{"id":"MGASA-2021-0198","summary":"Updated thunderbird packages fix security vulnerabilities","details":"More internal network hosts could have been probed by a malicious webpage:\nFurther techniques that built on the slipstream research combined with a\nmalicious webpage could have exposed both an internal network's hosts as well\nas services running on the user's local machine (CVE-2021-23961).\n\nOut of bound write due to lazy initialization:\nA WebGL framebuffer was not initialized early enough, resulting in memory\ncorruption and an out of bound write (CVE-2021-23994).\n\nUse-after-free in Responsive Design Mode:\nWhen Responsive Design Mode was enabled, it used references to objects that\nwere previously freed. We presume that with enough effort this could have been\nexploited to run arbitrary code (CVE-2021-23995).\n\nSecure Lock icon could have been spoofed:\nThrough complicated navigations with new windows, an HTTP page could have\ninherited a secure lock icon from an HTTPS page (CVE-2021-23998).\n\nBlob URLs may have been granted additional privileges:\nIf a Blob URL was loaded through some unusual user interaction, it could have\nbeen loaded by the System Principal and granted additional privileges that\nshould not be granted to web content (CVE-2021-23999).\n\nArbitrary FTP command execution on FTP servers using an encoded URL:\nWhen a user clicked on an FTP URL containing encoded newline characters\n(%0A and %0D), the newlines would have been interpreted as such and allowed\narbitrary commands to be sent to the FTP server (CVE-2021-24002).\n\nIncorrect size computation in WebAssembly JIT could lead to null-reads:\nThe WebAssembly JIT could miscalculate the size of a return type, which could\nlead to a null read and result in a crash.\nNote: This issue only affected x86-32 platforms. Other platforms are unaffected.\n(CVE-2021-29945).\n\nPort blocking could be bypassed:\nPorts that were written as an integer overflow above the bounds of a 16-bit\ninteger could have bypassed port blocking restrictions when used in the\nAlt-Svc header (CVE-2021-29946).\n\nRace condition when reading from disk while verifying signatures:\nSignatures are written to disk before and read during verification, which might\nbe subject to a race condition when a malicious local process or user is replacing\nthe file (CVE-2021-29948).\n","modified":"2026-02-01T23:32:21.354817Z","published":"2021-04-29T09:41:35Z","related":["CVE-2021-23961","CVE-2021-23994","CVE-2021-23995","CVE-2021-23998","CVE-2021-23999","CVE-2021-24002","CVE-2021-29945","CVE-2021-29946","CVE-2021-29948"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0198.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=28829"},{"type":"REPORT","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/"},{"type":"REPORT","url":"https://www.thunderbird.net/en-US/thunderbird/78.10.0/releasenotes/"},{"type":"REPORT","url":"https://access.redhat.com/errata/RHSA-2021:1353"}],"affected":[{"package":{"name":"thunderbird","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/thunderbird?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"78.10.0-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0198.json"}},{"package":{"name":"thunderbird-l10n","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/thunderbird-l10n?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"78.10.0-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0198.json"}},{"package":{"name":"thunderbird","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/thunderbird?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"78.10.0-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0198.json"}},{"package":{"name":"thunderbird-l10n","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/thunderbird-l10n?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"78.10.0-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0198.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}