exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

CVE-2021-29969

Status Candidate

Overview

If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for example the attacker could have tricked Thunderbird to show folders that didn't exist on the IMAP server. This vulnerability affects Thunderbird < 78.12.

Related Files

Gentoo Linux Security Advisory 202208-14
Posted Aug 10, 2022
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202208-14 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. Versions less than 91.12.0 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2021-29967, CVE-2021-29969, CVE-2021-29970, CVE-2021-29976, CVE-2021-29980, CVE-2021-29984, CVE-2021-29985, CVE-2021-29986, CVE-2021-29988, CVE-2021-29989, CVE-2021-30547, CVE-2021-38492, CVE-2021-38493, CVE-2021-38495
SHA-256 | f184d188e33d6d6de8f9f81306f8ff465c4a27f70f5f59cd68ea9a662b3e9fbb
Ubuntu Security Notice USN-5058-1
Posted Aug 31, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5058-1 - It was discovered that Thunderbird didn't ignore IMAP server responses prior to completion of the STARTTLS handshake. A person-in-the-middle could potentially exploit this to trick Thunderbird into showing incorrect information. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, imap
systems | linux, ubuntu
advisories | CVE-2021-29969, CVE-2021-29984, CVE-2021-29985, CVE-2021-29989, CVE-2021-30547
SHA-256 | d439dc830ff759d365c01af29919212afc94c2f9e8414adca8c017e63f81126f
Debian Security Advisory 4940-1
Posted Jul 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4940-1 - Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2021-29969, CVE-2021-29970, CVE-2021-29976, CVE-2021-30547
SHA-256 | a5e3c708266685aeb96e7eac631ca4f2a6eef78065d06f559908a822526ab1d5
Red Hat Security Advisory 2021-2914-01
Posted Jul 27, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2914-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.12.0. Issues addressed include man-in-the-middle, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2021-29969, CVE-2021-29970, CVE-2021-29976, CVE-2021-30547
SHA-256 | 4749a8dac7c32bbf30a18979d2fb85f48edd20feb6f2a9937618408bebf6b369
Red Hat Security Advisory 2021-2881-01
Posted Jul 26, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2881-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.12.0. Issues addressed include man-in-the-middle, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2021-29969, CVE-2021-29970, CVE-2021-29976, CVE-2021-30547
SHA-256 | 1abad6cd034d4e210003aeea49a7aa96a6531d7d8206e2d3653727e7a693a7e0
Red Hat Security Advisory 2021-2883-01
Posted Jul 26, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2883-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.12.0. Issues addressed include man-in-the-middle, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2021-29969, CVE-2021-29970, CVE-2021-29976, CVE-2021-30547
SHA-256 | e096683e76898d1eaea35357ab1b988bbe72aec2f57378f059c90f0a0adb2d64
Red Hat Security Advisory 2021-2882-01
Posted Jul 26, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2882-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.12.0. Issues addressed include man-in-the-middle, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2021-29969, CVE-2021-29970, CVE-2021-29976, CVE-2021-30547
SHA-256 | 979c833879e17cecfaecb4a319ffb009ce3014d0ffab398c546dc8b76c33b894
Page 1 of 1
Back1Next

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    20 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close