Debian Thunderbird vulnerabilities

CVE-2021-23969 [MEDIUM] CVE-2021-23969: firefox - As specified in the W3C Content Security Policy draft, when creating a violation... As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage." Under certain types of redirects, Firefox incorrectly set the source f

CVE-2021-4126 [MEDIUM] CVE-2021-4126: thunderbird - When receiving an OpenPGP/MIME signed email message that contains an additional ... When receiving an OpenPGP/MIME signed email message that contains an additional outer MIME message layer, for example a message footer added by a mailing list gateway, Thunderbird only considered the inner signed message for the signature validity. This gave the false impression that the additional contents were also covered by the digital signature. Starting wi

CVE-2021-38509 [MEDIUM] CVE-2021-38509: firefox - Due to an unusual sequence of attacker-controlled events, a Javascript alert() d... Due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbitrary (although unstyled) contents could be displayed over top an uncontrolled webpage of the attacker's choosing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. Scope: local sid: resolved (fixed in 94.0-1)

CVE-2021-23998 [MEDIUM] CVE-2021-23998: firefox - Through complicated navigations with new windows, an HTTP page could have inheri... Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. Scope: local sid: resolved (fixed in 88.0-1)

CVE-2021-43536 [MEDIUM] CVE-2021-43536: firefox - Under certain circumstances, asynchronous functions could have caused a navigati... Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. Scope: local sid: resolved (fixed in 95.0-1)

CVE-2021-38502 [MEDIUM] CVE-2021-38502: thunderbird - Thunderbird ignored the configuration to require STARTTLS security for an SMTP c... Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was configured, the MITM could obtain the authentication cre

CVE-2021-43545 [MEDIUM] CVE-2021-43545: firefox - Using the Location API in a loop could have caused severe application hangs and ... Using the Location API in a loop could have caused severe application hangs and crashes. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. Scope: local sid: resolved (fixed in 95.0-1)

CVE-2021-43543 [MEDIUM] CVE-2021-43543: firefox - Documents loaded with the CSP sandbox directive could have escaped the sandbox's... Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. Scope: local sid: resolved (fixed in 95.0-1)

CVE-2021-29945 [MEDIUM] CVE-2021-29945: firefox - The WebAssembly JIT could miscalculate the size of a return type, which could le... The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. *Note: This issue only affected x86-32 platforms. Other platforms are unaffected.*. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. Scope: local sid: resolved (fixed in 88.0-1)

CVE-2021-38508 [MEDIUM] CVE-2021-38508: firefox - By displaying a form validity message in the correct location at the same time a... By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. Scope: local sid: res

CVE-2021-23968 [MEDIUM] CVE-2021-23968: firefox - If Content Security Policy blocked frame navigation, the full destination of a r... If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. Scope: local sid: resolv

CVE-2021-43546 [MEDIUM] CVE-2021-43546: firefox - It was possible to recreate previous cursor spoofing attacks against users with ... It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. Scope: local sid: resolved (fixed in 95.0-1)

CVE-2021-23973 [MEDIUM] CVE-2021-23973: firefox - When trying to load a cross-origin resource in an audio/video context a decoding... When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. Scope: local sid: resolved (fixed in 86.0-1)

CVE-2021-29987 [MEDIUM] CVE-2021-29987: firefox - After requesting multiple permissions, and closing the first permission panel, s... After requesting multiple permissions, and closing the first permission panel, subsequent permission panels will be displayed in a different position but still record a click in the default location, making it possible to trick a user into accepting a permission they did not want to. *This bug only affects Firefox on Linux. Other operating systems are unaffected.*

CVE-2021-23991 [MEDIUM] CVE-2021-23991: thunderbird - If a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has... If a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has extended the validity period of her key, but Alice's updated key has not yet been imported, an attacker may send an email containing a crafted version of Alice's key with an invalid subkey, Thunderbird might subsequently attempt to use the invalid subkey, and will fail to send enc

CVE-2021-29948 [LOW] CVE-2021-29948: thunderbird - Signatures are written to disk before and read during verification, which might ... Signatures are written to disk before and read during verification, which might be subject to a race condition when a malicious local process or user is replacing the file. This vulnerability affects Thunderbird < 78.10. Scope: local bookworm: resolved (fixed in 1:78.10.0-1) bullseye: resolved (fixed in 1:78.10.0-1) forky: resolved (fixed in 1:78.10.0-1) sid: res

CVE-2021-29964 [HIGH] CVE-2021-29964: firefox - A locally-installed hostile program could send `WM_COPYDATA` messages that Firef... A locally-installed hostile program could send `WM_COPYDATA` messages that Firefox would process incorrectly, leading to an out-of-bounds read. *This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11. Scope: local sid: resolved

CVE-2021-38492 [MEDIUM] CVE-2021-38492: firefox - When delegating navigations to the operating system, Firefox would accept the `m... When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. *This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 92, Thunderbird < 91.1, Thunderbird < 78.14, F

CVE-2021-29951 [MEDIUM] CVE-2021-29951: firefox-esr - The Mozilla Maintenance Service granted SERVICE_START access to BUILTIN|Users wh... The Mozilla Maintenance Service granted SERVICE_START access to BUILTIN|Users which, in a domain network, grants normal remote users access to start or stop the service. This could be used to prevent the browser update service from operating (if an attacker spammed the 'Stop' command); but also exposed attack surface in the maintenance service. *Note: This iss

CVE-2021-38510 [HIGH] CVE-2021-38510: firefox - The executable file warning was not presented when downloading .inetloc files, w... The executable file warning was not presented when downloading .inetloc files, which, due to a flaw in Mac OS, can run commands on a user's computer.*Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. Scope: local sid: resolved