exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

CVE-2021-29957

Status Candidate

Overview

If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the message are protected. This vulnerability affects Thunderbird < 78.10.2.

Related Files

Debian Security Advisory 4927-1
Posted Jun 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4927-1 - Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. In adddition two security issues were addressed in the OpenPGP support.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2021-29956, CVE-2021-29957, CVE-2021-29967
SHA-256 | e0ff5e33191b62087e62de2b5a2c3cca3dcca60fb85771f7235a7b857d2bbe9d
Ubuntu Security Notice USN-4995-2
Posted Jun 25, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4995-2 - USN-4995-1 fixed vulnerabilities in Thunderbird. This update provides the corresponding updates for Ubuntu 18.04 LTS. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, spoof the UI, bypass security restrictions, or execute arbitrary code. It was discovered that extensions could open popup windows with control of the window title in some circumstances. If a user were tricked into installing a specially crafted extension, an attacker could potentially exploit this to spoof a website and trick the user into providing credentials. Multiple security issues were discovered in Thunderbird's OpenPGP integration. If a user were tricked into importing a specially crafted key in some circumstances, an attacker could potentially exploit this to cause a denial of service or confuse the user. A use-after-free was discovered when Responsive Design Mode was enabled. If a user were tricked into opening a specially crafted website with Responsive Design Mode enabled, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. It was discovered that Thunderbird mishandled ftp URLs with encoded newline characters. If a user were tricked into clicking on a specially crafted link, an attacker could potentially exploit this to send arbitrary FTP commands. It was discovered that Thunderbird wrote signatures to disk and read them back during verification. A local attacker could potentially exploit this to replace the data with another signature file. It was discovered that Thunderbird might load an alternative OTR library. If a user were tricked into copying a specially crafted library to one of Thunderbird's search paths, an attacker could potentially exploit this to execute arbitrary code. It was discovered that secret keys imported into Thunderbird were stored unencrypted. A local attacker could potentially exploit this to obtain private keys. It was discovered that Thunderbird did not indicate when an inline signed or encrypted message contained additional unprotected parts. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local, spoof, vulnerability
systems | linux, windows, ubuntu
advisories | CVE-2021-23961, CVE-2021-23982, CVE-2021-23984, CVE-2021-23987, CVE-2021-23994, CVE-2021-23995, CVE-2021-23999, CVE-2021-24002, CVE-2021-29948, CVE-2021-29949, CVE-2021-29956, CVE-2021-29957
SHA-256 | 81edf153f7a8ff7803ae890c659ea5d9e899b6b778102480a52389ef99c260ee
Ubuntu Security Notice USN-4995-1
Posted Jun 22, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4995-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, spoof the UI, bypass security restrictions, or execute arbitrary code. It was discovered that extensions could open popup windows with control of the window title in some circumstances. If a user were tricked into installing a specially crafted extension, an attacker could potentially exploit this to spoof a website and trick the user into providing credentials. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof
systems | linux, windows, ubuntu
advisories | CVE-2021-23961, CVE-2021-23982, CVE-2021-23984, CVE-2021-23987, CVE-2021-23994, CVE-2021-23995, CVE-2021-23999, CVE-2021-24002, CVE-2021-29945, CVE-2021-29948, CVE-2021-29949, CVE-2021-29956, CVE-2021-29957
SHA-256 | 4377b3a315af5e52fb39b7a6d25d2f9f0a167af3746b0bb2a7e6f3615807b933
Red Hat Security Advisory 2021-2264-01
Posted Jun 7, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2264-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.11.0.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-29956, CVE-2021-29957, CVE-2021-29967
SHA-256 | e6ea82932c953622868244a0d3ab8295e6d73084fbb05518e3badb1590234064
Red Hat Security Advisory 2021-2263-01
Posted Jun 7, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2263-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.11.0.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-29956, CVE-2021-29957, CVE-2021-29967
SHA-256 | ccbc94dc791dd0e889890f3ed17fbfc9c24b6d24c09e17b944caf552599c7b02
Red Hat Security Advisory 2021-2261-01
Posted Jun 7, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2261-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.11.0.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-29956, CVE-2021-29957, CVE-2021-29967
SHA-256 | 4c985bf9399fce8673d545dd90f37b027d2315788f896010aab8ef5dff1d65ca
Red Hat Security Advisory 2021-2262-01
Posted Jun 7, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2262-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.11.0.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-29956, CVE-2021-29957, CVE-2021-29967
SHA-256 | 8e81ca6903f59bf4739a16739fe4c11653a739a05ebf2f2a2f8b6ff89e9f3901
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close