April 26, 2021 Andrey Cherepanov 78.10.0-alt1
- New version (78.10.0).
- Security fixes:
+ CVE-2021-23994 Out of bound write due to lazy initialization
+ CVE-2021-23995 Use-after-free in Responsive Design Mode
+ CVE-2021-23998 Secure Lock icon could have been spoofed
+ CVE-2021-23961 More internal network hosts could have been probed by a malicious webpage
+ CVE-2021-23999 Blob URLs may have been granted additional privileges
+ CVE-2021-24002 Arbitrary FTP command execution on FTP servers using an encoded URL
+ CVE-2021-29945 Incorrect size computation in WebAssembly JIT could lead to null-reads
+ CVE-2021-29946 Port blocking could be bypassed
+ CVE-2021-29948 Race condition when reading from disk while verifying signatures
+ CVE-2021-23991 An attacker may use Thunderbird's OpenPGP key refresh mechanism to poison an existing key
+ CVE-2021-23992 A crafted OpenPGP key with an invalid user ID could be used to confuse the user
+ CVE-2021-23993 Inability to send encrypted OpenPGP email after importing a crafted OpenPGP key
+ CVE-2021-29949 Thunderbird might execute an alternative OTR library
+ CVE-2021-23981 Texture upload into an unbound backing buffer resulted in an out-of-bound read
+ CVE-2021-23982 Internal network hosts could have been probed by a malicious webpage
+ CVE-2021-23984 Malicious extensions could have spoofed popup information
+ CVE-2021-23987 Memory safety bugs fixed in Thunderbird 78.9