exploit the possibilities
Showing 1 - 13 of 13 RSS Feed

CVE-2021-23984

Status Candidate

Overview

A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.

Related Files

Ubuntu Security Notice USN-4995-2
Posted Jun 25, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4995-2 - USN-4995-1 fixed vulnerabilities in Thunderbird. This update provides the corresponding updates for Ubuntu 18.04 LTS. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, spoof the UI, bypass security restrictions, or execute arbitrary code. It was discovered that extensions could open popup windows with control of the window title in some circumstances. If a user were tricked into installing a specially crafted extension, an attacker could potentially exploit this to spoof a website and trick the user into providing credentials. Multiple security issues were discovered in Thunderbird's OpenPGP integration. If a user were tricked into importing a specially crafted key in some circumstances, an attacker could potentially exploit this to cause a denial of service or confuse the user. A use-after-free was discovered when Responsive Design Mode was enabled. If a user were tricked into opening a specially crafted website with Responsive Design Mode enabled, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. It was discovered that Thunderbird mishandled ftp URLs with encoded newline characters. If a user were tricked into clicking on a specially crafted link, an attacker could potentially exploit this to send arbitrary FTP commands. It was discovered that Thunderbird wrote signatures to disk and read them back during verification. A local attacker could potentially exploit this to replace the data with another signature file. It was discovered that Thunderbird might load an alternative OTR library. If a user were tricked into copying a specially crafted library to one of Thunderbird's search paths, an attacker could potentially exploit this to execute arbitrary code. It was discovered that secret keys imported into Thunderbird were stored unencrypted. A local attacker could potentially exploit this to obtain private keys. It was discovered that Thunderbird did not indicate when an inline signed or encrypted message contained additional unprotected parts. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local, spoof, vulnerability
systems | linux, windows, ubuntu
advisories | CVE-2021-23961, CVE-2021-23982, CVE-2021-23984, CVE-2021-23987, CVE-2021-23994, CVE-2021-23995, CVE-2021-23999, CVE-2021-24002, CVE-2021-29948, CVE-2021-29949, CVE-2021-29956, CVE-2021-29957
MD5 | 604927ef5f1aa546db7b29136f6c883b
Ubuntu Security Notice USN-4995-1
Posted Jun 22, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4995-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, spoof the UI, bypass security restrictions, or execute arbitrary code. It was discovered that extensions could open popup windows with control of the window title in some circumstances. If a user were tricked into installing a specially crafted extension, an attacker could potentially exploit this to spoof a website and trick the user into providing credentials. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof
systems | linux, windows, ubuntu
advisories | CVE-2021-23961, CVE-2021-23982, CVE-2021-23984, CVE-2021-23987, CVE-2021-23994, CVE-2021-23995, CVE-2021-23999, CVE-2021-24002, CVE-2021-29945, CVE-2021-29948, CVE-2021-29949, CVE-2021-29956, CVE-2021-29957
MD5 | 20dc83202964373baf16304f35c94c5a
Gentoo Linux Security Advisory 202104-10
Posted May 3, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202104-10 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. Versions less than 88.0 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2021-23961, CVE-2021-23968, CVE-2021-23969, CVE-2021-23970, CVE-2021-23971, CVE-2021-23972, CVE-2021-23973, CVE-2021-23974, CVE-2021-23975, CVE-2021-23976, CVE-2021-23977, CVE-2021-23978, CVE-2021-23981, CVE-2021-23982, CVE-2021-23983, CVE-2021-23984, CVE-2021-23985, CVE-2021-23986, CVE-2021-23987, CVE-2021-23988, CVE-2021-23994, CVE-2021-23995, CVE-2021-23998, CVE-2021-23999, CVE-2021-24002, CVE-2021-29945
MD5 | 4a4d41e18018c457ccf1476fd1a1da84
Gentoo Linux Security Advisory 202104-09
Posted May 3, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202104-9 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. Versions less than 78.10.0 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2021-23961, CVE-2021-23968, CVE-2021-23969, CVE-2021-23973, CVE-2021-23978, CVE-2021-23981, CVE-2021-23982, CVE-2021-23984, CVE-2021-23987, CVE-2021-23994, CVE-2021-23995, CVE-2021-23998, CVE-2021-23999, CVE-2021-24002, CVE-2021-29945, CVE-2021-29946, CVE-2021-29948
MD5 | e91e12fed2987d793090726d1bf8df74
Ubuntu Security Notice USN-4893-1
Posted Mar 26, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4893-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. It was discovered that extensions could open popup windows with control of the window title in some circumstances. If a user were tricked into installing a specially crafted extension, an attacker could potentially exploit this to spook a website and trick the user into providing credentials. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, windows, ubuntu
advisories | CVE-2021-23981, CVE-2021-23983, CVE-2021-23984, CVE-2021-23985, CVE-2021-23986, CVE-2021-23987
MD5 | 361f6d2ac9ae9e3ba90818da079bb556
Red Hat Security Advisory 2021-0992-01
Posted Mar 25, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0992-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.9.0 ESR. Issues addressed include a spoofing vulnerability.

tags | advisory, web, spoof
systems | linux, redhat
advisories | CVE-2021-23981, CVE-2021-23982, CVE-2021-23984, CVE-2021-23987
MD5 | 733b0f1a6487f3ea89ed22f34470c0f7
Red Hat Security Advisory 2021-0996-01
Posted Mar 25, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0996-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.9.0. Issues addressed include a spoofing vulnerability.

tags | advisory, spoof
systems | linux, redhat
advisories | CVE-2021-23981, CVE-2021-23982, CVE-2021-23984, CVE-2021-23987
MD5 | 485bd0846f543d3cc7f9a52abaf90a21
Red Hat Security Advisory 2021-0991-01
Posted Mar 25, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0991-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.9.0 ESR. Issues addressed include a spoofing vulnerability.

tags | advisory, web, spoof
systems | linux, redhat
advisories | CVE-2021-23981, CVE-2021-23982, CVE-2021-23984, CVE-2021-23987
MD5 | 1731b7821447c2facdea627ff316d371
Red Hat Security Advisory 2021-0994-01
Posted Mar 25, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0994-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.9.0. Issues addressed include a spoofing vulnerability.

tags | advisory, spoof
systems | linux, redhat
advisories | CVE-2021-23981, CVE-2021-23982, CVE-2021-23984, CVE-2021-23987
MD5 | 67797af2fb70a936c33eea7b4b553d95
Red Hat Security Advisory 2021-0989-01
Posted Mar 25, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0989-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.9.0 ESR. Issues addressed include a spoofing vulnerability.

tags | advisory, web, spoof
systems | linux, redhat
advisories | CVE-2021-23981, CVE-2021-23982, CVE-2021-23984, CVE-2021-23987
MD5 | f746f33fe09674ebd846f4997a9116b9
Red Hat Security Advisory 2021-0993-01
Posted Mar 25, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0993-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.9.0. Issues addressed include a spoofing vulnerability.

tags | advisory, spoof
systems | linux, redhat
advisories | CVE-2021-23981, CVE-2021-23982, CVE-2021-23984, CVE-2021-23987
MD5 | 4bf3d710a4f1ceafce1c197be71f9dca
Red Hat Security Advisory 2021-0995-01
Posted Mar 25, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0995-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.9.0. Issues addressed include a spoofing vulnerability.

tags | advisory, spoof
systems | linux, redhat
advisories | CVE-2021-23981, CVE-2021-23982, CVE-2021-23984, CVE-2021-23987
MD5 | 10a9a7a671e4c1aec2fd1223d491c4e1
Red Hat Security Advisory 2021-0990-01
Posted Mar 25, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0990-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.9.0 ESR. Issues addressed include a spoofing vulnerability.

tags | advisory, web, spoof
systems | linux, redhat
advisories | CVE-2021-23981, CVE-2021-23982, CVE-2021-23984, CVE-2021-23987
MD5 | bb311d79b5aeefbfec98a69bd3281455
Page 1 of 1
Back1Next

File Archive:

January 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    0 Files
  • 3
    Jan 3rd
    20 Files
  • 4
    Jan 4th
    4 Files
  • 5
    Jan 5th
    37 Files
  • 6
    Jan 6th
    20 Files
  • 7
    Jan 7th
    4 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    0 Files
  • 10
    Jan 10th
    18 Files
  • 11
    Jan 11th
    8 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    31 Files
  • 14
    Jan 14th
    2 Files
  • 15
    Jan 15th
    2 Files
  • 16
    Jan 16th
    2 Files
  • 17
    Jan 17th
    18 Files
  • 18
    Jan 18th
    13 Files
  • 19
    Jan 19th
    15 Files
  • 20
    Jan 20th
    29 Files
  • 21
    Jan 21st
    12 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close