AVG-1601 log
| Package | thunderbird |
| Status | Fixed |
| Severity | High |
| Type | multiple issues |
| Affected | 78.7.1-1 |
| Fixed | 78.8.0-1 |
| Current | 145.0-1 [extra] |
| Ticket | None |
| Created | Tue Feb 23 19:02:02 2021 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2021-23978 | High | Yes | Arbitrary code execution | A security issue was found in Firefox before version 86.0 and Thunderbird before version 78.8. Mozilla developers reported memory safety bugs present in... |
| CVE-2021-23973 | Low | Yes | Information disclosure | A security issue was found in Firefox before version 86.0 and Thunderbird before version 78.8. When trying to load a cross-origin resource in an audio/video... |
| CVE-2021-23969 | High | Yes | Information disclosure | A security issue was found in Firefox before version 86.0 and Thunderbird before version 78.8. As specified in the W3C Content Security Policy draft, when... |
| CVE-2021-23968 | High | Yes | Information disclosure | A security issue was found in Firefox before version 86.0 and Thunderbird before version 78.8. If Content Security Policy blocked frame navigation, the full... |
| References |
|---|
https://www.mozilla.org/en-US/security/advisories/mfsa2021-09/ |
| Notes |
|---|
In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts. |