Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-38495: Security Vulnerabilities fixed in Thunderbird 91.1

Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.1 and Firefox ESR < 91.1.

CVE
#vulnerability#windows#firefox

Mozilla Foundation Security Advisory 2021-41

Announced

September 7, 2021

Impact

low

Products

Thunderbird

Fixed in

  • Thunderbird 91.1

#CVE-2021-38492: Navigating to `mk:` URL scheme could load Internet Explorer

Reporter

James Lee

Impact

moderate

Description

When delegating navigations to the operating system, Thunderbird would accept the mk scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode.
This bug only affects Thunderbird for Windows. Other operating systems are unaffected.

References

  • Bug 1721107

#CVE-2021-38495: Memory safety bugs fixed in Thunderbird 91.1

Reporter

Mozilla developers and community

Impact

high

Description

Mozilla developers Tyson Smith, Christian Holler, and Gabriele Svelto reported memory safety bugs present in Thunderbird 78.13.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

References

  • Memory safety bugs fixed in Thunderbird 91.1

Related news

Gentoo Linux Security Advisory 202208-14

Gentoo Linux Security Advisory 202208-14 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. Versions less than 91.12.0 are affected.

Gentoo Linux Security Advisory 202208-14

Gentoo Linux Security Advisory 202208-14 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. Versions less than 91.12.0 are affected.

CVE-2021-38493: Security Vulnerabilities fixed in Thunderbird 78.14

Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14, and Firefox < 92.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907