CVE-2021-29969 log

Severity High
Remote Yes
Type Content spoofing
If Thunderbird before version 78.12 was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for example the attacker could have tricked Thunderbird to show folders that didn't exist on the IMAP server.
Group Package Affected Fixed Severity Status Ticket
AVG-2152 thunderbird 78.11.0-1 78.12.0-1 High Fixed
Date Advisory Group Package Severity Type
14 Jul 2021 ASA-202107-21 AVG-2152 thunderbird High multiple issues