Nixpkgs security tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: thunderbirdPackages.thunderbird-140

Found 172 matching suggestions

View:
Compact
Detailed
Published
Permalink CVE-2026-2447
8.8 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): Required (R)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
updated 3 months, 1 week ago by @LeSuisse Activity log
  • Created suggestion 3 months, 1 week ago
  • @jopejoe1 ignored
    11 packages
    • firefoxpwa
    • faust2firefox
    • firefox_decrypt
    • firefox-gnome-theme
    • firefox-sync-client
    • pkgsRocm.firefoxpwa
    • gnomeExtensions.firefox-profiles
    • roundcubePlugins.thunderbird_labels
    • gnomeExtensions.firefox-pip-always-on-top
    • gnomeExtensions.pip-alwaysontop-for-firefox
    • vscode-extensions.firefox-devtools.vscode-firefox-debug
    3 months, 1 week ago
  • @LeSuisse ignored
    17 packages
    • thunderbirdPackages.thunderbird-128
    • pkgsRocm.firefox
    • pkgsRocm.thunderbird
    • pkgsRocm.firefox-beta
    • pkgsRocm.thunderbird-unwrapped
    • firefox-devedition-unwrapped
    • pkgsRocm.firefox-devedition
    • pkgsRocm.firefox-unwrapped
    • pkgsRocm.thunderbird-latest
    • pkgsRocm.thunderbird-latest-unwrapped
    • pkgsRocm.firefox-devedition-unwrapped
    • pkgsRocm.thunderbirdPackages.thunderbird
    • pkgsRocm.thunderbirdPackages.thunderbird-latest
    • thunderbird-128-unwrapped
    • pkgsRocm.firefox-mobile
    • pkgsRocm.firefox-beta-unwrapped
    • firefox-beta-unwrapped
    3 months, 1 week ago
  • @LeSuisse deleted
    4 maintainers
    • @nbp
    • @vcunat
    • @mweinelt
    • @lovesegfault
    3 months, 1 week ago maintainer.delete
  • @LeSuisse accepted 3 months, 1 week ago
  • @LeSuisse published on GitHub 3 months, 1 week ago
Heap buffer overflow in libvpx

Heap buffer overflow in libvpx. This vulnerability affects Firefox < 147.0.4, Firefox ESR < 140.7.1, Firefox ESR < 115.32.1, Thunderbird < 140.7.2, and Thunderbird < 147.0.2.

Affected products

Firefox
  • <147.0.4
Firefox ESR
  • <140.7.1
  • <115.32.1
Thunderbird
  • <147.0.2
  • <140.7.2

Matching in nixpkgs

Ignored packages (28)

pkgs.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

pkgs.faust2firefox

The faust2firefox script, part of faust functional programming language for realtime audio signal processing

pkgs.firefox_decrypt

Tool to extract passwords from profiles of Mozilla Firefox and derivates

pkgs.firefox-sync-client

Commandline-utility to list/view/edit/delete entries in a firefox-sync account.

pkgs.gnomeExtensions.firefox-profiles

Easily launch Firefox with your favorite profile right from the indicator menu!

  • nixos-unstable 5
    • nixpkgs-unstable 5
    • nixos-unstable-small 5
  • nixos-25.11 5
    • nixos-25.11-small 5
    • nixpkgs-25.11-darwin 5

Package maintainers

Ignored maintainers (4) 
Upstream advisory: https://github.com/advisories/GHSA-c99q-x737-hc5j
Untriaged
Permalink CVE-2026-0818
4.3 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): Required (R)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): Low (L)
  • Integrity (I): None (N)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): None (N)
created 3 months, 3 weeks ago Activity log
  • Created suggestion 3 months, 3 weeks ago
CSS-based exfiltration of the content from partially encrypted emails when allowing remote content

CSS-based exfiltration of the content from partially encrypted emails when allowing remote content. This vulnerability affects Thunderbird < 147.0.1 and Thunderbird < 140.7.1.

Affected products

Thunderbird
  • <140.7.1
  • <147.0.1

Matching in nixpkgs

Package maintainers