exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

CVE-2021-23961

Status Candidate

Overview

Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 85.

Related Files

Ubuntu Security Notice USN-4995-2
Posted Jun 25, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4995-2 - USN-4995-1 fixed vulnerabilities in Thunderbird. This update provides the corresponding updates for Ubuntu 18.04 LTS. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, spoof the UI, bypass security restrictions, or execute arbitrary code. It was discovered that extensions could open popup windows with control of the window title in some circumstances. If a user were tricked into installing a specially crafted extension, an attacker could potentially exploit this to spoof a website and trick the user into providing credentials. Multiple security issues were discovered in Thunderbird's OpenPGP integration. If a user were tricked into importing a specially crafted key in some circumstances, an attacker could potentially exploit this to cause a denial of service or confuse the user. A use-after-free was discovered when Responsive Design Mode was enabled. If a user were tricked into opening a specially crafted website with Responsive Design Mode enabled, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. It was discovered that Thunderbird mishandled ftp URLs with encoded newline characters. If a user were tricked into clicking on a specially crafted link, an attacker could potentially exploit this to send arbitrary FTP commands. It was discovered that Thunderbird wrote signatures to disk and read them back during verification. A local attacker could potentially exploit this to replace the data with another signature file. It was discovered that Thunderbird might load an alternative OTR library. If a user were tricked into copying a specially crafted library to one of Thunderbird's search paths, an attacker could potentially exploit this to execute arbitrary code. It was discovered that secret keys imported into Thunderbird were stored unencrypted. A local attacker could potentially exploit this to obtain private keys. It was discovered that Thunderbird did not indicate when an inline signed or encrypted message contained additional unprotected parts. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local, spoof, vulnerability
systems | linux, windows, ubuntu
advisories | CVE-2021-23961, CVE-2021-23982, CVE-2021-23984, CVE-2021-23987, CVE-2021-23994, CVE-2021-23995, CVE-2021-23999, CVE-2021-24002, CVE-2021-29948, CVE-2021-29949, CVE-2021-29956, CVE-2021-29957
SHA-256 | 81edf153f7a8ff7803ae890c659ea5d9e899b6b778102480a52389ef99c260ee
Ubuntu Security Notice USN-4995-1
Posted Jun 22, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4995-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, spoof the UI, bypass security restrictions, or execute arbitrary code. It was discovered that extensions could open popup windows with control of the window title in some circumstances. If a user were tricked into installing a specially crafted extension, an attacker could potentially exploit this to spoof a website and trick the user into providing credentials. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof
systems | linux, windows, ubuntu
advisories | CVE-2021-23961, CVE-2021-23982, CVE-2021-23984, CVE-2021-23987, CVE-2021-23994, CVE-2021-23995, CVE-2021-23999, CVE-2021-24002, CVE-2021-29945, CVE-2021-29948, CVE-2021-29949, CVE-2021-29956, CVE-2021-29957
SHA-256 | 4377b3a315af5e52fb39b7a6d25d2f9f0a167af3746b0bb2a7e6f3615807b933
Gentoo Linux Security Advisory 202104-10
Posted May 3, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202104-10 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. Versions less than 88.0 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2021-23961, CVE-2021-23968, CVE-2021-23969, CVE-2021-23970, CVE-2021-23971, CVE-2021-23972, CVE-2021-23973, CVE-2021-23974, CVE-2021-23975, CVE-2021-23976, CVE-2021-23977, CVE-2021-23978, CVE-2021-23981, CVE-2021-23982, CVE-2021-23983, CVE-2021-23984, CVE-2021-23985, CVE-2021-23986, CVE-2021-23987, CVE-2021-23988, CVE-2021-23994, CVE-2021-23995, CVE-2021-23998, CVE-2021-23999, CVE-2021-24002, CVE-2021-29945
SHA-256 | 5ca81f664f4e17349799dff5ec0303eacf0a8ec7882e1cb1d495ace0532dfaaa
Gentoo Linux Security Advisory 202104-09
Posted May 3, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202104-9 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. Versions less than 78.10.0 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2021-23961, CVE-2021-23968, CVE-2021-23969, CVE-2021-23973, CVE-2021-23978, CVE-2021-23981, CVE-2021-23982, CVE-2021-23984, CVE-2021-23987, CVE-2021-23994, CVE-2021-23995, CVE-2021-23998, CVE-2021-23999, CVE-2021-24002, CVE-2021-29945, CVE-2021-29946, CVE-2021-29948
SHA-256 | 14468afd1abbcf533ea6611cd505e671361f822b331808ff4f16194ccb84f300
Debian Security Advisory 4895-1
Posted Apr 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4895-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure, privilege escalation or spoofing.

tags | advisory, web, arbitrary, spoof, info disclosure
systems | linux, debian
advisories | CVE-2021-23961, CVE-2021-23994, CVE-2021-23995, CVE-2021-23998, CVE-2021-23999, CVE-2021-24002, CVE-2021-29945, CVE-2021-29946
SHA-256 | a90591c14b940c58ca0deaa0ce3ecba9d1b79aee98db18f5c67359115f4cc1be
Debian Security Advisory 4897-1
Posted Apr 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4897-1 - Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code or information disclosure. In adddition a number of security issues were addressed in the OpenPGP support.

tags | advisory, arbitrary, info disclosure
systems | linux, debian
advisories | CVE-2021-23961, CVE-2021-23991, CVE-2021-23992, CVE-2021-23993, CVE-2021-23994, CVE-2021-23995, CVE-2021-23998, CVE-2021-23999, CVE-2021-24002, CVE-2021-29945, CVE-2021-29946, CVE-2021-29948, CVE-2021-29949
SHA-256 | d046261a5bea547646c1ad71555d4faa8f38e2e133e219e9721c0bfe1ba81218
Red Hat Security Advisory 2021-1363-01
Posted Apr 26, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1363-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.10.0 ESR. Issues addressed include bypass, spoofing, and use-after-free vulnerabilities.

tags | advisory, web, spoof, vulnerability
systems | linux, redhat
advisories | CVE-2021-23961, CVE-2021-23994, CVE-2021-23995, CVE-2021-23998, CVE-2021-23999, CVE-2021-24002, CVE-2021-29945, CVE-2021-29946
SHA-256 | 1f13cac2e9bf55b3d937c02a0f2822cb7a9c8825fa475eb6e47ca9b4a675fbec
Red Hat Security Advisory 2021-1361-01
Posted Apr 26, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1361-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.10.0 ESR. Issues addressed include bypass, spoofing, and use-after-free vulnerabilities.

tags | advisory, web, spoof, vulnerability
systems | linux, redhat
advisories | CVE-2021-23961, CVE-2021-23994, CVE-2021-23995, CVE-2021-23998, CVE-2021-23999, CVE-2021-24002, CVE-2021-29945, CVE-2021-29946
SHA-256 | 06a96adc0cb4686dfca9e0532a5b12b3eaa30ac5119917c747f6e69c8502f147
Red Hat Security Advisory 2021-1360-01
Posted Apr 26, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1360-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.10.0 ESR. Issues addressed include bypass, spoofing, and use-after-free vulnerabilities.

tags | advisory, web, spoof, vulnerability
systems | linux, redhat
advisories | CVE-2021-23961, CVE-2021-23994, CVE-2021-23995, CVE-2021-23998, CVE-2021-23999, CVE-2021-24002, CVE-2021-29945, CVE-2021-29946
SHA-256 | b3a1dce547d647bb72354e1d6bd119dc0341fe07198dd37451b7ab89ead4a09a
Red Hat Security Advisory 2021-1362-01
Posted Apr 26, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1362-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.10.0 ESR. Issues addressed include bypass, spoofing, and use-after-free vulnerabilities.

tags | advisory, web, spoof, vulnerability
systems | linux, redhat
advisories | CVE-2021-23961, CVE-2021-23994, CVE-2021-23995, CVE-2021-23998, CVE-2021-23999, CVE-2021-24002, CVE-2021-29945, CVE-2021-29946
SHA-256 | 1920fc851fca65a2f7bb1803c762e0d503e1d8f744bd2136d5cf375badca3708
Red Hat Security Advisory 2021-1350-01
Posted Apr 26, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1350-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.10.0. Issues addressed include bypass, spoofing, and use-after-free vulnerabilities.

tags | advisory, spoof, vulnerability
systems | linux, redhat
advisories | CVE-2021-23961, CVE-2021-23994, CVE-2021-23995, CVE-2021-23998, CVE-2021-23999, CVE-2021-24002, CVE-2021-29945, CVE-2021-29946, CVE-2021-29948
SHA-256 | 3b714c0d61188b89eb22df6e2ed72e9a299bbb5e5d6a91e9c762d3071f86d9d9
Red Hat Security Advisory 2021-1352-01
Posted Apr 26, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1352-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.10.0. Issues addressed include bypass, spoofing, and use-after-free vulnerabilities.

tags | advisory, spoof, vulnerability
systems | linux, redhat
advisories | CVE-2021-23961, CVE-2021-23994, CVE-2021-23995, CVE-2021-23998, CVE-2021-23999, CVE-2021-24002, CVE-2021-29945, CVE-2021-29946, CVE-2021-29948
SHA-256 | f01e95af13ef5e8ef1f695e64073c2cf1619119c6ea9f99a7d700c9057af96c6
Red Hat Security Advisory 2021-1351-01
Posted Apr 26, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1351-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.10.0. Issues addressed include bypass, spoofing, and use-after-free vulnerabilities.

tags | advisory, spoof, vulnerability
systems | linux, redhat
advisories | CVE-2021-23961, CVE-2021-23994, CVE-2021-23995, CVE-2021-23998, CVE-2021-23999, CVE-2021-24002, CVE-2021-29945, CVE-2021-29946, CVE-2021-29948
SHA-256 | 9cb9c1c658e85899c18462a7ae12fcf7560d19e10446376cc29b65337a2b9051
Red Hat Security Advisory 2021-1353-01
Posted Apr 26, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1353-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.10.0. Issues addressed include bypass, spoofing, and use-after-free vulnerabilities.

tags | advisory, spoof, vulnerability
systems | linux, redhat
advisories | CVE-2021-23961, CVE-2021-23994, CVE-2021-23995, CVE-2021-23998, CVE-2021-23999, CVE-2021-24002, CVE-2021-29945, CVE-2021-29946, CVE-2021-29948
SHA-256 | 577ff192187d01b6d5999811959645ea5037d51fe42ea70deb2e5e2a1ed836c3
Gentoo Linux Security Advisory 202102-01
Posted Feb 1, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202102-1 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. Versions less than 85.0 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2021-23953, CVE-2021-23954, CVE-2021-23955, CVE-2021-23956, CVE-2021-23958, CVE-2021-23960, CVE-2021-23961, CVE-2021-23962, CVE-2021-23963, CVE-2021-23964, CVE-2021-23965, CVE-2021-26976
SHA-256 | 799862575071b4198c438cdff922fd8f7e7faca175c0f39bab88aa69018dd426
Page 1 of 1
Back1Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close