Debian update for thunderbird



Published: 2022-01-03
Risk High
Patch available YES
Number of vulnerabilities 24
CVE-ID CVE-2021-43535
CVE-2021-44538
CVE-2021-43546
CVE-2021-43545
CVE-2021-43543
CVE-2021-43542
CVE-2021-43541
CVE-2021-43539
CVE-2021-43538
CVE-2021-43537
CVE-2021-43536
CVE-2021-43534
CVE-2021-4126
CVE-2021-43529
CVE-2021-43528
CVE-2021-38509
CVE-2021-38508
CVE-2021-38507
CVE-2021-38506
CVE-2021-38504
CVE-2021-38503
CVE-2021-38502
CVE-2021-38500
CVE-2021-38496
CWE-ID CWE-416
CWE-119
CWE-451
CWE-835
CWE-254
CWE-200
CWE-20
CWE-704
CWE-357
CWE-1021
CWE-319
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
thunderbird (Debian package)
Operating systems & Components / Operating system package or component

Vendor Debian

Security Bulletin

This security bulletin contains information about 24 vulnerabilities.

1) Use-after-free

EUVDB-ID: #VU57889

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-43535

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing HTTP/2 session object. A remote attacker can trick the victim to open a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update thunderbird package to one of the following versions: 1:91.4.1-1~deb10u1, 1:91.4.1-1~deb11u1.

Vulnerable software versions

thunderbird (Debian package): before 1:91.4.1-1~deb11u1

CPE2.3
External links

http://www.debian.org/security/2022/dsa-5034


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Buffer overflow

EUVDB-ID: #VU59080

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-44538

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to a boundary error within the olm_session_describe() function in libolm. A remote attacker send specially crafted messages to the application that is using the affected library, trigger buffer overflow and perform a denial of service (DoS) attack

Mitigation

Update thunderbird package to one of the following versions: 1:91.4.1-1~deb10u1, 1:91.4.1-1~deb11u1.

Vulnerable software versions

thunderbird (Debian package): before 1:91.4.1-1~deb11u1

CPE2.3
External links

http://www.debian.org/security/2022/dsa-5034


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Spoofing attack

EUVDB-ID: #VU58616

Risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-43546

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of user-supplied data, when native cursor is zoomed. A remote attacker can perform cursor spoofing attack.

Mitigation

Update thunderbird package to one of the following versions: 1:91.4.1-1~deb10u1, 1:91.4.1-1~deb11u1.

Vulnerable software versions

thunderbird (Debian package): before 1:91.4.1-1~deb11u1

CPE2.3
External links

http://www.debian.org/security/2022/dsa-5034


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Infinite loop

EUVDB-ID: #VU58615

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-43545

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop when using Location API. A remote attacker can consume all available system resources and cause denial of service conditions.

Mitigation

Update thunderbird package to one of the following versions: 1:91.4.1-1~deb10u1, 1:91.4.1-1~deb11u1.

Vulnerable software versions

thunderbird (Debian package): before 1:91.4.1-1~deb11u1

CPE2.3
External links

http://www.debian.org/security/2022/dsa-5034


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Security features bypass

EUVDB-ID: #VU58613

Risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-43543

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to an error when handling CSP policies. Documents loaded with the CSP sandbox directive can escape the sandbox's script restriction by embedding additional content.

Mitigation

Update thunderbird package to one of the following versions: 1:91.4.1-1~deb10u1, 1:91.4.1-1~deb11u1.

Vulnerable software versions

thunderbird (Debian package): before 1:91.4.1-1~deb11u1

CPE2.3
External links

http://www.debian.org/security/2022/dsa-5034


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Information disclosure

EUVDB-ID: #VU58612

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-43542

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the way Firefox handles XMLHttpRequest requests. A remote attacker can initiate a XMLHttpRequest and identify installed applications by probing error messages for loading external protocols.

Mitigation

Update thunderbird package to one of the following versions: 1:91.4.1-1~deb10u1, 1:91.4.1-1~deb11u1.

Vulnerable software versions

thunderbird (Debian package): before 1:91.4.1-1~deb11u1

CPE2.3
External links

http://www.debian.org/security/2022/dsa-5034


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Input validation error

EUVDB-ID: #VU58611

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-43541

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient validation of user-supplied input when handling spaces in URLS with external protocol handlers. A remote attacker can trick the victim to click on a specially crafted link and pass unescaped input to a third-party application via URI handler.

Mitigation

Update thunderbird package to one of the following versions: 1:91.4.1-1~deb10u1, 1:91.4.1-1~deb11u1.

Vulnerable software versions

thunderbird (Debian package): before 1:91.4.1-1~deb11u1

CPE2.3
External links

http://www.debian.org/security/2022/dsa-5034


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Use-after-free

EUVDB-ID: #VU58608

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-43539

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in GC rooting when calling wasm instance methods. A remote attacker can trick the victim to open a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update thunderbird package to one of the following versions: 1:91.4.1-1~deb10u1, 1:91.4.1-1~deb11u1.

Vulnerable software versions

thunderbird (Debian package): before 1:91.4.1-1~deb11u1

CPE2.3
External links

http://www.debian.org/security/2022/dsa-5034


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Spoofing attack

EUVDB-ID: #VU58607

Risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-43538

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to a race in notification code. A remote attacker can hide the notification for pages that had received full screen and pointer lock access. Successful exploitation of the vulnerability may allow an attacker to perform spoofing attack.

Mitigation

Update thunderbird package to one of the following versions: 1:91.4.1-1~deb10u1, 1:91.4.1-1~deb11u1.

Vulnerable software versions

thunderbird (Debian package): before 1:91.4.1-1~deb11u1

CPE2.3
External links

http://www.debian.org/security/2022/dsa-5034


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Type conversion

EUVDB-ID: #VU58586

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-43537

CWE-ID: CWE-704 - Type conversion

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a type conversion error when processing sizes from 64bit to 32bit integers when using structured clone. A remote attacker can trick the victim to visit a specially crafted web page, trigger a heap-based buffer overflow and execute arbitrary code on the system.

Mitigation

Update thunderbird package to one of the following versions: 1:91.4.1-1~deb10u1, 1:91.4.1-1~deb11u1.

Vulnerable software versions

thunderbird (Debian package): before 1:91.4.1-1~deb11u1

CPE2.3
External links

http://www.debian.org/security/2022/dsa-5034


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Information disclosure

EUVDB-ID: #VU58585

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-43536

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to URL leakage when executing asynchronous functions. A remote attacker can trick the victim to open a specially crafted web page and reveal the URL of the page that is being visited afterwards.

Mitigation

Update thunderbird package to one of the following versions: 1:91.4.1-1~deb10u1, 1:91.4.1-1~deb11u1.

Vulnerable software versions

thunderbird (Debian package): before 1:91.4.1-1~deb11u1

CPE2.3
External links

http://www.debian.org/security/2022/dsa-5034


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Buffer overflow

EUVDB-ID: #VU57888

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-43534

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted webpage, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update thunderbird package to one of the following versions: 1:91.4.1-1~deb10u1, 1:91.4.1-1~deb11u1.

Vulnerable software versions

thunderbird (Debian package): before 1:91.4.1-1~deb11u1

CPE2.3
External links

http://www.debian.org/security/2022/dsa-5034


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Insufficient UI Warning of Dangerous Operations

EUVDB-ID: #VU59081

Risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-4126

CWE-ID: CWE-357 - Insufficient UI Warning of Dangerous Operations

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attacks.

The vulnerability exists in the way Thunderbird handles signed email messages. When receiving an OpenPGP/MIME signed email message that contains an additional outer MIME message layer, for example a message footer added by a mailing list gateway, Thunderbird only considered the inner signed message for the signature validity. This gave the false impression that the additional contents were also covered by the digital signature.

Mitigation

Update thunderbird package to one of the following versions: 1:91.4.1-1~deb10u1, 1:91.4.1-1~deb11u1.

Vulnerable software versions

thunderbird (Debian package): before 1:91.4.1-1~deb11u1

CPE2.3
External links

http://www.debian.org/security/2022/dsa-5034


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Buffer overflow

EUVDB-ID: #VU59147

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-43529

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when handling DER-encoded DSA or RSA-PSS signatures within Mozilla NSS library, as used in Mozilla Thunderbird. A remote attacker can send specially crafted emails with signatures encoded within CMS, S/MIME, PKCS #7, or PKCS #12, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, this vulnerability is described separately from #VU58477 (CVE-2021-43527), as Mozilla has decided to issue different patches for Thunderbird and NSS library.

Mitigation

Update thunderbird package to one of the following versions: 1:91.4.1-1~deb10u1, 1:91.4.1-1~deb11u1.

Vulnerable software versions

thunderbird (Debian package): before 1:91.4.1-1~deb11u1

CPE2.3
External links

http://www.debian.org/security/2022/dsa-5034


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Security features bypass

EUVDB-ID: #VU58618

Risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-43528

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities.

Mitigation

Update thunderbird package to one of the following versions: 1:91.4.1-1~deb10u1, 1:91.4.1-1~deb11u1.

Vulnerable software versions

thunderbird (Debian package): before 1:91.4.1-1~deb11u1

CPE2.3
External links

http://www.debian.org/security/2022/dsa-5034


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Improper Restriction of Rendered UI Layers or Frames

EUVDB-ID: #VU57883

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-38509

CWE-ID: CWE-1021 - Improper Restriction of Rendered UI Layers or Frames

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of an unusual sequence of attacker-controlled events. A remote attacker can display a Javascript alert() dialog with arbitrary (although unstyled) contents over top of arbitrary webpage of the attacker's choosing.

Mitigation

Update thunderbird package to one of the following versions: 1:91.4.1-1~deb10u1, 1:91.4.1-1~deb11u1.

Vulnerable software versions

thunderbird (Debian package): before 1:91.4.1-1~deb11u1

CPE2.3
External links

http://www.debian.org/security/2022/dsa-5034


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Improper Restriction of Rendered UI Layers or Frames

EUVDB-ID: #VU57882

Risk: Low

CVSSv3.1: 3.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-38508

CWE-ID: CWE-1021 - Improper Restriction of Rendered UI Layers or Frames

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to Firefox displays the form validity message in the correct location at the same time as a permission prompt (such as for geolocation). The validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission.

Mitigation

Update thunderbird package to one of the following versions: 1:91.4.1-1~deb10u1, 1:91.4.1-1~deb11u1.

Vulnerable software versions

thunderbird (Debian package): before 1:91.4.1-1~deb11u1

CPE2.3
External links

http://www.debian.org/security/2022/dsa-5034


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Security features bypass

EUVDB-ID: #VU57881

Risk: Low

CVSSv3.1: 3.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-38507

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists in the Opportunistic Encryption feature of HTTP2, which allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on port 80. However, if a second encrypted port on the same IP address (e.g. port 8443) did not opt-in to opportunistic encryption; a network attacker could forward a connection from the browser from port 443 to port 8443, causing the browser to treat the content of port 8443 as same-origin with HTTP. As a result, a remote attacker can bypass Same-Origin-Policy on services hosted on other ports.

Mitigation

Update thunderbird package to one of the following versions: 1:91.4.1-1~deb10u1, 1:91.4.1-1~deb11u1.

Vulnerable software versions

thunderbird (Debian package): before 1:91.4.1-1~deb11u1

CPE2.3
External links

http://www.debian.org/security/2022/dsa-5034


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Insufficient UI Warning of Dangerous Operations

EUVDB-ID: #VU57880

Risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-38506

CWE-ID: CWE-357 - Insufficient UI Warning of Dangerous Operations

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attacks.

The vulnerability exists due to Firefox could have entered fullscreen mode without notification or warning to the user. A remote attacker can perform spoofing attacks on the browser UI.

Mitigation

Update thunderbird package to one of the following versions: 1:91.4.1-1~deb10u1, 1:91.4.1-1~deb11u1.

Vulnerable software versions

thunderbird (Debian package): before 1:91.4.1-1~deb11u1

CPE2.3
External links

http://www.debian.org/security/2022/dsa-5034


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Use-after-free

EUVDB-ID: #VU57878

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-38504

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when interacting with an HTML input element's file picker dialog with webkitdirectory set. A remote attacker can trick the victim to open a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update thunderbird package to one of the following versions: 1:91.4.1-1~deb10u1, 1:91.4.1-1~deb11u1.

Vulnerable software versions

thunderbird (Debian package): before 1:91.4.1-1~deb11u1

CPE2.3
External links

http://www.debian.org/security/2022/dsa-5034


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Security features bypass

EUVDB-ID: #VU57876

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-38503

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to the iframe sandbox rules were not correctly applied to XSLT stylesheets. A remote attacker can load use an iframe to bypass restrictions such as executing scripts or navigating the top-level frame.

Mitigation

Update thunderbird package to one of the following versions: 1:91.4.1-1~deb10u1, 1:91.4.1-1~deb11u1.

Vulnerable software versions

thunderbird (Debian package): before 1:91.4.1-1~deb11u1

CPE2.3
External links

http://www.debian.org/security/2022/dsa-5034


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Cleartext transmission of sensitive information

EUVDB-ID: #VU57241

Risk: Medium

CVSSv3.1: 6.2 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-38502

CWE-ID: CWE-319 - Cleartext Transmission of Sensitive Information

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to software ignores the configuration to require STARTTLS security for an SMTP connection. A remote attacker with ability to intercept network traffic can gain access to sensitive data.

Mitigation

Update thunderbird package to one of the following versions: 1:91.4.1-1~deb10u1, 1:91.4.1-1~deb11u1.

Vulnerable software versions

thunderbird (Debian package): before 1:91.4.1-1~deb11u1

CPE2.3
External links

http://www.debian.org/security/2022/dsa-5034


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Memory corruption

EUVDB-ID: #VU57065

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-38500

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can trick the victim to visit a specially crafted web page, trigger a memory corruption and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update thunderbird package to one of the following versions: 1:91.4.1-1~deb10u1, 1:91.4.1-1~deb11u1.

Vulnerable software versions

thunderbird (Debian package): before 1:91.4.1-1~deb11u1

CPE2.3
External links

http://www.debian.org/security/2022/dsa-5034


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Use-after-free

EUVDB-ID: #VU57064

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-38496

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error during operations on MessageTasks. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update thunderbird package to one of the following versions: 1:91.4.1-1~deb10u1, 1:91.4.1-1~deb11u1.

Vulnerable software versions

thunderbird (Debian package): before 1:91.4.1-1~deb11u1

CPE2.3
External links

http://www.debian.org/security/2022/dsa-5034


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###