6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
8.1 High
AI Score
Confidence
Low
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.007 Low
EPSS
Percentile
80.3%
CVE-2021-29970 Vulnerability in Mozilla Thunderbird email client, related to HTML content processing error. Exploitation of the vulnerability could allow a remote attacker to cause a post-release exploit error and execute arbitrary code on the system.
CVE-2021-30547 Vulnerability in Mozilla Thunderbird email client, related to a boundary error in processing unreliable HTML content in ANGLE. Exploitation of the vulnerability could allow a remote attacker to create a customized web page, trick the victim into opening it, initiate an out-of-range write, and execute arbitrary code on the target system.
CVE-2021-29976 Vulnerability in Mozilla Thunderbird email client, related to a boundary error in HTML processing. Exploitation of the vulnerability could allow a remote attacker to create a customized web page, trick the victim into opening it, cause memory corruption and execute arbitrary code on the target system.
CVE-2021-29969 Vulnerability in Mozilla Thunderbird email client, related to the way IMAP server responses sent before the STARTTLS process are handled. Exploitation of the vulnerability could allow a remote attacker to perform a MitM attack and send arbitrary IMAP commands before STARTTLS confirmation and execute them after the confirmation is complete.
FSTEC Information Security Threat Data Bank Identifier: BDU:2021-03659, BDU:2021-03660, BDU:2021-03661, BDU:2021-03662OS version: 7.2
Do not use Mozilla Thunderbird
or
# yum update
.# yum localinstall *.rpm
.Date of last modification: 26.02.2022
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
8.1 High
AI Score
Confidence
Low
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.007 Low
EPSS
Percentile
80.3%