Lucene search

K
cvelistMozillaCVELIST:CVE-2021-43528
HistoryDec 08, 2021 - 9:21 p.m.

CVE-2021-43528

2021-12-0821:21:12
mozilla
www.cve.org

7.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.6%

Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities. This vulnerability affects Thunderbird < 91.4.0.

CNA Affected

[
  {
    "product": "Thunderbird",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "91.4.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]