Action not permitted
Modal body text goes here.
Modal Title
Modal Body
ubuntu-cve-2021-38495
Vulnerability from osv_ubuntu
Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.1 and Firefox ESR < 91.1.
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:91.5.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:91.5.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:91.5.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:91.5.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:91.5.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:91.5.0+build1-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:91.5.0+build1-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:91.5.0+build1-0ubuntu0.18.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:52.4.0+build1-0ubuntu2",
"1:52.6.0+build1-0ubuntu1",
"1:52.7.0+build1-0ubuntu1",
"1:52.8.0+build1-0ubuntu0.18.04.1",
"1:52.9.1+build3-0ubuntu0.18.04.1",
"1:60.2.1+build1-0ubuntu0.18.04.2",
"1:60.4.0+build2-0ubuntu0.18.04.1",
"1:60.5.1+build2-0ubuntu0.18.04.1",
"1:60.6.1+build2-0ubuntu0.18.04.1",
"1:60.7.0+build1-0ubuntu0.18.04.1",
"1:60.7.1+build1-0ubuntu0.18.04.1",
"1:60.7.2+build2-0ubuntu0.18.04.1",
"1:60.8.0+build1-0ubuntu0.18.04.1",
"1:60.9.0+build1-0ubuntu0.18.04.1",
"1:68.2.1+build1-0ubuntu0.18.04.1",
"1:68.2.2+build1-0ubuntu0.18.04.1",
"1:68.4.1+build1-0ubuntu0.18.04.1",
"1:68.7.0+build1-0ubuntu0.18.04.1",
"1:68.8.0+build2-0ubuntu0.18.04.2",
"1:68.10.0+build1-0ubuntu0.18.04.1",
"1:78.8.1+build1-0ubuntu0.18.04.1",
"1:78.11.0+build1-0ubuntu0.18.04.2",
"1:78.13.0+build1-0ubuntu0.18.04.1",
"1:78.14.0+build1-0ubuntu0.18.04.1",
"1:78.14.0+build1-0ubuntu0.18.04.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:91.5.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:91.5.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:91.5.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:91.5.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:91.5.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:91.5.0+build1-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:91.5.0+build1-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:91.5.0+build1-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:68.1.2+build1-0ubuntu1",
"1:68.1.2+build1-0ubuntu2",
"1:68.2.1+build1-0ubuntu1",
"1:68.2.2+build1-0ubuntu1",
"1:68.3.0+build2-0ubuntu1",
"1:68.3.1+build1-0ubuntu2",
"1:68.4.1+build1-0ubuntu1",
"1:68.4.2+build2-0ubuntu1",
"1:68.5.0+build1-0ubuntu1",
"1:68.6.0+build2-0ubuntu1",
"1:68.7.0+build1-0ubuntu1",
"1:68.7.0+build1-0ubuntu2",
"1:68.8.0+build2-0ubuntu0.20.04.2",
"1:68.10.0+build1-0ubuntu0.20.04.1",
"1:78.7.1+build1-0ubuntu0.20.04.1",
"1:78.8.1+build1-0ubuntu0.20.04.1",
"1:78.11.0+build1-0ubuntu0.20.04.2",
"1:78.13.0+build1-0ubuntu0.20.04.2",
"1:78.14.0+build1-0ubuntu0.20.04.1",
"1:78.14.0+build1-0ubuntu0.20.04.2"
]
}
],
"aliases": [],
"details": "Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 91.1 and Firefox ESR \u003c 91.1.",
"id": "UBUNTU-CVE-2021-38495",
"modified": "2026-04-22T07:40:08Z",
"published": "2021-11-03T01:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-38495"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-41/#CVE-2021-38495"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5248-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38495"
}
],
"related": [
"USN-5248-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2021-38495"
]
}
CVE-2021-38495 (GCVE-0-2021-38495)
Vulnerability from cvelistv5 – Published: 2021-11-03 00:03 – Updated: 2024-08-04 01:44- Memory safety bugs fixed in Thunderbird 91.1
| URL | Tags |
|---|---|
| https://www.mozilla.org/security/advisories/mfsa2… | x_refsource_MISC |
| https://www.mozilla.org/security/advisories/mfsa2… | x_refsource_MISC |
| https://bugzilla.mozilla.org/buglist.cgi?bug_id=1… | x_refsource_MISC |
| https://security.gentoo.org/glsa/202202-03 | vendor-advisoryx_refsource_GENTOO |
| https://security.gentoo.org/glsa/202208-14 | vendor-advisoryx_refsource_GENTOO |
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Thunderbird |
Affected:
unspecified , < 91.1
(custom)
|
|
| Mozilla | Firefox ESR |
Affected:
unspecified , < 91.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:44:22.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-40/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-41/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1723391%2C1723920%2C1724101%2C1724107"
},
{
"name": "GLSA-202202-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202202-03"
},
{
"name": "GLSA-202208-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "91.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "91.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 91.1 and Firefox ESR \u003c 91.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Memory safety bugs fixed in Thunderbird 91.1",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-10T06:08:27.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-40/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-41/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1723391%2C1723920%2C1724101%2C1724107"
},
{
"name": "GLSA-202202-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202202-03"
},
{
"name": "GLSA-202208-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-14"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2021-38495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "91.1"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "91.1"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 91.1 and Firefox ESR \u003c 91.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory safety bugs fixed in Thunderbird 91.1"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2021-40/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2021-40/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2021-41/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2021-41/"
},
{
"name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1723391%2C1723920%2C1724101%2C1724107",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1723391%2C1723920%2C1724101%2C1724107"
},
{
"name": "GLSA-202202-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202202-03"
},
{
"name": "GLSA-202208-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-14"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2021-38495",
"datePublished": "2021-11-03T00:03:36.000Z",
"dateReserved": "2021-08-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:44:22.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
usn-5248-1
Vulnerability from osv_ubuntu
Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, trick a user into accepting unwanted permissions, conduct header splitting attacks, conduct spoofing attacks, bypass security restrictions, confuse the user, or execute arbitrary code. (CVE-2021-4129, CVE-2021-4140, CVE-2021-29981, CVE-2021-29982, CVE-2021-29987, CVE-2021-29991, CVE-2021-38495, CVE-2021-38496, CVE-2021-38497, CVE-2021-38498, CVE-2021-38500, CVE-2021-38501, CVE-2021-38503, CVE-2021-38504, CVE-2021-38506, CVE-2021-38507, CVE-2021-38508, CVE-2021-38509, CVE-2021-43534, CVE-2021-43535, CVE-2021-43536, CVE-2021-43537, CVE-2021-43538, CVE-2021-43539, CVE-2021-43541, CVE-2021-43542, CVE-2021-43543, CVE-2021-43545, CVE-2021-43656, CVE-2022-22737, CVE-2022-22738, CVE-2022-22739, CVE-2022-22740, CVE-2022-22741, CVE-2022-22742, CVE-2022-22743, CVE-2022-22745, CVE-2022-22747, CVE-2022-22748, CVE-2022-22751)
It was discovered that Thunderbird ignored the configuration to require STARTTLS for an SMTP connection. A person-in-the-middle could potentially exploit this to perform a downgrade attack in order to intercept messages or take control of a session. (CVE-2021-38502)
It was discovered that JavaScript was unexpectedly enabled in the composition area. An attacker could potentially exploit this in combination with another vulnerability, with unspecified impacts. (CVE-2021-43528)
A buffer overflow was discovered in the Matrix chat library bundled with Thunderbird. An attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2021-44538)
It was discovered that Thunderbird's OpenPGP integration only considered the inner signed message when checking signature validity in a message that contains an additional outer MIME layer. An attacker could potentially exploit this to trick the user into thinking that a message has a valid signature. (CVE-2021-4126)
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2021-4126",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-4129",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-4140",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-29981",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-29982",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-29987",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-29991",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38495",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38496",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38497",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38498",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38500",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38501",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38502",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38503",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38504",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38506",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38507",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38508",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38509",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-43528",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-43534",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-43535",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-43536",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-43537",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-43538",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-43539",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-43541",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-43542",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-43543",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-43545",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-43546",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-44538",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-22737",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-22738",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-22739",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-22740",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-22741",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-22742",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-22743",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-22745",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-22747",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-22748",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-22751",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:18.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:91.5.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:91.5.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:91.5.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:91.5.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:91.5.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:91.5.0+build1-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:91.5.0+build1-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:91.5.0+build1-0ubuntu0.18.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:52.4.0+build1-0ubuntu2",
"1:52.6.0+build1-0ubuntu1",
"1:52.7.0+build1-0ubuntu1",
"1:52.8.0+build1-0ubuntu0.18.04.1",
"1:52.9.1+build3-0ubuntu0.18.04.1",
"1:60.2.1+build1-0ubuntu0.18.04.2",
"1:60.4.0+build2-0ubuntu0.18.04.1",
"1:60.5.1+build2-0ubuntu0.18.04.1",
"1:60.6.1+build2-0ubuntu0.18.04.1",
"1:60.7.0+build1-0ubuntu0.18.04.1",
"1:60.7.1+build1-0ubuntu0.18.04.1",
"1:60.7.2+build2-0ubuntu0.18.04.1",
"1:60.8.0+build1-0ubuntu0.18.04.1",
"1:60.9.0+build1-0ubuntu0.18.04.1",
"1:68.2.1+build1-0ubuntu0.18.04.1",
"1:68.2.2+build1-0ubuntu0.18.04.1",
"1:68.4.1+build1-0ubuntu0.18.04.1",
"1:68.7.0+build1-0ubuntu0.18.04.1",
"1:68.8.0+build2-0ubuntu0.18.04.2",
"1:68.10.0+build1-0ubuntu0.18.04.1",
"1:78.8.1+build1-0ubuntu0.18.04.1",
"1:78.11.0+build1-0ubuntu0.18.04.2",
"1:78.13.0+build1-0ubuntu0.18.04.1",
"1:78.14.0+build1-0ubuntu0.18.04.1",
"1:78.14.0+build1-0ubuntu0.18.04.2"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2021-4126",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-4129",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-4140",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-29981",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-29982",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-29987",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-29991",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38495",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38496",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38497",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38498",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38500",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38501",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38502",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38503",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38504",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38506",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38507",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38508",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38509",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-43528",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-43534",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-43535",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-43536",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-43537",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-43538",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-43539",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-43541",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-43542",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-43543",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-43545",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-43546",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-44538",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-22737",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-22738",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-22739",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-22740",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-22741",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-22742",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-22743",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-22745",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-22747",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-22748",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-22751",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:20.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:91.5.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:91.5.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:91.5.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:91.5.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:91.5.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:91.5.0+build1-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:91.5.0+build1-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:91.5.0+build1-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:68.1.2+build1-0ubuntu1",
"1:68.1.2+build1-0ubuntu2",
"1:68.2.1+build1-0ubuntu1",
"1:68.2.2+build1-0ubuntu1",
"1:68.3.0+build2-0ubuntu1",
"1:68.3.1+build1-0ubuntu2",
"1:68.4.1+build1-0ubuntu1",
"1:68.4.2+build2-0ubuntu1",
"1:68.5.0+build1-0ubuntu1",
"1:68.6.0+build2-0ubuntu1",
"1:68.7.0+build1-0ubuntu1",
"1:68.7.0+build1-0ubuntu2",
"1:68.8.0+build2-0ubuntu0.20.04.2",
"1:68.10.0+build1-0ubuntu0.20.04.1",
"1:78.7.1+build1-0ubuntu0.20.04.1",
"1:78.8.1+build1-0ubuntu0.20.04.1",
"1:78.11.0+build1-0ubuntu0.20.04.2",
"1:78.13.0+build1-0ubuntu0.20.04.2",
"1:78.14.0+build1-0ubuntu0.20.04.1",
"1:78.14.0+build1-0ubuntu0.20.04.2"
]
}
],
"aliases": [],
"details": "Multiple security issues were discovered in Thunderbird. If a user were\ntricked into opening a specially crafted website in a browsing context, an\nattacker could potentially exploit these to cause a denial of service,\nobtain sensitive information, trick a user into accepting unwanted\npermissions, conduct header splitting attacks, conduct spoofing attacks,\nbypass security restrictions, confuse the user, or execute arbitrary code.\n(CVE-2021-4129, CVE-2021-4140, CVE-2021-29981, CVE-2021-29982,\nCVE-2021-29987, CVE-2021-29991, CVE-2021-38495, CVE-2021-38496,\nCVE-2021-38497, CVE-2021-38498, CVE-2021-38500, CVE-2021-38501,\nCVE-2021-38503, CVE-2021-38504, CVE-2021-38506, CVE-2021-38507,\nCVE-2021-38508, CVE-2021-38509, CVE-2021-43534, CVE-2021-43535,\nCVE-2021-43536, CVE-2021-43537, CVE-2021-43538, CVE-2021-43539,\nCVE-2021-43541, CVE-2021-43542, CVE-2021-43543, CVE-2021-43545,\nCVE-2021-43656, CVE-2022-22737, CVE-2022-22738, CVE-2022-22739,\nCVE-2022-22740, CVE-2022-22741, CVE-2022-22742, CVE-2022-22743,\nCVE-2022-22745, CVE-2022-22747, CVE-2022-22748, CVE-2022-22751)\n\nIt was discovered that Thunderbird ignored the configuration to require\nSTARTTLS for an SMTP connection. A person-in-the-middle could potentially\nexploit this to perform a downgrade attack in order to intercept messages\nor take control of a session. (CVE-2021-38502)\n\nIt was discovered that JavaScript was unexpectedly enabled in the\ncomposition area. An attacker could potentially exploit this in\ncombination with another vulnerability, with unspecified impacts.\n(CVE-2021-43528)\n\nA buffer overflow was discovered in the Matrix chat library bundled with\nThunderbird. An attacker could potentially exploit this to cause a denial\nof service, or execute arbitrary code. (CVE-2021-44538)\n\nIt was discovered that Thunderbird\u0027s OpenPGP integration only considered\nthe inner signed message when checking signature validity in a message\nthat contains an additional outer MIME layer. An attacker could\npotentially exploit this to trick the user into thinking that a message\nhas a valid signature. (CVE-2021-4126)\n",
"id": "USN-5248-1",
"modified": "2026-04-27T14:11:27Z",
"published": "2022-01-21T17:00:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5248-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-4126"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-4129"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-4140"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-29981"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-29982"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-29987"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-29991"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-38495"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-38496"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-38497"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-38498"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-38500"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-38501"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-38502"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-38503"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-38504"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-38506"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-38507"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-38508"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-38509"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-43528"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-43534"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-43535"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-43536"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-43537"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-43538"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-43539"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-43541"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-43542"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-43543"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-43545"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-43546"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-44538"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-22737"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-22738"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-22739"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-22740"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-22741"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-22742"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-22743"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-22745"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-22747"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-22748"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-22751"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "thunderbird vulnerabilities",
"upstream": [
"UBUNTU-CVE-2021-4126",
"UBUNTU-CVE-2021-4129",
"UBUNTU-CVE-2021-4140",
"UBUNTU-CVE-2021-29981",
"UBUNTU-CVE-2021-29982",
"UBUNTU-CVE-2021-29987",
"UBUNTU-CVE-2021-29991",
"UBUNTU-CVE-2021-38495",
"UBUNTU-CVE-2021-38496",
"UBUNTU-CVE-2021-38497",
"UBUNTU-CVE-2021-38498",
"UBUNTU-CVE-2021-38500",
"UBUNTU-CVE-2021-38501",
"UBUNTU-CVE-2021-38502",
"UBUNTU-CVE-2021-38503",
"UBUNTU-CVE-2021-38504",
"UBUNTU-CVE-2021-38506",
"UBUNTU-CVE-2021-38507",
"UBUNTU-CVE-2021-38508",
"UBUNTU-CVE-2021-38509",
"UBUNTU-CVE-2021-43528",
"UBUNTU-CVE-2021-43534",
"UBUNTU-CVE-2021-43535",
"UBUNTU-CVE-2021-43536",
"UBUNTU-CVE-2021-43537",
"UBUNTU-CVE-2021-43538",
"UBUNTU-CVE-2021-43539",
"UBUNTU-CVE-2021-43541",
"UBUNTU-CVE-2021-43542",
"UBUNTU-CVE-2021-43543",
"UBUNTU-CVE-2021-43545",
"UBUNTU-CVE-2021-43546",
"UBUNTU-CVE-2021-44538",
"UBUNTU-CVE-2022-22737",
"UBUNTU-CVE-2022-22738",
"UBUNTU-CVE-2022-22739",
"UBUNTU-CVE-2022-22740",
"UBUNTU-CVE-2022-22741",
"UBUNTU-CVE-2022-22742",
"UBUNTU-CVE-2022-22743",
"UBUNTU-CVE-2022-22745",
"UBUNTU-CVE-2022-22747",
"UBUNTU-CVE-2022-22748",
"UBUNTU-CVE-2022-22751"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.