#14575: thunderbird-78.7.0
-------------------------+-----------------------
Reporter: renodr | Owner: renodr
Type: enhancement | Status: assigned
Priority: high | Milestone: 10.1
Component: BOOK | Version: SVN
Severity: normal | Resolution:
Keywords: |
-------------------------+-----------------------
Changes (by renodr):
* priority: normal => high
Comment:
And now, the security advisory...
{{{
Mozilla Foundation Security Advisory 2021-05
Security Vulnerabilities fixed in Thunderbird 78.7
Announced
January 26, 2021
Impact
high
Products
Thunderbird
Fixed in
Thunderbird 78.7
In general, these flaws cannot be exploited through email in the
Thunderbird product because scripting is disabled when reading mail, but
are potentially risks in browser or browser-like contexts.
#CVE-2021-23953: Cross-origin information leakage via redirected PDF
requests
Reporter
Rob Wu
Impact
high
Description
If a user clicked into a specifically crafted PDF, the PDF reader could be
confused into leaking cross-origin information, when said information is
served as chunked data.
References
Bug 1683940
#CVE-2021-23954: Type confusion when using logical assignment operators in
JavaScript switch statements
Reporter
Gary Kwong
Impact
high
Description
Using the new logical assignment operators in a JavaScript switch
statement could have caused a type confusion, leading to a memory
corruption and a potentially exploitable crash.
References
Bug 1684020
#CVE-2020-15685: IMAP Response Injection when using STARTTLS
Reporter
Damian Poddebniak
Impact
moderate
Description
During the plaintext phase of the STARTTLS connection setup, protocol
commands could have been injected and evaluated within the encrypted
session.
References
Bug 1622640
#CVE-2020-26976: HTTPS pages could have been intercepted by a registered
service worker when they should not have been
Reporter
Andrew Sutherland
Impact
moderate
Description
When a HTTPS page was embedded in a HTTP page, and there was a service
worker registered for the former, the service worker could have
intercepted the request for the secure page despite the iframe not being a
secure context due to the (insecure) framing.
References
Bug 1674343
#CVE-2021-23960: Use-after-poison for incorrectly redeclared JavaScript
variables during GC
Reporter
Irvan Kurniawan
Impact
moderate
Description
Performing garbage collection on re-declared JavaScript variables resulted
in a user-after-poison, and a potentially exploitable crash.
References
Bug 1675755
#CVE-2021-23964: Memory safety bugs fixed in Thunderbird 78.7
Reporter
Mozilla developers and community
Impact
high
Description
Mozilla developers Alexis Beingessner, Christian Holler, Andrew McCreight,
Tyson Smith, Jon Coppeard, André Bargull, Jason Kratzer, Jesse
Schwartzentruber, Steve Fink, Byron Campen reported memory safety bugs
present in Thunderbird 78.6. Some of these bugs showed evidence of memory
corruption and we presume that with enough effort some of these could have
been exploited to run arbitrary code.
References
Memory safety bugs fixed in Thunderbird 78.7
}}}
One of these in particular sticks out to me:
{{{
#CVE-2020-15685: IMAP Response Injection when using STARTTLS
Reporter
Damian Poddebniak
Impact
moderate
Description
During the plaintext phase of the STARTTLS connection setup, protocol
commands could have been injected and evaluated within the encrypted
session.
References
Bug 1622640
}}}
--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/14575#comment:3>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
--
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
