Lucene search

K
ubuntu
UbuntuUSN-5246-1
HistoryJan 21, 2022 - 12:00 a.m.

Thunderbird vulnerabilities

2022-01-2100:00:00
ubuntu.com
137

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

75.1%

Releases

  • Ubuntu 21.10

Packages

  • thunderbird - Mozilla Open Source mail and newsgroup client

Details

Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context, an
attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, conduct spoofing attacks, bypass security
restrictions, or execute arbitrary code. (CVE-2021-4129, CVE-2021-4140,
CVE-2021-43536, CVE-2021-43537, CVE-2021-43538, CVE-2021-43539,
CVE-2021-43541, CVE-2021-43542, CVE-2021-43543, CVE-2021-43545,
CVE-2021-43656, CVE-2022-22737, CVE-2022-22738, CVE-2022-22739,
CVE-2022-22740, CVE-2022-22741, CVE-2022-22742, CVE-2022-22743,
CVE-2022-22745, CVE-2022-22747, CVE-2022-22748, CVE-2022-22751)

It was discovered that JavaScript was unexpectedly enabled in the
composition area. An attacker could potentially exploit this in
combination with another vulnerability, with unspecified impacts.
(CVE-2021-43528)

A buffer overflow was discovered in the Matrix chat library bundled with
Thunderbird. An attacker could potentially exploit this to cause a denial
of service, or execute arbitrary code. (CVE-2021-44538)

It was discovered that Thunderbird’s OpenPGP integration only considered
the inner signed message when checking signature validity in a message
that contains an additional outer MIME layer. An attacker could
potentially exploit this to trick the user into thinking that a message
has a valid signature. (CVE-2021-4126)

OSVersionArchitecturePackageVersionFilename
Ubuntu21.10noarchthunderbird< 1:91.5.0+build1-0ubuntu0.21.10.1UNKNOWN
Ubuntu21.10noarchthunderbird-dbg< 1:91.5.0+build1-0ubuntu0.21.10.1UNKNOWN
Ubuntu21.10noarchthunderbird-dev< 1:91.5.0+build1-0ubuntu0.21.10.1UNKNOWN
Ubuntu21.10noarchthunderbird-gnome-support< 1:91.5.0+build1-0ubuntu0.21.10.1UNKNOWN
Ubuntu21.10noarchthunderbird-gnome-support-dbg< 1:91.5.0+build1-0ubuntu0.21.10.1UNKNOWN
Ubuntu21.10noarchthunderbird-locale-af< 1:91.5.0+build1-0ubuntu0.21.10.1UNKNOWN
Ubuntu21.10noarchthunderbird-locale-ar< 1:91.5.0+build1-0ubuntu0.21.10.1UNKNOWN
Ubuntu21.10noarchthunderbird-locale-ast< 1:91.5.0+build1-0ubuntu0.21.10.1UNKNOWN
Ubuntu21.10noarchthunderbird-locale-be< 1:91.5.0+build1-0ubuntu0.21.10.1UNKNOWN
Ubuntu21.10noarchthunderbird-locale-bg< 1:91.5.0+build1-0ubuntu0.21.10.1UNKNOWN
Rows per page:
1-10 of 911

References

Use Vulners API to create your own security tool

API usage cases
  • Network scanning
  • Linux Patch management
  • Threat protection
  • No network audit solution

Ways of integration

Integrate Vulners API

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

75.1%

Related for USN-5246-1