Lucene search

K
altlinuxHttps://packages.altlinux.org/en/sisyphus/security/EA213E1D6C38C1E4E440225FBC0DD664
HistoryApr 26, 2021 - 12:00 a.m.

Security fix for the ALT Linux 10 package thunderbird version 78.10.0-alt1

2021-04-2600:00:00
https://packages.altlinux.org/en/sisyphus/security/
packages.altlinux.org
19
thunderbird
alt linux 10
security fix
cve-2021-23994
cve-2021-23995
out of bound write
use-after-free
secure lock icon
internal network hosts
blob urls
arbitrary ftp command execution
incorrect size computation
port blocking
race condition
openpgp key refresh
malicious extensions
memory safety bugs

EPSS

0.009

Percentile

82.4%

April 26, 2021 Andrey Cherepanov 78.10.0-alt1

- New version (78.10.0).
- Security fixes:
  + CVE-2021-23994 Out of bound write due to lazy initialization
  + CVE-2021-23995 Use-after-free in Responsive Design Mode
  + CVE-2021-23998 Secure Lock icon could have been spoofed
  + CVE-2021-23961 More internal network hosts could have been probed by a malicious webpage
  + CVE-2021-23999 Blob URLs may have been granted additional privileges
  + CVE-2021-24002 Arbitrary FTP command execution on FTP servers using an encoded URL
  + CVE-2021-29945 Incorrect size computation in WebAssembly JIT could lead to null-reads
  + CVE-2021-29946 Port blocking could be bypassed
  + CVE-2021-29948 Race condition when reading from disk while verifying signatures
  + CVE-2021-23991 An attacker may use Thunderbird's OpenPGP key refresh mechanism to poison an existing key
  + CVE-2021-23992 A crafted OpenPGP key with an invalid user ID could be used to confuse the user
  + CVE-2021-23993 Inability to send encrypted OpenPGP email after importing a crafted OpenPGP key
  + CVE-2021-29949 Thunderbird might execute an alternative OTR library
  + CVE-2021-23981 Texture upload into an unbound backing buffer resulted in an out-of-bound read
  + CVE-2021-23982 Internal network hosts could have been probed by a malicious webpage
  + CVE-2021-23984 Malicious extensions could have spoofed popup information
  + CVE-2021-23987 Memory safety bugs fixed in Thunderbird 78.9