AVG-1836 log

Package thunderbird
Status Fixed
Severity High
Type multiple issues
Affected 78.9.1-3
Fixed 78.10.0-1
Current 128.4.2-1 [extra-testing]
128.4.0-1 [extra]
Ticket None
Created Mon Apr 19 14:20:23 2021
Issue Severity Remote Type Description
CVE-2021-29948 Low No Signature forgery
A security issue has been found in Thunderbird before version 78.10. Signatures are written to disk before and read during verification, which might be...
CVE-2021-29946 Low Yes Access restriction bypass
A security issue has been found in Firefox before version 88 and Thunderbird before version 78.10. Ports that were written as an integer overflow above the...
CVE-2021-24002 Medium Yes Arbitrary command execution
A security issue has been found in Firefox before version 88 and Thunderbird before version 78.10. When a user clicked on an FTP URL containing encoded...
CVE-2021-23999 Medium Yes Sandbox escape
A security issue has been found in Firefox before version 88 and Thunderbird before version 78.10. If a Blob URL was loaded through some unusual user...
CVE-2021-23998 Medium Yes Content spoofing
A security issue has been found in Firefox before version 88 and Thunderbird before version 78.10. Through complicated navigations with new windows, an HTTP...
CVE-2021-23995 High Yes Arbitrary code execution
A security issue has been found in Firefox before version 88 and Thunderbird before version 78.10. When Responsive Design Mode was enabled, it used...
CVE-2021-23994 High Yes Arbitrary code execution
A security issue has been found in Firefox before version 88 and Thunderbird before version 78.10. A WebGL framebuffer was not initialized early enough,...
CVE-2021-23961 Medium Yes Information disclosure
A security issue was found in Firefox before version 85.0. Further techniques that built on the slipstream research combined with a malicious webpage could...
Date Advisory Package Type
29 Apr 2021 ASA-202104-4 thunderbird multiple issues
Notes
In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.