CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
88.8%
Severity: High
Date : 2021-12-11
CVE-ID : CVE-2021-43528 CVE-2021-43536 CVE-2021-43537 CVE-2021-43538
CVE-2021-43539 CVE-2021-43541 CVE-2021-43542 CVE-2021-43543
CVE-2021-43545 CVE-2021-43546
Package : thunderbird
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-2608
The package thunderbird before version 91.4.0-1 is vulnerable to
multiple issues including arbitrary code execution, content spoofing,
information disclosure, incorrect calculation, sandbox escape and
denial of service.
Upgrade to 91.4.0-1.
The problems have been fixed upstream in version 91.4.0.
None.
Thunderbird before version 91.4.0 unexpectedly enabled JavaScript in
the composition area. The JavaScript execution context was limited to
this area and did not receive chrome-level privileges, but could be
used as a stepping stone to further an attack with other
vulnerabilities.
A security issue has been found in Firefox before version 95 and
Thunderbird before version 91.4.0. Under certain circumstances,
asynchronous functions could have caused a navigation to fail but
expose the target URL.
A security issue has been found in Firefox before version 95 and
Thunderbird before version 91.4.0. An incorrect type conversion of
sizes from 64bit to 32bit integers allowed an attacker to corrupt
memory leading to a potentially exploitable crash.
A security issue has been found in Firefox before version 95 and
Thunderbird before version 91.4.0. By misusing a race in the
notification code, an attacker could have forcefully hidden the
notification for pages that had received full screen and pointer lock
access, which could have been used for spoofing attacks.
A security issue has been found in Firefox before version 95 and
Thunderbird before version 91.4.0. Failure to correctly record the
location of live pointers across wasm instance calls resulted in a
garbage collection occurring within the call not tracing those live
pointers. This could have led to a use-after-free causing a potentially
exploitable crash.
A security issue has been found in Firefox before version 95 and
Thunderbird before version 91.4.0. When invoking protocol handlers for
external protocols, a supplied parameter URL containing spaces was not
properly escaped.
A security issue has been found in Firefox before version 95 and
Thunderbird before version 91.4.0. Using XMLHttpRequest, an attacker
could have identified installed applications by probing error messages
for loading external protocols.
A security issue has been found in Firefox before version 95 and
Thunderbird before version 91.4.0. Documents loaded with the CSP
sandbox directive could have escaped the sandbox’s script restriction
by embedding additional content.
A security issue has been found in Firefox before version 95 and
Thunderbird before version 91.4.0. Using the Location API in a loop
could have caused severe application hangs and crashes.
A security issue has been found in Firefox before version 95 and
Thunderbird before version 91.4.0. It was possible to recreate previous
cursor spoofing attacks against users with a zoomed native cursor.
A remote attacker could execute arbitrary code, disclose sensitive
information, spoof content or crash the application through crafted web
content. In general, these flaws cannot be exploited through email
because scripting is disabled when reading mail, but are potentially
risks in browser or browser-like contexts.
https://www.mozilla.org/security/advisories/mfsa2021-54/
https://bugzilla.mozilla.org/show_bug.cgi?id=1742579
https://www.mozilla.org/security/advisories/mfsa2021-52/
https://bugzilla.mozilla.org/show_bug.cgi?id=1730120
https://bugzilla.mozilla.org/show_bug.cgi?id=1738237
https://bugzilla.mozilla.org/show_bug.cgi?id=1739091
https://bugzilla.mozilla.org/show_bug.cgi?id=1739683
https://bugzilla.mozilla.org/show_bug.cgi?id=1696685
https://bugzilla.mozilla.org/show_bug.cgi?id=1723281
https://bugzilla.mozilla.org/show_bug.cgi?id=1738418
https://bugzilla.mozilla.org/show_bug.cgi?id=1720926
https://bugzilla.mozilla.org/show_bug.cgi?id=1737751
https://security.archlinux.org/CVE-2021-43528
https://security.archlinux.org/CVE-2021-43536
https://security.archlinux.org/CVE-2021-43537
https://security.archlinux.org/CVE-2021-43538
https://security.archlinux.org/CVE-2021-43539
https://security.archlinux.org/CVE-2021-43541
https://security.archlinux.org/CVE-2021-43542
https://security.archlinux.org/CVE-2021-43543
https://security.archlinux.org/CVE-2021-43545
https://security.archlinux.org/CVE-2021-43546
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ArchLinux | any | any | thunderbird | < 91.4.0-1 | UNKNOWN |
bugzilla.mozilla.org/show_bug.cgi?id=1696685
bugzilla.mozilla.org/show_bug.cgi?id=1720926
bugzilla.mozilla.org/show_bug.cgi?id=1723281
bugzilla.mozilla.org/show_bug.cgi?id=1730120
bugzilla.mozilla.org/show_bug.cgi?id=1737751
bugzilla.mozilla.org/show_bug.cgi?id=1738237
bugzilla.mozilla.org/show_bug.cgi?id=1738418
bugzilla.mozilla.org/show_bug.cgi?id=1739091
bugzilla.mozilla.org/show_bug.cgi?id=1739683
bugzilla.mozilla.org/show_bug.cgi?id=1742579
security.archlinux.org/AVG-2608
security.archlinux.org/CVE-2021-43528
security.archlinux.org/CVE-2021-43536
security.archlinux.org/CVE-2021-43537
security.archlinux.org/CVE-2021-43538
security.archlinux.org/CVE-2021-43539
security.archlinux.org/CVE-2021-43541
security.archlinux.org/CVE-2021-43542
security.archlinux.org/CVE-2021-43543
security.archlinux.org/CVE-2021-43545
security.archlinux.org/CVE-2021-43546
www.mozilla.org/security/advisories/mfsa2021-52/
www.mozilla.org/security/advisories/mfsa2021-54/
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
88.8%