Search for packages
| purl | pkg:rpm/redhat/thunderbird@91.2.0-1?arch=el8_2 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1rj3-tt63-4yc1
Aliases: CVE-2021-38497 |
Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. | There are no reported fixed by versions. |
|
VCID-2k99-39yt-gkbe
Aliases: CVE-2021-38496 |
During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. | There are no reported fixed by versions. |
|
VCID-6fkp-5fzu-fydp
Aliases: CVE-2021-38500 |
Mozilla developers and community members Andreas Pehrson and Christian Holler reported memory safety bugs present in Thunderbird 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. | There are no reported fixed by versions. |
|
VCID-9y48-sjn7-rqeu
Aliases: CVE-2021-38501 |
Mozilla developers and community members Kevin Brosnan, Mihai Alexandru Michis, and Christian Holler reported memory safety bugs present in Thunderbird 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. | There are no reported fixed by versions. |
|
VCID-hhu1-cgcx-nfev
Aliases: CVE-2021-38498 |
During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. | There are no reported fixed by versions. |
|
VCID-vtjf-sufh-p3h4
Aliases: CVE-2021-32810 GHSA-pqqp-xmhj-wgcw |
crossbeam-deque Data Race before v0.7.4 and v0.8.1 ### Impact In the affected version of this crate, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this can cause double free and a memory leak. If not, this still can cause a logical bug. Crates using `Stealer::steal`, `Stealer::steal_batch`, or `Stealer::steal_batch_and_pop` are affected by this issue. ### Patches This has been fixed in crossbeam-deque 0.8.1 and 0.7.4. ### Credits This issue was reported and fixed by Maor Kleinberger. ### License This advisory is in the public domain. | There are no reported fixed by versions. |
|
VCID-zwz9-pt55-t3c6
Aliases: CVE-2021-38502 |
Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was configured, the MITM could obtain the authentication credentials, too. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||