Mozilla Thunderbird 129.0 Beta 2
Approved changes feed: RSS · Atom
cpe:2.3:a:mozilla:thunderbird:129.0:beta2:*:*:*:*:*:*
part: a version: 129.0 update: beta2
| Vendor | Mozilla (be1b0d4e-21a7-5a25-9982-bbda6ef43ec1) |
|---|---|
| Product | Thunderbird (e5553559-8c71-58cd-a1a6-c5f5cf77e32f) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:deb/debian/thunderbird |
purl2cpe | 2026-06-01 10:17:53.769265 |
pkg:mozilla/comm-central |
purl2cpe | 2026-06-01 10:17:53.769266 |
pkg:rpm/fedora/thunderbird |
purl2cpe | 2026-06-01 10:17:53.769268 |
pkg:rpm/opensuse/mozillathunderbird |
purl2cpe | 2026-06-01 10:17:53.769269 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-9398 |
vulnerable | 2026-06-03 14:58:21.151636 |
Details available
By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
Published: 2024-10-01T15:13:20.488Z
Updated: 2025-03-18T19:36:14.028Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-9397 |
vulnerable | 2026-06-03 14:58:21.150629 |
Details available
A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
Published: 2024-10-01T15:13:20.274Z
Updated: 2026-03-02T17:48:48.098Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-9394 |
vulnerable | 2026-06-03 14:58:21.148454 |
Details available
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin. This could allow them to access cross-origin JSON content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.
Published: 2024-10-01T15:13:19.407Z
Updated: 2025-11-03T22:33:29.991Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-9393 |
vulnerable | 2026-06-03 14:58:21.144924 |
Details available
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin. This could allow them to access cross-origin PDF content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.
Published: 2024-10-01T15:13:19.123Z
Updated: 2025-11-03T22:33:27.062Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.