AVG-1601 log

Package thunderbird
Status Fixed
Severity High
Type multiple issues
Affected 78.7.1-1
Fixed 78.8.0-1
Current 102.5.0-1 [extra]
Ticket None
Created Tue Feb 23 19:02:02 2021
Issue Severity Remote Type Description
CVE-2021-23978 High Yes Arbitrary code execution
A security issue was found in Firefox before version 86.0 and Thunderbird before version 78.8. Mozilla developers reported memory safety bugs present in...
CVE-2021-23973 Low Yes Information disclosure
A security issue was found in Firefox before version 86.0 and Thunderbird before version 78.8. When trying to load a cross-origin resource in an audio/video...
CVE-2021-23969 High Yes Information disclosure
A security issue was found in Firefox before version 86.0 and Thunderbird before version 78.8. As specified in the W3C Content Security Policy draft, when...
CVE-2021-23968 High Yes Information disclosure
A security issue was found in Firefox before version 86.0 and Thunderbird before version 78.8. If Content Security Policy blocked frame navigation, the full...
References
https://www.mozilla.org/en-US/security/advisories/mfsa2021-09/
Notes
In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.