Debian Thunderbird vulnerabilities

CVE-2022-22746 [MEDIUM] CVE-2022-22746: firefox - A race condition could have allowed bypassing the fullscreen notification which ... A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed.*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Scope: local sid: resolved

CVE-2022-31739 [HIGH] CVE-2022-31739: firefox - When downloading files on Windows, the % character was not escaped, which could ... When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%.*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefo

CVE-2021-4127 [CRITICAL] CVE-2021-4127: firefox-esr - An out of date graphics library (Angle) likely contained vulnerabilities that co... An out of date graphics library (Angle) likely contained vulnerabilities that could potentially be exploited. This vulnerability affects Thunderbird < 78.9 and Firefox ESR < 78.9. Scope: local bookworm: resolved (fixed in 78.9.0esr-1) bullseye: resolved (fixed in 78.9.0esr-1) forky: resolved (fixed in 78.9.0esr-1) sid: resolved (fixed in 78.9.0esr-1) trixie: r

CVE-2021-44538 [CRITICAL] CVE-2021-44538: olm - The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to... The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted sequence of messages to manipulate the state of the receiver's session i

CVE-2021-43529 [CRITICAL] CVE-2021-43529: thunderbird - Thunderbird versions prior to 91.3.0 are vulnerable to the heap overflow describ... Thunderbird versions prior to 91.3.0 are vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages. Thunderbird versions 91.3.0 and later will not call the vulnerable code when processing S/MIME messages that contain certificates with DER-encoded DSA or RSA-PSS signatures. Scope: local bookworm: resolved (fixed in 1:91.3.0-1

CVE-2021-4140 [CRITICAL] CVE-2021-4140: firefox - It was possible to construct specific XSLT markup that would be able to bypass a... It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Scope: local sid: resolved (fixed in 96.0-1)

CVE-2021-4129 [CRITICAL] CVE-2021-4129: firefox - Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele ... Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Firefox 94. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability

CVE-2021-32810 [CRITICAL] CVE-2021-32810: firefox - crossbeam-deque is a package of work-stealing deques for building task scheduler... crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this can cause double f

CVE-2021-38503 [CRITICAL] CVE-2021-38503: firefox - The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowin... The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. Scope: local sid: resolved (fixed in 94.0-1)

CVE-2021-29989 [HIGH] CVE-2021-29989: firefox - Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox... Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.13, Firefox ESR < 78.13, and Firefox < 91. Scope: local sid: resolved (fix

CVE-2021-23995 [HIGH] CVE-2021-23995: firefox - When Responsive Design Mode was enabled, it used references to objects that were... When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. Scope: local sid: resolved (fixed in 88.0-1)

CVE-2021-23978 [HIGH] CVE-2021-23978: firefox - Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox... Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. Scope: local sid: resolved (fixed

CVE-2021-23999 [HIGH] CVE-2021-23999: firefox - If a Blob URL was loaded through some unusual user interaction, it could have be... If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. Scope: local sid: resolved (fixed in 88.0-1)

CVE-2021-38504 [HIGH] CVE-2021-38504: firefox - When interacting with an HTML input element's file picker dialog with webkitdire... When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. Scope: local sid: resolved (fixed in 94.0-1)

CVE-2021-38498 [HIGH] CVE-2021-38498: firefox - During process shutdown, a document could have caused a use-after-free of a lang... During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2. Scope: local sid: resolved (fixed in 93.0-1)

CVE-2021-29988 [HIGH] CVE-2021-29988: firefox - Firefox incorrectly treated an inline list-item element as a block element, resu... Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. Scope: local sid: resolved (fixed in 91.0-1)

CVE-2021-29967 [HIGH] CVE-2021-29967: firefox - Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox... Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11. Scope: local sid: resolved (fix

CVE-2021-24002 [HIGH] CVE-2021-24002: firefox - When a user clicked on an FTP URL containing encoded newline characters (%0A and... When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. Scope: local sid: resolved (fixed in 88.0-1)

CVE-2021-29984 [HIGH] CVE-2021-29984: firefox - Instruction reordering resulted in a sequence of instructions that would cause a... Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. Scope: local sid: resolved (fixed in 91.0-1)

CVE-2021-29949 [HIGH] CVE-2021-29949: thunderbird - When loading the shared library that provides the OTR protocol implementation, T... When loading the shared library that provides the OTR protocol implementation, Thunderbird will initially attempt to open it using a filename that isn't distributed by Thunderbird. If a computer has already been infected with a malicious library of the alternative filename, and the malicious library has been copied to a directory that is contained in the search