AVG-2291 log

Package thunderbird
Status Fixed
Severity High
Type multiple issues
Affected 78.14.0-1
Fixed 91.1.0-1
Current 91.9.1-1 [extra]
Ticket None
Created Thu Aug 12 22:13:20 2021
Issue Severity Remote Type Description
CVE-2021-38495 High Yes Arbitrary code execution
Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes...
CVE-2021-29991 High Yes Url request injection
Firefox and Thunderbird before version 91.0.1 incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for...
CVE-2021-29987 Medium Yes Content spoofing
A security issue has been found in Firefox and Thunderbird before version 91. After requesting multiple permissions, and closing the first permission panel,...
CVE-2021-29982 Low Yes Information disclosure
A security issue has been found in Firefox and Thunderbird before version 91. Due to incorrect JIT optimization, it incorrectly interpreted data from the...
CVE-2021-29981 High Yes Arbitrary code execution
A security issue has been found in Firefox and Thunderbird before version 91. An issue present in lowering/register allocation could have led to obscure but...
Notes
In general, these flaws cannot be exploited through email because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.