Description
Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service, execute arbitrary code, spoof user interface.
Below is a complete list of vulnerabilities:
- A bypass security vulnerability in SMTP STARTTLS connections can be exploited to bypass security restrictions and obtain sensitive information.
- An use after free vulnerability in nsLanguageAtomService object can be exploited to cause denial of service.
- A memory safety vulnerability can be exploited to execute arbitrary code.
- A security UI vulnerability in message validation can be exploited to spoof user interface.
- An use after free vulnerability in MessageTask can be exploited to cause denial of service.
- A data race vulnerability in crossbeam-deque can be exploited to obtain sensitive information.
Original advisories
Related products
CVE list
- CVE-2021-38501 critical
- CVE-2021-38496 critical
- CVE-2021-38500 critical
- CVE-2021-32810 critical
- CVE-2021-38497 high
- CVE-2021-38498 critical
- CVE-2021-38502 high
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!