AVG-2459 log

Package thunderbird
Status Fixed
Severity High
Type multiple issues
Affected 91.1.2-1
Fixed 91.2.0-1
Current 91.9.0-1 [extra]
Ticket None
Created Tue Oct 12 14:41:00 2021
Issue Severity Remote Type Description
CVE-2021-38502 High Yes Man-in-the-middle
Thunderbird before version 91.2 ignored the configuration to require STARTTLS security for an SMTP connection. A man-in-the-middle (MITM) could perform a...
CVE-2021-38501 High Yes Arbitrary code execution
Mozilla developers and community members reported memory safety bugs present in Firefox 92 and Thunderbird 91.1. Some of these bugs showed evidence of...
CVE-2021-38500 High Yes Arbitrary code execution
Mozilla developers and community members reported memory safety bugs present in Firefox 92 and Thunderbird 91.1. Some of these bugs showed evidence of...
CVE-2021-38498 Medium Yes Arbitrary code execution
During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially...
CVE-2021-38497 Medium Yes Content spoofing
Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user...
CVE-2021-38496 High Yes Arbitrary code execution
During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash.
CVE-2021-32810 Medium Yes Information disclosure
In the crossbeam crate, one or more tasks in the worker queue could have been be popped twice instead of other tasks that are forgotten and never popped. If...
Notes
In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.