Advisory ROSA-SA-2021-1986

Software: thunderbird 78.5.0
OS: Cobalt 7.9

CVE-ID: CVE-2020-26970
CVE-Crit: HIGH
CVE-DESC: When reading SMTP server status codes, Thunderbird writes an integer value to a position in the stack that should contain only one byte. Depending on the processor architecture and stack structure, this results in a stack corruption that can be exploited. This vulnerability affects Thunderbird <78.5.1.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-26978
CVE-Crit: MEDIUM.
CVE-DESC: Using techniques based on slipstream research, a malicious web page could expose both internal network nodes and services running on the user’s local computer. This vulnerability affects Firefox <84, Thunderbird <78.6, and Firefox ESR <78.6.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-35111
CVE-Crit: MEDIUM
CVE-DESC: When an extension with proxy permission is registered to receive , the proxy.onRequest callback was not triggered for View Source URLs. Although web content cannot go to such URLs, the user who opened View Source could inadvertently pass their IP address. This vulnerability affects Firefox <84, Thunderbird <78.6, and Firefox ESR <78.6.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-35113
CVE-Crit: HIGH
CVE-DESC: Mozilla developers reported memory security bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs indicated memory corruption, and we assume that with enough effort, some of them could be used to run arbitrary code. This vulnerability affects Firefox <84, Thunderbird <78.6, and Firefox ESR <78.6.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-26971
CVE-Crit: HIGH
CVE-DESC: Some user-supplied blit values were not properly constrained, causing a heap buffer overflow on some video drivers. This vulnerability affects Firefox <84, Thunderbird <78.6, and Firefox ESR <78.6.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-26973
CVE-Crit: HIGH
CVE-DESC: Some CSS Sanitizer input confuses it, causing it to remove incorrect components. This could have been used as a sanitizer workaround. This vulnerability affects Firefox <84, Thunderbird <78.6 and Firefox ESR <78.6.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-26974
CVE-Crit: HIGH
CVE-DESC: The StyleGenericFlexBasis object may have been incorrectly cast to the wrong type when using a flexible table shell framework. This resulted in user memory loss upon release, memory corruption, and potentially a crash. This vulnerability affects Firefox <84, Thunderbird <78.6, and Firefox ESR <78.6.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2021-23953
CVE-Crit: MEDIUM
CVE-DESC: If a user clicked on a specially crafted PDF file, a PDF reader could become confused to leak information from different sources when said information is served as fragmented data. This vulnerability affects Firefox <85, Thunderbird <78.7, and Firefox ESR <78.7.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2021-23954
CVE-Crit: HIGH
CVE-DESC: The use of new boolean assignment operators in JavaScript switch statement could cause type confusion, resulting in memory corruption and potentially crashing. This vulnerability affects Firefox <85, Thunderbird <78.7, and Firefox ESR <78.7.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2021-23960
CVE-Crit: HIGH
CVE-DESC: Garbage collection for re-declared JavaScript variables resulted in a “user-post-error” and a potential crash. This vulnerability affects Firefox <85, Thunderbird <78.7, and Firefox ESR <78.7.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2021-23964
CVE-Crit: HIGH
CVE-DESC: Mozilla developers reported memory security bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs indicated memory corruption, and we assume that with enough effort, some of them could be used to run arbitrary code. This vulnerability affects Firefox <85, Thunderbird <78.7, and Firefox ESR <78.7.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2021-23968
CVE-Crit: MEDIUM
CVE-DESC: If the content security policy blocked frame navigation, the full destination of the redirect served in the frame was reported in the breach report; as opposed to the original frame URI. This could be exploited to leak sensitive information contained in such URIs. This vulnerability affects Firefox <86, Thunderbird <78.8, and Firefox ESR <78.8.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2021-23969
CVE-Crit: MEDIUM
CVE-DESC: As stated in the W3C Content Security Policy Draft, when creating a violation report, “user agents should ensure that the source file is the URL requested by the page performing the pre-rendering. If this is not possible, user agents should to shorten the URL to the source to avoid inadvertent leakage.” For certain types of redirects, Firefox incorrectly set the source file as the redirect destination. This has been fixed to be the source of the redirection destination. This vulnerability affects Firefox <86, Thunderbird <78.8, and Firefox ESR <78.8.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2021-23973
CVE-Crit: MEDIUM
CVE-DESC: A decoding error could occur when attempting to load a cross-origin resource in an audio/video context, and the contents of this error could reveal information about the resource. This vulnerability affects Firefox <86, Thunderbird <78.8 and Firefox ESR <78.8.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2021-23978
CVE-Crit: HIGH
CVE-DESC: Mozilla developers reported memory security bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs indicated memory corruption, and we assume that with enough effort, some of them could be used to run arbitrary code. This vulnerability affects Firefox <86, Thunderbird <78.8, and Firefox ESR <78.8.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2021-23981
CVE-Crit: HIGH
CVE-DESC: Loading a pixel buffer object texture could confuse WebGL code by missing the binding of the buffer used to decompress it, resulting in memory corruption and a potential information leak or crash. This vulnerability affects Firefox ESR <78.9, Thunderbird <78.9, and Firefox <87.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2021-23982
CVE-Crit: MEDIUM.
CVE-DESC: Using techniques based on slipstream research, a malicious web page could scan both hosts on the internal network and services running on the user’s local computer using WebRTC connections. This vulnerability affects Firefox ESR <78.9, Thunderbird <78.9 and Firefox <87.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2021-23984
CVE-Crit: MEDIUM
CVE-DESC: A malicious extension could open a popup window without an address bar. The title of a popup without an address bar shouldn’t be completely controllable, but in this situation it was. This could have been used to spoof a website and attempt to trick the user into providing credentials. This vulnerability affects Firefox ESR <78.9, Thunderbird <78.9 and Firefox <87.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2021-23987
CVE-Crit: HIGH
CVE-DESC: Mozilla developers and community members have reported memory security bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs indicated memory corruption, and we assume that with enough effort, some of them could be used to run arbitrary code. This vulnerability affects Firefox ESR <78.9, Thunderbird <78.9 and Firefox <87.
CVE-STATUS: default
CVE-REV: default