Debian Thunderbird vulnerabilities

CVE-2021-23964 [HIGH] CVE-2021-23964: firefox - Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox... Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. Scope: local sid: resolved (fixed

CVE-2021-23987 [HIGH] CVE-2021-23987: firefox - Mozilla developers and community members reported memory safety bugs present in ... Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9. Scope: local

CVE-2021-43535 [HIGH] CVE-2021-43535: firefox - A use-after-free could have occured when an HTTP2 session object was released on... A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.3, and Firefox ESR < 91.3. Scope: local sid: resolved (fixed in 93.0-1)

CVE-2021-43537 [HIGH] CVE-2021-43537: firefox - An incorrect type conversion of sizes from 64bit to 32bit integers allowed an at... An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. Scope: local sid: resolved (fixed in 95.0-1)

CVE-2021-23953 [MEDIUM] CVE-2021-23953: firefox - If a user clicked into a specifically crafted PDF, the PDF reader could be confu... If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. Scope: local sid: resolved (fixed in 85.0-1)

CVE-2021-38497 [MEDIUM] CVE-2021-38497: firefox - Through use of reportValidity() and window.open(), a plain-text validation messa... Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2. Scope: local sid: resolved (fixed in 93.0-1)

CVE-2021-43538 [MEDIUM] CVE-2021-43538: firefox - By misusing a race in our notification code, an attacker could have forcefully h... By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. Scope: local sid: resolved (fixed in 95.0-1)

CVE-2021-38506 [MEDIUM] CVE-2021-38506: firefox - Through a series of navigations, Firefox could have entered fullscreen mode with... Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. Scope: local sid: resolved (fixed in 94.0-1)

CVE-2021-23993 [MEDIUM] CVE-2021-23993: thunderbird - An attacker may perform a DoS attack to prevent a user from sending encrypted em... An attacker may perform a DoS attack to prevent a user from sending encrypted email to a correspondent. If an attacker creates a crafted OpenPGP key with a subkey that has an invalid self signature, and the Thunderbird user imports the crafted key, then Thunderbird may try to use the invalid subkey, but the RNP library rejects it from being used, causing encry

CVE-2021-29982 [MEDIUM] CVE-2021-29982: firefox - Due to incorrect JIT optimization, we incorrectly interpreted data from the wron... Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory. This vulnerability affects Firefox < 91 and Thunderbird < 91. Scope: local sid: resolved (fixed in 91.0-1)

CVE-2021-43541 [MEDIUM] CVE-2021-43541: firefox - When invoking protocol handlers for external protocols, a supplied parameter URL... When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. Scope: local sid: resolved (fixed in 95.0-1)

CVE-2021-29969 [MEDIUM] CVE-2021-29969: thunderbird - If Thunderbird was configured to use STARTTLS for an IMAP connection, and an att... If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for example the attacker could have tricked Thunderbird to show folders t

CVE-2021-23982 [MEDIUM] CVE-2021-23982: firefox - Using techniques that built on the slipstream research, a malicious webpage coul... Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRTC connections. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9. Scope: local sid: resolved (fixed in 87.0-1)

CVE-2021-23984 [MEDIUM] CVE-2021-23984: firefox - A malicious extension could have opened a popup window lacking an address bar. T... A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird

CVE-2021-43528 [MEDIUM] CVE-2021-43528: thunderbird - Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScr... Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities. This vulnerability affects Thunderbird < 91.4.0. Scope: local bookworm: resolved (fixed in 1:91.4.0-1)

CVE-2021-43542 [MEDIUM] CVE-2021-43542: firefox - Using XMLHttpRequest, an attacker could have identified installed applications b... Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. Scope: local sid: resolved (fixed in 95.0-1)

CVE-2021-29956 [MEDIUM] CVE-2021-29956: thunderbird - OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to ve... OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were stored unencrypted on the user's local disk. The master password protection was inactive for those keys. Version 78.10.2 will restore the protection mechanism for newly imported keys, and will automatically protect keys that had been imported using affected Thund

CVE-2021-29957 [MEDIUM] CVE-2021-29957: thunderbird - If a MIME encoded email contains an OpenPGP inline signed or encrypted message p... If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the message are protected. This vulnerability affects Thunderbird < 78.10.2. Scope: local bookworm: resolved (fixed in 1:78.10.2-1) bullseye: resolved (fixed in 1:78.10.2-1) forky

CVE-2021-23992 [MEDIUM] CVE-2021-23992: thunderbird - Thunderbird did not check if the user ID associated with an OpenPGP key has a va... Thunderbird did not check if the user ID associated with an OpenPGP key has a valid self signature. An attacker may create a crafted version of an OpenPGP key, by either replacing the original user ID, or by adding another user ID. If Thunderbird imports and accepts the crafted key, the Thunderbird user may falsely conclude that the false user ID belongs to th

CVE-2021-38507 [MEDIUM] CVE-2021-38507: firefox - The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a connection to ... The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on port 80. However, if a second encrypted port on the same IP address (e.g. port 8443) did not opt-in to opportunistic encryption; a n