable 4
    • nixpkgs-unstable 4
    • nixos-unstable-small 4
  • nixos-26.05 -
    • nixos-26.05-small 4
    • nixpkgs-26.05-darwin 4

pkgs.gnomeExtensions.pip-alwaysontop-for-firefox

Enable Picture-in-Picture(PIP) mode to always be on for Firefox in Gnome.

  • nixos-unstable 1
    • nixpkgs-unstable 1
    • nixos-unstable-small 1
  • nixos-26.05 -
    • nixos-26.05-small 1
    • nixpkgs-26.05-darwin 1

Package maintainers

Permalink CVE-2026-12304
9.1 CRITICAL
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): None (N)
created 3 days, 13 hours ago Activity log
  • Created suggestion 3 days, 13 hours ago
Same-origin policy bypass in the Networking: Cookies component

Same-origin policy bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.

Affected products

Firefox
  • =<140.*
  • =<*
Thunderbird
  • =<140.*
  • =<*

Matching in nixpkgs

pkgs.firefox_decrypt

Tool to extract passwords from profiles of Mozilla Firefox and derivates

  • nixos-unstable 1.1.3
    • nixpkgs-unstable 1.1.3
    • nixos-unstable-small 1.1.3
  • nixos-26.05 -
    • nixos-26.05-small 1.1.3
    • nixpkgs-26.05-darwin 1.1.3

pkgs.thunderbird-cli

Low-level CLI to manage Mozilla Thunderbird email from the shell

  • nixos-unstable 1.0.2
    • nixpkgs-unstable 1.0.2
    • nixos-unstable-small 1.0.2
  • nixos-26.05 -
    • nixos-26.05-small 1.0.2
    • nixpkgs-26.05-darwin 1.0.2

pkgs.thunderbird-mcp

MCP server for Thunderbird - enables AI assistants to access email, contacts, and calendars

  • nixos-unstable 0.5.0
    • nixpkgs-unstable 0.6.0
    • nixos-unstable-small 0.6.0
  • nixos-26.05 -
    • nixos-26.05-small 0.5.0
    • nixpkgs-26.05-darwin 0.5.0

pkgs.firefox-sync-client

Commandline-utility to list/view/edit/delete entries in a firefox-sync account

  • nixos-unstable 1.9.0
    • nixpkgs-unstable 1.9.0
    • nixos-unstable-small 1.9.0
  • nixos-26.05 -
    • nixos-26.05-small 1.9.0
    • nixpkgs-26.05-darwin 1.9.0

pkgs.pkgsRocm.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

pkgs.thunderbird-cli-mcp

MCP server that gives full access to your email through Mozilla Thunderbird

  • nixos-unstable 1.0.2
    • nixpkgs-unstable 1.0.2
    • nixos-unstable-small 1.0.2
  • nixos-26.05 -
    • nixos-26.05-small 1.0.2
    • nixpkgs-26.05-darwin 1.0.2

pkgs.thunderbird-cli-bridge

HTTP/WebSocket bridge daemon between thunderbird-cli (or any HTTP client) and the Thunderbird-cli WebExtension. Stateless proxy, localhost-only.

  • nixos-unstable 1.0.2
    • nixpkgs-unstable 1.0.2
    • nixos-unstable-small 1.0.2
  • nixos-26.05 -
    • nixos-26.05-small 1.0.2
    • nixpkgs-26.05-darwin 1.0.2

pkgs.gnomeExtensions.firefox-profiles

Easily launch Firefox with your favorite profile right from the indicator menu!

  • nixos-unstable 7
    • nixpkgs-unstable 7
    • nixos-unstable-small 7
  • nixos-26.05 -
    • nixos-26.05-small 7
    • nixpkgs-26.05-darwin 7

pkgs.gnomeExtensions.firefox-pip-always-on-top

Automatically sets Picture-in-Picture windows to always be on top and visible on all workspaces

  • nixos-unstable 4
    • nixpkgs-unstable 4
    • nixos-unstable-small 4
  • nixos-26.05 -
    • nixos-26.05-small 4
    • nixpkgs-26.05-darwin 4

pkgs.gnomeExtensions.pip-alwaysontop-for-firefox

Enable Picture-in-Picture(PIP) mode to always be on for Firefox in Gnome.

  • nixos-unstable 1
    • nixpkgs-unstable 1
    • nixos-unstable-small 1
  • nixos-26.05 -
    • nixos-26.05-small 1
    • nixpkgs-26.05-darwin 1

Package maintainers

Permalink CVE-2026-12294
created 3 days, 13 hours ago Activity log
  • Created suggestion 3 days, 13 hours ago
Sandbox escape in the DOM: Workers component

Sandbox escape in the DOM: Workers component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.

Affected products

Firefox
  • =<140.*
  • =<115.*
  • =<*
Thunderbird
  • =<140.*
  • =<*

Matching in nixpkgs

pkgs.firefox_decrypt

Tool to extract passwords from profiles of Mozilla Firefox and derivates

  • nixos-unstable 1.1.3
    • nixpkgs-unstable 1.1.3
    • nixos-unstable-small 1.1.3
  • nixos-26.05 -
    • nixos-26.05-small 1.1.3
    • nixpkgs-26.05-darwin 1.1.3

pkgs.thunderbird-cli

Low-level CLI to manage Mozilla Thunderbird email from the shell

  • nixos-unstable 1.0.2
    • nixpkgs-unstable 1.0.2
    • nixos-unstable-small 1.0.2
  • nixos-26.05 -
    • nixos-26.05-small 1.0.2
    • nixpkgs-26.05-darwin 1.0.2

pkgs.thunderbird-mcp

MCP server for Thunderbird - enables AI assistants to access email, contacts, and calendars

  • nixos-unstable 0.5.0
    • nixpkgs-unstable 0.6.0
    • nixos-unstable-small 0.6.0
  • nixos-26.05 -
    • nixos-26.05-small 0.5.0
    • nixpkgs-26.05-darwin 0.5.0

pkgs.firefox-sync-client

Commandline-utility to list/view/edit/delete entries in a firefox-sync account

  • nixos-unstable 1.9.0
    • nixpkgs-unstable 1.9.0
    • nixos-unstable-small 1.9.0
  • nixos-26.05 -
    • nixos-26.05-small 1.9.0
    • nixpkgs-26.05-darwin 1.9.0

pkgs.pkgsRocm.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

pkgs.thunderbird-cli-mcp

MCP server that gives full access to your email through Mozilla Thunderbird

  • nixos-unstable 1.0.2
    • nixpkgs-unstable 1.0.2
    • nixos-unstable-small 1.0.2
  • nixos-26.05 -
    • nixos-26.05-small 1.0.2
    • nixpkgs-26.05-darwin 1.0.2

pkgs.thunderbird-cli-bridge

HTTP/WebSocket bridge daemon between thunderbird-cli (or any HTTP client) and the Thunderbird-cli WebExtension. Stateless proxy, localhost-only.

  • nixos-unstable 1.0.2
    • nixpkgs-unstable 1.0.2
    • nixos-unstable-small 1.0.2
  • nixos-26.05 -
    • nixos-26.05-small 1.0.2
    • nixpkgs-26.05-darwin 1.0.2

pkgs.gnomeExtensions.firefox-profiles

Easily launch Firefox with your favorite profile right from the indicator menu!

  • nixos-unstable 7
    • nixpkgs-unstable 7
    • nixos-unstable-small 7
  • nixos-26.05 -
    • nixos-26.05-small 7
    • nixpkgs-26.05-darwin 7

pkgs.gnomeExtensions.firefox-pip-always-on-top

Automatically sets Picture-in-Picture windows to always be on top and visible on all workspaces

  • nixos-unstable 4
    • nixpkgs-unstable 4
    • nixos-unstable-small 4
  • nixos-26.05 -
    • nixos-26.05-small 4
    • nixpkgs-26.05-darwin 4

pkgs.gnomeExtensions.pip-alwaysontop-for-firefox

Enable Picture-in-Picture(PIP) mode to always be on for Firefox in Gnome.

  • nixos-unstable 1
    • nixpkgs-unstable 1
    • nixos-unstable-small 1
  • nixos-26.05 -
    • nixos-26.05-small 1
    • nixpkgs-26.05-darwin 1

Package maintainers