Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

All statuses
Filter by:
With package: roundcubePlugins.thunderbird_labels

Found 124 matching suggestions

View:
Compact
Detailed
Untriaged
Permalink CVE-2026-2778
created 1 month, 2 weeks ago
Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component

Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.

Affected products

Firefox
  • <148
Firefox ESR
  • <115.33
  • <140.8
Thunderbird
  • <140.8
  • <148

Matching in nixpkgs

pkgs.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

pkgs.faust2firefox

The faust2firefox script, part of faust functional programming language for realtime audio signal processing

pkgs.firefox_decrypt

Tool to extract passwords from profiles of Mozilla Firefox and derivates

pkgs.firefox-sync-client

Commandline-utility to list/view/edit/delete entries in a firefox-sync account.

pkgs.gnomeExtensions.firefox-profiles

Easily launch Firefox with your favorite profile right from the indicator menu!

  • nixos-unstable 5
    • nixpkgs-unstable 5
    • nixos-unstable-small 5
  • nixos-25.11 5
    • nixos-25.11-small 5
    • nixpkgs-25.11-darwin 5

Package maintainers

Untriaged
Permalink CVE-2026-2769
8.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 month, 2 weeks ago
Use-after-free in the Storage: IndexedDB component

Use-after-free in the Storage: IndexedDB component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.

Affected products

Firefox
  • <148
Firefox ESR
  • <115.33
  • <140.8
Thunderbird
  • <148
  • <140.8

Matching in nixpkgs

pkgs.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

pkgs.faust2firefox

The faust2firefox script, part of faust functional programming language for realtime audio signal processing

pkgs.firefox_decrypt

Tool to extract passwords from profiles of Mozilla Firefox and derivates

pkgs.firefox-sync-client

Commandline-utility to list/view/edit/delete entries in a firefox-sync account.

pkgs.gnomeExtensions.firefox-profiles

Easily launch Firefox with your favorite profile right from the indicator menu!

  • nixos-unstable 5
    • nixpkgs-unstable 5
    • nixos-unstable-small 5
  • nixos-25.11 5
    • nixos-25.11-small 5
    • nixpkgs-25.11-darwin 5

Package maintainers

Untriaged
Permalink CVE-2026-2447
8.8 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 1 month, 4 weeks ago
Heap buffer overflow in libvpx

Heap buffer overflow in libvpx. This vulnerability affects Firefox < 147.0.4, Firefox ESR < 140.7.1, Firefox ESR < 115.32.1, Thunderbird < 140.7.2, and Thunderbird < 147.0.2.

Affected products

Firefox
  • <147.0.4
Firefox ESR
  • <140.7.1
  • <115.32.1
Thunderbird
  • <147.0.2
  • <140.7.2

Matching in nixpkgs

pkgs.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

pkgs.faust2firefox

The faust2firefox script, part of faust functional programming language for realtime audio signal processing

pkgs.firefox_decrypt

Tool to extract passwords from profiles of Mozilla Firefox and derivates

pkgs.firefox-sync-client

Commandline-utility to list/view/edit/delete entries in a firefox-sync account.

pkgs.gnomeExtensions.firefox-profiles

Easily launch Firefox with your favorite profile right from the indicator menu!

  • nixos-unstable 5
    • nixpkgs-unstable 5
    • nixos-unstable-small 5
  • nixos-25.11 5
    • nixos-25.11-small 5
    • nixpkgs-25.11-darwin 5

Package maintainers

Untriaged
Permalink CVE-2026-25957
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 2 months ago
Cube Denial of Service (DoS) - An authenticated attacker can crash the server by sending a specially crafted request

Cube is a semantic layer for building data applications. From 1.1.17 to before 1.5.13 and 1.4.2, it is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. This vulnerability is fixed in 1.5.13 and 1.4.2.

Affected products

cube
  • ==>= 1.5.0, < 1.5.13
  • ==>= 1.1.17, < 1.4.2

Matching in nixpkgs

pkgs.pascube

Simple OpenGL spinning cube written in Pascal

  • nixos-unstable -
    • nixpkgs-unstable 1.5.1
    • nixos-unstable-small 1.5.1
  • nixos-25.11 1.5.1
    • nixpkgs-25.11-darwin 1.5.1

pkgs.musikcube

Terminal-based music player, library, and streaming audio server

pkgs.classicube

Lightweight, custom Minecraft Classic/ClassiCube client with optional additions written from scratch in C

pkgs.stm32cubemx

Graphical tool for configuring STM32 microcontrollers and microprocessors

pkgs.spacenav-cube-example

Example application to test the spacenavd driver

  • nixos-unstable 1.2
    • nixpkgs-unstable 1.2
    • nixos-unstable-small 1.2
  • nixos-25.11 1.2
    • nixpkgs-25.11-darwin 1.2

Package maintainers

Untriaged
Permalink CVE-2026-25958
7.7 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 2 months ago
Cube privilege escalation via a specially crafted request

Cube is a semantic layer for building data applications. From 0.27.19 to before 1.5.13, 1.4.2, and 1.0.14, it is possible to make a specially crafted request with a valid API token that leads to privilege escalation. This vulnerability is fixed in 1.5.13, 1.4.2, and 1.0.14.

Affected products

cube
  • ==>= 0.27.19, < 1.0.14
  • ==>= 1.1.0, < 1.4.2
  • ==>= 1.5.0, < 1.5.13

Matching in nixpkgs

pkgs.pascube

Simple OpenGL spinning cube written in Pascal

  • nixos-unstable -
    • nixpkgs-unstable 1.5.1
    • nixos-unstable-small 1.5.1
  • nixos-25.11 1.5.1
    • nixpkgs-25.11-darwin 1.5.1

pkgs.musikcube

Terminal-based music player, library, and streaming audio server

pkgs.classicube

Lightweight, custom Minecraft Classic/ClassiCube client with optional additions written from scratch in C

pkgs.stm32cubemx

Graphical tool for configuring STM32 microcontrollers and microprocessors

pkgs.spacenav-cube-example

Example application to test the spacenavd driver

  • nixos-unstable 1.2
    • nixpkgs-unstable 1.2
    • nixos-unstable-small 1.2
  • nixos-25.11 1.2
    • nixpkgs-25.11-darwin 1.2

Package maintainers

Untriaged
Permalink CVE-2026-0818
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 2 months, 2 weeks ago
CSS-based exfiltration of the content from partially encrypted emails when allowing remote content

CSS-based exfiltration of the content from partially encrypted emails when allowing remote content. This vulnerability affects Thunderbird < 147.0.1 and Thunderbird < 140.7.1.

Affected products

Thunderbird
  • <147.0.1
  • <140.7.1

Matching in nixpkgs

Package maintainers

Untriaged
Permalink CVE-2018-25156
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 2 months, 2 weeks ago
Teradek Cube 7.3.6 Cross-Site Request Forgery Password Change

Teradek Cube 7.3.6 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft a malicious web page with a hidden form to submit password change requests to the device's system configuration interface.

Affected products

Cube
  • ==7.3.15
  • ==7.3.6

Matching in nixpkgs

pkgs.pascube

Simple OpenGL spinning cube written in Pascal

pkgs.musikcube

Terminal-based music player, library, and streaming audio server

pkgs.classicube

Lightweight, custom Minecraft Classic/ClassiCube client with optional additions written from scratch in C

pkgs.stm32cubemx

Graphical tool for configuring STM32 microcontrollers and microprocessors

pkgs.spacenav-cube-example

Example application to test the spacenavd driver

  • nixos-unstable 1.2
    • nixpkgs-unstable 1.2
    • nixos-unstable-small 1.2
  • nixos-25.11 1.2
    • nixpkgs-25.11-darwin 1.2

Package maintainers

Untriaged
Permalink CVE-2026-0888
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 2 months, 4 weeks ago
Information disclosure in the XML component

Information disclosure in the XML component. This vulnerability affects Firefox < 147.

Affected products

Firefox
  • <147
Thunderbird
  • <147

Matching in nixpkgs

pkgs.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

pkgs.faust2firefox

The faust2firefox script, part of faust functional programming language for realtime audio signal processing

pkgs.firefox_decrypt

Tool to extract passwords from profiles of Mozilla Firefox and derivates

pkgs.firefox-sync-client

Commandline-utility to list/view/edit/delete entries in a firefox-sync account

pkgs.pkgsRocm.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

pkgs.gnomeExtensions.firefox-profiles

Easily launch Firefox with your favorite profile right from the indicator menu!

  • nixos-unstable 4
    • nixpkgs-unstable 4
    • nixos-unstable-small 4
  • nixos-25.11 5
    • nixpkgs-25.11-darwin 5

Package maintainers

Untriaged
Permalink CVE-2026-0887
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 2 months, 4 weeks ago
Clickjacking issue, information disclosure in the PDF Viewer component

Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability affects Firefox < 147 and Firefox ESR < 140.7.

Affected products

Firefox
  • <147
Firefox ESR
  • <140.7
Thunderbird
  • <140.7
  • <147

Matching in nixpkgs

pkgs.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

pkgs.faust2firefox

The faust2firefox script, part of faust functional programming language for realtime audio signal processing

pkgs.firefox_decrypt

Tool to extract passwords from profiles of Mozilla Firefox and derivates

pkgs.firefox-sync-client

Commandline-utility to list/view/edit/delete entries in a firefox-sync account

pkgs.pkgsRocm.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

pkgs.gnomeExtensions.firefox-profiles

Easily launch Firefox with your favorite profile right from the indicator menu!

  • nixos-unstable 4
    • nixpkgs-unstable 4
    • nixos-unstable-small 4
  • nixos-25.11 5
    • nixpkgs-25.11-darwin 5

Package maintainers

Untriaged
Permalink CVE-2026-0877
8.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 2 months, 4 weeks ago
Mitigation bypass in the DOM: Security component

Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, and Firefox ESR < 140.7.

Affected products

Firefox
  • <147
Firefox ESR
  • <140.7
  • <115.32
Thunderbird
  • <140.7
  • <147

Matching in nixpkgs

pkgs.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

pkgs.faust2firefox

The faust2firefox script, part of faust functional programming language for realtime audio signal processing

pkgs.firefox_decrypt

Tool to extract passwords from profiles of Mozilla Firefox and derivates

pkgs.firefox-sync-client

Commandline-utility to list/view/edit/delete entries in a firefox-sync account

pkgs.pkgsRocm.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

pkgs.gnomeExtensions.firefox-profiles

Easily launch Firefox with your favorite profile right from the indicator menu!

  • nixos-unstable 4
    • nixpkgs-unstable 4
    • nixos-unstable-small 4
  • nixos-25.11 5
    • nixpkgs-25.11-darwin 5

Package maintainers