CVE-2021-29970 Vulnerability in Mozilla Thunderbird email client, related to HTML content processing error. Exploitation of the vulnerability could allow a remote attacker to cause a post-release exploit error and execute arbitrary code on the system.
CVE-2021-30547 Vulnerability in Mozilla Thunderbird email client, related to a boundary error in processing unreliable HTML content in ANGLE. Exploitation of the vulnerability could allow a remote attacker to create a customized web page, trick the victim into opening it, initiate an out-of-range write, and execute arbitrary code on the target system.
CVE-2021-29976 Vulnerability in Mozilla Thunderbird email client, related to a boundary error in HTML processing. Exploitation of the vulnerability could allow a remote attacker to create a customized web page, trick the victim into opening it, cause memory corruption and execute arbitrary code on the target system.
CVE-2021-29969 Vulnerability in Mozilla Thunderbird email client, related to the way IMAP server responses sent before the STARTTLS process are handled. Exploitation of the vulnerability could allow a remote attacker to perform a MitM attack and send arbitrary IMAP commands before STARTTLS confirmation and execute them after the confirmation is complete.
FSTEC Information Security Threat Data Bank Identifier: BDU:2021-03659, BDU:2021-03660, BDU:2021-03661, BDU:2021-03662OS version: 7.2
Do not use Mozilla Thunderbird
or
# yum update
.# yum localinstall *.rpm
.Date of last modification: 26.02.2022