Описание
Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service, execute arbitrary code, spoof user interface.
Below is a complete list of vulnerabilities:
- A bypass security vulnerability in SMTP STARTTLS connections can be exploited to bypass security restrictions and obtain sensitive information.
- An use after free vulnerability in nsLanguageAtomService object can be exploited to cause denial of service.
- A memory safety vulnerability can be exploited to execute arbitrary code.
- A security UI vulnerability in message validation can be exploited to spoof user interface.
- An use after free vulnerability in MessageTask can be exploited to cause denial of service.
- A data race vulnerability in crossbeam-deque can be exploited to obtain sensitive information.
Первичный источник обнаружения
Эксплуатация
Public exploits exist for this vulnerability.
Связанные продукты
Список CVE
- CVE-2021-38501 critical
- CVE-2021-38496 critical
- CVE-2021-38500 critical
- CVE-2021-32810 critical
- CVE-2021-38497 high
- CVE-2021-38498 critical
- CVE-2021-38502 high
Смотрите также
Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com
Нашли неточность в описании этой уязвимости? Дайте нам знать!