CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
CVE-2021-29970 Vulnerability in Mozilla Thunderbird email client, related to HTML content processing error. Exploitation of the vulnerability could allow a remote attacker to cause a post-release exploit error and execute arbitrary code on the system.
CVE-2021-30547 Vulnerability in Mozilla Thunderbird email client, related to a boundary error in processing unreliable HTML content in ANGLE. Exploitation of the vulnerability could allow a remote attacker to create a customized web page, trick the victim into opening it, initiate an out-of-range write, and execute arbitrary code on the target system.
CVE-2021-29976 Vulnerability in Mozilla Thunderbird email client, related to a boundary error in HTML processing. Exploitation of the vulnerability could allow a remote attacker to create a customized web page, trick the victim into opening it, cause memory corruption and execute arbitrary code on the target system.
CVE-2021-29969 Vulnerability in Mozilla Thunderbird email client, related to the way IMAP server responses sent before the STARTTLS process are handled. Exploitation of the vulnerability could allow a remote attacker to perform a MitM attack and send arbitrary IMAP commands before STARTTLS confirmation and execute them after the confirmation is complete.
FSTEC Information Security Threat Data Bank Identifier: BDU:2021-03659, BDU:2021-03660, BDU:2021-03661, BDU:2021-03662Operating system version: 7.2
Do not use Mozilla Thunderbird
or
# yum update
.# yum localinstall *.rpm
.Date of last modification: 26.02.2022
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High