Thunderbird versions prior to 91.3.0 are vulnerable to the heap overflow
described in CVE-2021-43527 when processing S/MIME messages. Thunderbird
versions 91.3.0 and later will not call the vulnerable code when processing
S/MIME messages that contain certificates with DER-encoded DSA or RSA-PSS
signatures.

Bugs

<https://bugzilla.mozilla.org/show_bug.cgi?id=1738501>

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchthunderbird< 1:91.5.0+build1-0ubuntu0.18.04.1UNKNOWN
ubuntu20.04noarchthunderbird< 1:91.5.0+build1-0ubuntu0.20.04.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	thunderbird	< 1:91.5.0+build1-0ubuntu0.18.04.1	UNKNOWN
ubuntu	20.04	noarch	thunderbird	< 1:91.5.0+build1-0ubuntu0.20.04.1	UNKNOWN

References

launchpad.net/bugs/cve/CVE-2021-43529

nvd.nist.gov/vuln/detail/CVE-2021-43529

security-tracker.debian.org/tracker/CVE-2021-43529

www.cve.org/CVERecord?id=CVE-2021-43529

www.openwall.com/lists/oss-security/2021/12/01/6

f5 2

ubuntucve 1

prion 2

redhatcve 2

debiancve 2

cve 2

veracode 2

photon 6

nessus 79

debian 5

amazon 7

redhat 29

cbl_mariner 2

ibm 3

osv 12

archlinux 2

cnvd 1

oraclelinux 3

fedora 2

suse 4

thn 1

freebsd 1

ubuntu 4

mozilla 2

alpinelinux 1

mageia 1

cloudfoundry 1

centos 2

cloudlinux 2

rocky 2

slackware 2

almalinux 1

googleprojectzero 1

trellix 2

gentoo 2

rosalinux 1

kaspersky 1

oracle 3

K000130509 : Thunderbird vulnerability CVE-2021-43529

2023-01-06 00:00:00

K54450124 : NSS vulnerability CVE-2021-43527

2022-01-28 00:00:00

ubuntucve

CVE-2021-43527

2021-12-01 00:00:00

prion

Heap overflow

2023-02-16 22:15:00

Heap overflow

2021-12-08 22:15:00

redhatcve

CVE-2021-43529

2022-05-12 15:33:14

CVE-2021-43527

2021-12-01 17:07:57

debiancve

CVE-2021-43529

2023-02-16 22:15:10

CVE-2021-43527

2021-12-08 22:15:00

cve

CVE-2021-43529

2023-02-16 22:15:10

CVE-2021-43527

2021-12-08 22:15:00

veracode

Remote Code Execution (RCE)

2022-01-05 15:28:38

Remote Code Execution (RCE)

2021-12-07 15:48:58

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0418

2021-12-03 00:00:00

Important Photon OS Security Update - PHSA-2021-0135

2021-12-03 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0454

2021-12-03 00:00:00

nessus

Amazon Linux 2 : nspr (ALAS-2023-1953)

2023-02-23 00:00:00

Photon OS 4.0: Nss PHSA-2021-4.0-0135

2021-12-04 00:00:00

NewStart CGSL CORE 5.04 / MAIN 5.04 : nss Vulnerability (NS-SA-2022-0080)

2022-11-15 00:00:00

debian

[SECURITY] [DLA 2836-2] nss regression update

2021-12-07 23:07:16

[SECURITY] [DLA 2836-1] nss security update

2021-12-02 13:03:34

[SECURITY] [DSA 5016-1] nss security update

2021-12-01 21:51:16

amazon

Critical: nss

2023-02-17 00:11:00

Critical: nss

2021-12-01 08:34:00

Critical: nss-util

2023-02-17 00:11:00

redhat

(RHSA-2021:4932) Critical: nss security update

2021-12-06 08:30:28

(RHSA-2021:4919) Critical: nss security update

2021-12-02 18:11:26

(RHSA-2021:4953) Critical: nss security update

2021-12-06 18:53:38

cbl_mariner

CVE-2021-43527 affecting package nss 3.44-6

2022-01-10 03:59:22

CVE-2021-43527 affecting package nss 3.44-11

2022-04-09 06:52:33

ibm

Security Bulletin: Heap-Based Buffer Overflow in Mozilla Network Security Services (NSS) may affect IBM Spectrum Protect Plus (CVE-2021-43527)

2022-05-17 23:25:58

Security Bulletin: IBM QRadar Network Packet Capture is using components with known vulnerabilities

2022-03-31 14:40:20

Security Bulletin: IBM QRadar Network Security is affected by multiple vulnerabilities.

2022-11-22 06:42:01

osv

Critical: nss security update

2021-12-01 17:52:10

nss vulnerability

2021-12-01 16:49:18

Critical: nss security update

2021-12-01 17:52:10

archlinux

[ASA-202112-3] nss: arbitrary code execution

2021-12-03 00:00:00

[ASA-202112-4] lib32-nss: arbitrary code execution

2021-12-03 00:00:00

cnvd

Mozilla Network Security Services Buffer Overflow Vulnerability (CNVD-2021-102398)

2021-12-02 00:00:00

oraclelinux

nss security update

2021-12-01 00:00:00

nss security update

2021-12-01 00:00:00

nss security update

2021-12-07 00:00:00

fedora

[SECURITY] Fedora 34 Update: nss-3.73.0-1.fc34

2021-12-05 01:40:38

[SECURITY] Fedora 35 Update: nss-3.73.0-1.fc35

2021-12-04 01:24:11

suse

Security update for mozilla-nss (important)

2021-12-06 00:00:00

Security update for mozilla-nss (important)

2022-07-29 00:00:00

Security update for mozilla-nss (important)

2022-07-22 00:00:00

thn

Critical Bug in Mozilla's NSS Crypto Library Potentially Affects Several Other Software

2021-12-02 05:10:00

freebsd

NSS -- Memory corruption

2021-12-01 00:00:00

ubuntu

NSS vulnerability

2021-12-01 00:00:00

Thunderbird vulnerability

2021-12-01 00:00:00

NSS vulnerability

2021-12-01 00:00:00

mozilla

Memory corruption in NSS via DER-encoded DSA and RSA-PSS signatures — Mozilla

2021-12-01 00:00:00

Security Vulnerabilities fixed in Thunderbird 91.3 — Mozilla

2021-11-03 00:00:00

alpinelinux

CVE-2021-43527

2021-12-08 22:15:00

mageia

Updated nss packages fix security vulnerability

2021-12-02 19:49:28

cloudfoundry

USN-5168-1: NSS vulnerability | Cloud Foundry

2022-01-20 00:00:00

centos

nss security update

2021-12-06 16:52:37

thunderbird security update

2021-11-17 15:26:59

cloudlinux

Fix of CVE: CVE-2021-43527

2021-12-06 15:23:50

Fix of CVE: CVE-2021-43527

2021-12-20 12:12:34

rocky

nss security update

2021-12-01 17:52:10

thunderbird security update

2021-11-04 16:03:41

slackware

[slackware-security] mozilla-nss

2023-01-07 02:09:10

[slackware-security] mozilla-nss

2021-12-03 20:11:32

almalinux

Critical: nss security update

2021-12-01 17:52:10

googleprojectzero

This shouldn't have happened: A vulnerability postmortem

2021-12-01 00:00:00

trellix

The Bug Report - December 2021 Edition

2022-01-19 00:00:00

The Bug Report - December 2021 Edition

2022-01-19 00:00:00

gentoo

Mozilla Network Security Service (NSS): Multiple Vulnerabilities

2022-12-19 00:00:00

Mozilla Thunderbird: Multiple Vulnerabilities

2022-08-10 00:00:00

rosalinux

Advisory ROSA-SA-2023-2223

2023-08-29 12:02:20

kaspersky

KLA12352 Multiple vulnerabilities in Mozilla Thunderbird

2021-11-03 00:00:00

oracle

Oracle Critical Patch Update Advisory - January 2024

2024-01-16 00:00:00

Oracle Critical Patch Update Advisory - October 2022

2022-10-18 00:00:00

Oracle Critical Patch Update Advisory - April 2022

2022-04-19 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

43.2%

JSON

Related for UB:CVE-2021-43529