21 matches found
Astra Linux – Vulnerability in Thunderbird
If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses before the STARTTLS handshake was completed, then Thunderbird did not ignore the injected data. This could result in Thunderbird displaying incorrect information. For example, the...
Astra Linux – Vulnerability in Firefox and Thunderbird
Mozilla developers reported memory safety bugs in the code shared between Firefox and Thunderbird. Some of these bugs showed signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects...
Linux Distros Unpatched Vulnerability : CVE-2021-29976
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption a...
CVE-2021-29989
Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird 78.13,...
CVE-2021-29989
Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird 78.13,...
CVE-2021-29969
If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for...
UBUNTU-CVE-2021-29969
If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for...
CVE-2021-29969
If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for...
CVE-2021-29969
If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for...
CentOS 8 : thunderbird (CESA-2021:2883)
The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2021:2883 advisory. - Mozilla: IMAP server responses sent by a MITM prior to STARTTLS could be processed CVE-2021-29969 - Mozilla: Use-after-free in accessibility features...
Mozilla Firefox ESR Security Advisories (MFSA2021-26, MFSA2021-30) - Mac OS X
This host is missing a security update according to Mozilla. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...
Mozilla Thunderbird Security Advisories (MFSA2021-27, MFSA2021-30) - Mac OS X
This host is missing a security update according to Mozilla. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird"...
Mozilla: IMAP server responses sent by a MITM prior to STARTTLS could be processed
If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for...
Mozilla: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12
Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbi...
Mozilla: IMAP server responses sent by a MITM prior to STARTTLS could be processed
If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for...
RHEL 8 : thunderbird (RHSA-2021:2883)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:2883 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.12.0. Security Fixes: Mozilla:...
Mozilla: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12
Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbi...
UBUNTU-CVE-2021-29970
A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. This bug could only be triggered when accessibility was enabled.. This vulnerability affects Thunderbird 78.12, Firefox ESR 78.12, and Firefox 90...
UBUNTU-CVE-2021-29976
Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbi...
Vulnerabilities fixed in Mozilla Thunderbird
Mozilla has fixed vulnerabilities in Thunderbird. The vulnerabilities allow an unauthenticated remote malicious person to remote may be able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure. Remote code execution User...