[ASA-202106-22] thunderbird: arbitrary code execution
Arch Linux Security Advisory ASA-202106-22 ========================================== Severity: High Date : 2021-06-09 CVE-ID : CVE-2021-29967 Package : thunderbird Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-2035 Summary ======= The package thunderbird before version 78.11.0-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 78.11.0-1. # pacman -Syu "thunderbird>=78.11.0-1" The problem has been fixed upstream in version 78.11.0. Workaround ========== None. Description =========== Mozilla developers reported memory safety bugs present in Firefox 88 and Thunderbird 78.10. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with enough effort some of these could have been exploited to run arbitrary code. Impact ====== A remote attacker could execute arbitrary code using a crafted email message. References ========== https://www.mozilla.org/security/advisories/mfsa2021-23/ https://www.mozilla.org/security/advisories/mfsa2021-26/ https://bugzilla.mozilla.org/buglist.cgi?bug_id=1602862%2C1703191%2C1703760%... https://security.archlinux.org/CVE-2021-29967
participants (1)
-
Jonas Witschel