Main Vulnerability Database Vulnerabilities #VU58618

Security features bypass in Mozilla Thunderbird - CVE-2021-43528

Published: December 7, 2021

Vulnerability identifier: #VU58618

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-43528

CWE-ID: CWE-254

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Mozilla

Affected software:
Mozilla Thunderbird

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities.

How to mitigate CVE-2021-43528

Install updates from vendor's website.

Sources

https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/

Security features bypass in Mozilla Thunderbird - CVE-2021-43528

Detailed vulnerability description

How to mitigate CVE-2021-43528

Sources

Please verify you're human