VulnerableCode Package Details - pkg:alpm/archlinux/thunderbird@91.1.2-1

Search for packages

Vulnerability	Summary	Fixed by
VCID-11kx-sata-aaam Aliases: CVE-2021-38501	Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.	91.2.0-1 Affected by 0 other vulnerabilities.
VCID-7ufv-sfcu-aaae Aliases: CVE-2021-38502	Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was configured, the MITM could obtain the authentication credentials, too. This vulnerability affects Thunderbird < 91.2.	91.2.0-1 Affected by 0 other vulnerabilities.
VCID-esyb-cntz-aaan Aliases: CVE-2021-38497	Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.	91.2.0-1 Affected by 0 other vulnerabilities.
VCID-frqc-3ef7-aaaf Aliases: CVE-2021-32810 GHSA-pqqp-xmhj-wgcw	crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this can cause double free and a memory leak. If not, this still can cause a logical bug. Crates using `Stealer::steal`, `Stealer::steal_batch`, or `Stealer::steal_batch_and_pop` are affected by this issue. This has been fixed in crossbeam-deque 0.8.1 and 0.7.4.	91.2.0-1 Affected by 0 other vulnerabilities.
VCID-pvf2-grsk-aaak Aliases: CVE-2021-38500	Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.	91.2.0-1 Affected by 0 other vulnerabilities.
VCID-ta46-hat4-aaah Aliases: CVE-2021-38496	During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.	91.2.0-1 Affected by 0 other vulnerabilities.
VCID-wqd8-gd9j-aaar Aliases: CVE-2021-38498	During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.	91.2.0-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-11kx-sata-aaam
Aliases:
CVE-2021-38501

Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.