8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
63.9%
April 26, 2021 Andrey Cherepanov 78.10.0-alt1
- New version (78.10.0).
- Security fixes:
+ CVE-2021-23994 Out of bound write due to lazy initialization
+ CVE-2021-23995 Use-after-free in Responsive Design Mode
+ CVE-2021-23998 Secure Lock icon could have been spoofed
+ CVE-2021-23961 More internal network hosts could have been probed by a malicious webpage
+ CVE-2021-23999 Blob URLs may have been granted additional privileges
+ CVE-2021-24002 Arbitrary FTP command execution on FTP servers using an encoded URL
+ CVE-2021-29945 Incorrect size computation in WebAssembly JIT could lead to null-reads
+ CVE-2021-29946 Port blocking could be bypassed
+ CVE-2021-29948 Race condition when reading from disk while verifying signatures
+ CVE-2021-23991 An attacker may use Thunderbird's OpenPGP key refresh mechanism to poison an existing key
+ CVE-2021-23992 A crafted OpenPGP key with an invalid user ID could be used to confuse the user
+ CVE-2021-23993 Inability to send encrypted OpenPGP email after importing a crafted OpenPGP key
+ CVE-2021-29949 Thunderbird might execute an alternative OTR library
+ CVE-2021-23981 Texture upload into an unbound backing buffer resulted in an out-of-bound read
+ CVE-2021-23982 Internal network hosts could have been probed by a malicious webpage
+ CVE-2021-23984 Malicious extensions could have spoofed popup information
+ CVE-2021-23987 Memory safety bugs fixed in Thunderbird 78.9
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
63.9%