During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.
[
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "78.15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "91.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "91.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "78.15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "93",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]
bugzilla.mozilla.org/show_bug.cgi?id=1725335
lists.debian.org/debian-lts-announce/2022/01/msg00001.html
www.debian.org/security/2022/dsa-5034
www.mozilla.org/security/advisories/mfsa2021-43/
www.mozilla.org/security/advisories/mfsa2021-44/
www.mozilla.org/security/advisories/mfsa2021-45/
www.mozilla.org/security/advisories/mfsa2021-46/
www.mozilla.org/security/advisories/mfsa2021-47/