Mozilla Thunderbird vulnerabilities

CVE-2021-29980 [HIGH] CWE-909 CVE-2021-29980: Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corr Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.

CVE-2021-29987 [MEDIUM] CWE-307 CVE-2021-29987: After requesting multiple permissions, and closing the first permission panel, subsequent permission After requesting multiple permissions, and closing the first permission panel, subsequent permission panels will be displayed in a different position but still record a click in the default location, making it possible to trick a user into accepting a permission they did not want to. *This bug only affects Firefox on Linux. Other operating systems a

CVE-2021-29982 [MEDIUM] CWE-772 CVE-2021-29982: Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, re Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory. This vulnerability affects Firefox < 91 and Thunderbird < 91.

CVE-2021-29976 [HIGH] CWE-787 CVE-2021-29976: Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbir Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90.

CVE-2021-29970 [HIGH] CWE-416 CVE-2021-29970: A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially expl A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. *This bug could only be triggered when accessibility was enabled.*. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90.

CVE-2021-29969 [MEDIUM] CWE-552 CVE-2021-29969: If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for example the attacker could have tricked Thunderbird to show

CVE-2021-29950 [HIGH] CWE-312 CVE-2021-29950: Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key impor Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key import task. If the task runs into a failure, the secret key may remain in memory in its unprotected state. This vulnerability affects Thunderbird < 78.8.1.

CVE-2021-23994 [HIGH] CWE-909 CVE-2021-23994: A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of b A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.

CVE-2021-23999 [HIGH] CWE-269 CVE-2021-23999: If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the Sys If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.

CVE-2021-29967 [HIGH] CWE-787 CVE-2021-29967: Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11.

CVE-2021-29964 [HIGH] CWE-125 CVE-2021-29964: A locally-installed hostile program could send `WM_COPYDATA` messages that Firefox would process inc A locally-installed hostile program could send `WM_COPYDATA` messages that Firefox would process incorrectly, leading to an out-of-bounds read. *This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11.

CVE-2021-23995 [HIGH] CWE-672 CVE-2021-23995: When Responsive Design Mode was enabled, it used references to objects that were previously freed. W When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.

CVE-2021-29946 [HIGH] CWE-190 CVE-2021-29946: Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypas Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.

CVE-2021-29949 [HIGH] CWE-427 CVE-2021-29949: When loading the shared library that provides the OTR protocol implementation, Thunderbird will init When loading the shared library that provides the OTR protocol implementation, Thunderbird will initially attempt to open it using a filename that isn't distributed by Thunderbird. If a computer has already been infected with a malicious library of the alternative filename, and the malicious library has been copied to a directory that is contained in

CVE-2021-24002 [HIGH] CWE-74 CVE-2021-24002: When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.

CVE-2021-29956 [MEDIUM] CWE-312 CVE-2021-29956: OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were s OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were stored unencrypted on the user's local disk. The master password protection was inactive for those keys. Version 78.10.2 will restore the protection mechanism for newly imported keys, and will automatically protect keys that had been imported using aff

CVE-2021-23992 [MEDIUM] CWE-347 CVE-2021-23992: Thunderbird did not check if the user ID associated with an OpenPGP key has a valid self signature. Thunderbird did not check if the user ID associated with an OpenPGP key has a valid self signature. An attacker may create a crafted version of an OpenPGP key, by either replacing the original user ID, or by adding another user ID. If Thunderbird imports and accepts the crafted key, the Thunderbird user may falsely conclude that the false user ID bel

CVE-2021-29945 [MEDIUM] CWE-682 CVE-2021-29945: The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read an The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. *Note: This issue only affected x86-32 platforms. Other platforms are unaffected.*. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.

CVE-2021-23998 [MEDIUM] CWE-345 CVE-2021-23998: Through complicated navigations with new windows, an HTTP page could have inherited a secure lock ic Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.

CVE-2021-23991 [MEDIUM] CVE-2021-23991: If a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has extended the validi If a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has extended the validity period of her key, but Alice's updated key has not yet been imported, an attacker may send an email containing a crafted version of Alice's key with an invalid subkey, Thunderbird might subsequently attempt to use the invalid subkey, and will fail to send