CVE-2021-43528 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Low
Remote	Yes
Type	Arbitrary code execution
Description	Thunderbird before version 91.4.0 unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2608	thunderbird	91.3.2-2	91.4.0-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
11 Dec 2021	ASA-202112-9	AVG-2608	thunderbird	High	multiple issues

References
https://www.mozilla.org/security/advisories/mfsa2021-54/ https://bugzilla.mozilla.org/show_bug.cgi?id=1742579