QID 376038
Date Published: 2021-11-25
QID 376038: Mozilla Thunderbird Multiple Vulnerabilities (MFSA2021-50)
Thunderbird is a free and open-source cross-platform email client developed for Windows, OS X, and Linux, with a mobile version for Android.
Mozilla Thunderbird is prone to
CVE-2021-38503: iframe sandbox rules did not apply to XSLT stylesheets
CVE-2021-38504: Use-after-free in file picker dialog
CVE-2021-38505: Windows 10 Cloud Clipboard may have recorded sensitive user data
CVE-2021-38506: Thunderbird could be coaxed into going into fullscreen mode without notification or warning
CVE-2021-38507: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports
CVE-2021-38508: Permission Prompt could be overlaid, resulting in user confusion and potential spoofing
CVE-2021-38509: Javascript alert box could have been spoofed onto an arbitrary domain
CVE-2021-38510: Download Protections were bypassed by .inetloc files on Mac OS
Affected Products:
Prior to Mozilla Thunderbird 91.3
QID Detection Logic (Authenticated) :
This checks for vulnerable version of Thunderbird.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
- MFSA2021-50 -
www.mozilla.org/en-US/security/advisories/mfsa2021-50/
CVEs related to QID 376038
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| MFSA2021-50 |
www.mozilla.org/en-US/security/advisories/mfsa2021-50/ |