Arch Linux Security Advisory ASA-202112-9 ========================================= Severity: High Date : 2021-12-11 CVE-ID : CVE-2021-43528 CVE-2021-43536 CVE-2021-43537 CVE-2021-43538 CVE-2021-43539 CVE-2021-43541 CVE-2021-43542 CVE-2021-43543 CVE-2021-43545 CVE-2021-43546 Package : thunderbird Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2608 Summary ======= The package thunderbird before version 91.4.0-1 is vulnerable to multiple issues including arbitrary code execution, content spoofing, information disclosure, incorrect calculation, sandbox escape and denial of service. Resolution ========== Upgrade to 91.4.0-1. # pacman -Syu "thunderbird>=91.4.0-1" The problems have been fixed upstream in version 91.4.0. Workaround ========== None. Description =========== - CVE-2021-43528 (arbitrary code execution) Thunderbird before version 91.4.0 unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities. - CVE-2021-43536 (information disclosure) A security issue has been found in Firefox before version 95 and Thunderbird before version 91.4.0. Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. - CVE-2021-43537 (arbitrary code execution) A security issue has been found in Firefox before version 95 and Thunderbird before version 91.4.0. An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash. - CVE-2021-43538 (content spoofing) A security issue has been found in Firefox before version 95 and Thunderbird before version 91.4.0. By misusing a race in the notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks. - CVE-2021-43539 (arbitrary code execution) A security issue has been found in Firefox before version 95 and Thunderbird before version 91.4.0. Failure to correctly record the location of live pointers across wasm instance calls resulted in a garbage collection occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitable crash. - CVE-2021-43541 (incorrect calculation) A security issue has been found in Firefox before version 95 and Thunderbird before version 91.4.0. When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. - CVE-2021-43542 (information disclosure) A security issue has been found in Firefox before version 95 and Thunderbird before version 91.4.0. Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. - CVE-2021-43543 (sandbox escape) A security issue has been found in Firefox before version 95 and Thunderbird before version 91.4.0. Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content. - CVE-2021-43545 (denial of service) A security issue has been found in Firefox before version 95 and Thunderbird before version 91.4.0. Using the Location API in a loop could have caused severe application hangs and crashes. - CVE-2021-43546 (content spoofing) A security issue has been found in Firefox before version 95 and Thunderbird before version 91.4.0. It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor. Impact ====== A remote attacker could execute arbitrary code, disclose sensitive information, spoof content or crash the application through crafted web content. In general, these flaws cannot be exploited through email because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts. References ========== https://www.mozilla.org/security/advisories/mfsa2021-54/ https://bugzilla.mozilla.org/show_bug.cgi?id=1742579 https://www.mozilla.org/security/advisories/mfsa2021-52/ https://bugzilla.mozilla.org/show_bug.cgi?id=1730120 https://bugzilla.mozilla.org/show_bug.cgi?id=1738237 https://bugzilla.mozilla.org/show_bug.cgi?id=1739091 https://bugzilla.mozilla.org/show_bug.cgi?id=1739683 https://bugzilla.mozilla.org/show_bug.cgi?id=1696685 https://bugzilla.mozilla.org/show_bug.cgi?id=1723281 https://bugzilla.mozilla.org/show_bug.cgi?id=1738418 https://bugzilla.mozilla.org/show_bug.cgi?id=1720926 https://bugzilla.mozilla.org/show_bug.cgi?id=1737751 https://security.archlinux.org/CVE-2021-43528 https://security.archlinux.org/CVE-2021-43536 https://security.archlinux.org/CVE-2021-43537 https://security.archlinux.org/CVE-2021-43538 https://security.archlinux.org/CVE-2021-43539 https://security.archlinux.org/CVE-2021-43541 https://security.archlinux.org/CVE-2021-43542 https://security.archlinux.org/CVE-2021-43543 https://security.archlinux.org/CVE-2021-43545 https://security.archlinux.org/CVE-2021-43546