If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn’t ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for example the attacker could have tricked Thunderbird to show folders that didn’t exist on the IMAP server. This vulnerability affects Thunderbird < 78.12.

CPENameOperatorVersion
thunderbirdlt78.12

CPE	Name	Operator	Version
	thunderbird	lt	78.12

References

bugzilla.mozilla.org/show_bug.cgi?id=1682370

security.gentoo.org/glsa/202208-14

www.mozilla.org/security/advisories/mfsa2021-30/

debiancve 1

cvelist 1

redhatcve 1

ubuntucve 1

cve 1

cnvd 1

alpinelinux 1

nvd 1

nessus 20

mageia 1

osv 4

mozilla 1

redos 28

redhat 4

openvas 8

oraclelinux 2

archlinux 1

debian 2

suse 2

kaspersky 1

altlinux 1

rocky 1

almalinux 1

amazon 1

ubuntu 1

gentoo 1

debiancve

CVE-2021-29969

2021-08-05 20:15:08

cvelist

CVE-2021-29969

2021-08-05 19:46:42

redhatcve

CVE-2021-29969

2021-07-14 01:29:06

ubuntucve

CVE-2021-29969

2021-08-05 00:00:00

cve

CVE-2021-29969

2021-08-05 20:15:08

cnvd

Mozilla Thunderbird Command Injection Vulnerability

2021-08-25 00:00:00

alpinelinux

CVE-2021-29969

2021-08-05 20:15:08

nvd

CVE-2021-29969

2021-08-05 20:15:08

nessus

RHEL 8 : thunderbird (RHSA-2021:2882)

2021-07-26 00:00:00

Oracle Linux 7 : thunderbird (ELSA-2021-2881)

2021-07-27 00:00:00

Mozilla Thunderbird < 78.12

2021-07-13 00:00:00

mageia

Updated thunderbird packages fix security vulnerabilities

2021-07-16 11:25:31

osv

thunderbird - security update

2021-07-19 00:00:00

thunderbird - security update

2021-07-18 00:00:00

Important: thunderbird security update

2021-07-26 10:57:37

mozilla

Security Vulnerabilities fixed in Thunderbird 78.12 — Mozilla

2021-07-13 00:00:00

redos

ROS-2-922

2022-02-26 00:00:00

ROS-2-871

2021-09-08 00:00:00

ROS-2-558

2021-12-24 00:00:00

redhat

(RHSA-2021:2881) Important: thunderbird security update

2021-07-26 10:57:23

(RHSA-2021:2914) Important: thunderbird security update

2021-07-27 07:05:45

(RHSA-2021:2883) Important: thunderbird security update

2021-07-26 10:57:37

openvas

Mozilla Thunderbird Security Advisories (MFSA2021-27, MFSA2021-30) - Windows

2021-07-28 00:00:00

openSUSE: Security Advisory for MozillaThunderbird (openSUSE-SU-2021:2458-1)

2021-07-23 00:00:00

Debian: Security Advisory (DSA-4940-1)

2021-07-19 00:00:00

oraclelinux

thunderbird security update

2021-07-27 00:00:00

thunderbird security update

2021-07-27 00:00:00

archlinux

[ASA-202107-21] thunderbird: multiple issues

2021-07-14 00:00:00

debian

[SECURITY] [DLA 2711-1] thunderbird security update

2021-07-19 10:47:51

[SECURITY] [DSA 4940-1] thunderbird security update

2021-07-18 15:15:11

suse

Security update for MozillaThunderbird (important)

2021-08-04 00:00:00

Security update for MozillaThunderbird (important)

2021-07-22 00:00:00

kaspersky

KLA12227 Multiple vulnerabilities in Mozilla Thunderbird

2021-07-13 00:00:00

altlinux

Security fix for the ALT Linux 10 package thunderbird version 78.12.0-alt1

2021-07-14 00:00:00

rocky

thunderbird security update

2021-07-26 10:57:37

almalinux

Important: thunderbird security update

2021-07-26 10:57:37

amazon

Important: thunderbird

2021-09-08 23:35:00

ubuntu

Thunderbird vulnerabilities

2021-08-31 00:00:00

gentoo

Mozilla Thunderbird: Multiple Vulnerabilities

2022-08-10 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

6.5 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.8%

JSON

Related for PRION:CVE-2021-29969