AVG-2608 log

Package thunderbird
Status Fixed
Severity High
Type multiple issues
Affected 91.3.2-2
Fixed 91.4.0-1
Current 102.5.1-1 [extra]
Ticket None
Created Tue Dec 7 20:08:19 2021
Issue Severity Remote Type Description
CVE-2021-43546 Low Yes Content spoofing
A security issue has been found in Firefox before version 95 and Thunderbird before version 91.4.0. It was possible to recreate previous cursor spoofing...
CVE-2021-43545 Low Yes Denial of service
A security issue has been found in Firefox before version 95 and Thunderbird before version 91.4.0. Using the Location API in a loop could have caused...
CVE-2021-43543 Medium Yes Sandbox escape
A security issue has been found in Firefox before version 95 and Thunderbird before version 91.4.0. Documents loaded with the CSP sandbox directive could...
CVE-2021-43542 Medium Yes Information disclosure
A security issue has been found in Firefox before version 95 and Thunderbird before version 91.4.0. Using XMLHttpRequest, an attacker could have identified...
CVE-2021-43541 Medium Yes Incorrect calculation
A security issue has been found in Firefox before version 95 and Thunderbird before version 91.4.0. When invoking protocol handlers for external protocols,...
CVE-2021-43539 High Yes Arbitrary code execution
A security issue has been found in Firefox before version 95 and Thunderbird before version 91.4.0. Failure to correctly record the location of live...
CVE-2021-43538 High Yes Content spoofing
A security issue has been found in Firefox before version 95 and Thunderbird before version 91.4.0. By misusing a race in the notification code, an attacker...
CVE-2021-43537 High Yes Arbitrary code execution
A security issue has been found in Firefox before version 95 and Thunderbird before version 91.4.0. An incorrect type conversion of sizes from 64bit to...
CVE-2021-43536 High Yes Information disclosure
A security issue has been found in Firefox before version 95 and Thunderbird before version 91.4.0. Under certain circumstances, asynchronous functions...
CVE-2021-43528 Low Yes Arbitrary code execution
Thunderbird before version 91.4.0 unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did...
Date Advisory Package Type
11 Dec 2021 ASA-202112-9 thunderbird multiple issues
Notes
In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.