firefox-esr / thunderbird is vulnerable to remote code execution. When a user is surfing a malicious webpage, it could scanned both an internal network’s hosts as well as services running on the user’s local machine utilizing WebRTC connections.
bugzilla.mozilla.org/show_bug.cgi?id=1677046
security-tracker.debian.org/tracker/CVE-2021-23982
security.gentoo.org/glsa/202104-09
security.gentoo.org/glsa/202104-10
www.mozilla.org/security/advisories/mfsa2021-10/
www.mozilla.org/security/advisories/mfsa2021-11/
www.mozilla.org/security/advisories/mfsa2021-12/