1 |
type: security |
2 |
subject: Updated thunderbird packages fix security vulnerabilities |
3 |
CVE: |
4 |
- CVE-2021-32810 |
5 |
- CVE-2021-38496 |
6 |
- CVE-2021-38497 |
7 |
- CVE-2021-38498 |
8 |
- CVE-2021-38500 |
9 |
- CVE-2021-38501 |
10 |
- CVE-2021-38502 |
11 |
src: |
12 |
8: |
13 |
core: |
14 |
- thunderbird-91.2.0-1.mga8 |
15 |
- thunderbird-l10n-91.2.0-1.mga8 |
16 |
description: | |
17 |
Updated thunderbird packages fix security vulnerabilities: |
18 |
|
19 |
Due to a data race in the crossbeam-deque in the crossbeam crate, one or more |
20 |
tasks in the worker queue could have been be popped twice instead of other |
21 |
tasks that are forgotten and never popped. If tasks are allocated on the |
22 |
heap, this could have caused a double free and a memory leak (CVE-2021-32810). |
23 |
|
24 |
During operations on MessageTasks, a task may have been removed while it was |
25 |
still scheduled, resulting in memory corruption and a potentially exploitable |
26 |
crash due to a use-after-free in MessageTask (CVE-2021-38496). |
27 |
|
28 |
Through use of reportValidity() and window.open(), a plain-text validation |
29 |
message could have been overlaid on another origin, leading to possible user |
30 |
confusion and spoofing attacks (CVE-2021-38497). |
31 |
|
32 |
During process shutdown, a document could have caused a use-after-free of a |
33 |
languages service object (nsLanguageAtomService), leading to memory corruption |
34 |
and a potentially exploitable crash (CVE-2021-38498). |
35 |
|
36 |
Mozilla developers and community members Andreas Pehrson, Christian Holler, |
37 |
Kevin Brosnan, and Mihai Alexandru Michis reported memory safety bugs present |
38 |
in Thunderbird 91.1. Some of these bugs showed evidence of memory corruption |
39 |
and we presume that with enough effort some of these could have been exploited |
40 |
to run arbitrary code (CVE-2021-38500, CVE-2021-38501). |
41 |
|
42 |
Thunderbird ignored the configuration to require STARTTLS security for an SMTP |
43 |
connection. A MITM could perform a downgrade attack to intercept transmitted |
44 |
messages, or could take control of the authenticated session to execute SMTP |
45 |
commands chosen by the MITM. If an unprotected authentication method was |
46 |
configured, the MITM could obtain the authentication credentials, too |
47 |
(CVE-2021-38502). |
48 |
references: |
49 |
- https://bugs.mageia.org/show_bug.cgi?id=29535 |
50 |
- https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/ |
51 |
- https://www.thunderbird.net/en-US/thunderbird/91.2.0/releasenotes/ |
52 |
ID: MGASA-2021-0478 |