AVG-1315 log

Package thunderbird
Status Fixed
Severity High
Type multiple issues
Affected 78.5.0-1
Fixed 78.6.0-1
Current 91.1.1-1 [extra]
Ticket FS#68853
Created Wed Dec 2 23:20:08 2020
Issue Severity Remote Type Description
CVE-2020-35113 High Yes Arbitrary code execution
Mozilla developer Christian Holler reported memory safety bugs present in Firefox 83, Firefox ESR 78.5 and Thunderbird 78.5. Some of these bugs showed...
CVE-2020-35111 Low Yes Information disclosure
A security issue was discovered in Firefox before 84.0 and Thunderbird before 78.6. When an extension with the proxy permission registered to receive...
CVE-2020-26978 Medium Yes Information disclosure
A security issue was discovered in Firefox before 84.0 and Thunderbird before 78.6. Using techniques that built on the slipstream research, a malicious...
CVE-2020-26974 High Yes Arbitrary code execution
A security issue was found in Firefox before 84.0 and Thunderbird before 78.6. When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object...
CVE-2020-26973 High Yes Content spoofing
A security issue was found in Firefox before 84.0 and Thunderbird before 78.6 where certain input to the CSS Sanitizer confused it, resulting in incorrect...
CVE-2020-26971 High Yes Arbitrary code execution
A security issue was found in Firefox before 84.0 and Thunderbird before 78.6 where certain blit values provided by the user were not properly constrained,...
CVE-2020-26970 High No Arbitrary code execution
When reading SMTP server status codes, Thunderbird before 78.5.1 writes an integer value to a position on the stack that is intended to contain just one...
CVE-2020-16042 High Yes Information disclosure
An uninitialized use security issue has been found in the V8 component of the chromium browser before version 87.0.4280.88 and Firefox before 84.0.
Date Advisory Package Type
16 Dec 2020 ASA-202012-23 thunderbird multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2020-53/
https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/
Notes
In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.