Action not permitted
Modal body text goes here.
Modal Title
Modal Body
ubuntu-cve-2021-43528
Vulnerability from osv_ubuntu
Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities. This vulnerability affects Thunderbird < 91.4.0.
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:91.5.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:91.5.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:91.5.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:91.5.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:91.5.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:91.5.0+build1-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:91.5.0+build1-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:91.5.0+build1-0ubuntu0.18.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:52.4.0+build1-0ubuntu2",
"1:52.6.0+build1-0ubuntu1",
"1:52.7.0+build1-0ubuntu1",
"1:52.8.0+build1-0ubuntu0.18.04.1",
"1:52.9.1+build3-0ubuntu0.18.04.1",
"1:60.2.1+build1-0ubuntu0.18.04.2",
"1:60.4.0+build2-0ubuntu0.18.04.1",
"1:60.5.1+build2-0ubuntu0.18.04.1",
"1:60.6.1+build2-0ubuntu0.18.04.1",
"1:60.7.0+build1-0ubuntu0.18.04.1",
"1:60.7.1+build1-0ubuntu0.18.04.1",
"1:60.7.2+build2-0ubuntu0.18.04.1",
"1:60.8.0+build1-0ubuntu0.18.04.1",
"1:60.9.0+build1-0ubuntu0.18.04.1",
"1:68.2.1+build1-0ubuntu0.18.04.1",
"1:68.2.2+build1-0ubuntu0.18.04.1",
"1:68.4.1+build1-0ubuntu0.18.04.1",
"1:68.7.0+build1-0ubuntu0.18.04.1",
"1:68.8.0+build2-0ubuntu0.18.04.2",
"1:68.10.0+build1-0ubuntu0.18.04.1",
"1:78.8.1+build1-0ubuntu0.18.04.1",
"1:78.11.0+build1-0ubuntu0.18.04.2",
"1:78.13.0+build1-0ubuntu0.18.04.1",
"1:78.14.0+build1-0ubuntu0.18.04.1",
"1:78.14.0+build1-0ubuntu0.18.04.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:91.5.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:91.5.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:91.5.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:91.5.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:91.5.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:91.5.0+build1-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:91.5.0+build1-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:91.5.0+build1-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:68.1.2+build1-0ubuntu1",
"1:68.1.2+build1-0ubuntu2",
"1:68.2.1+build1-0ubuntu1",
"1:68.2.2+build1-0ubuntu1",
"1:68.3.0+build2-0ubuntu1",
"1:68.3.1+build1-0ubuntu2",
"1:68.4.1+build1-0ubuntu1",
"1:68.4.2+build2-0ubuntu1",
"1:68.5.0+build1-0ubuntu1",
"1:68.6.0+build2-0ubuntu1",
"1:68.7.0+build1-0ubuntu1",
"1:68.7.0+build1-0ubuntu2",
"1:68.8.0+build2-0ubuntu0.20.04.2",
"1:68.10.0+build1-0ubuntu0.20.04.1",
"1:78.7.1+build1-0ubuntu0.20.04.1",
"1:78.8.1+build1-0ubuntu0.20.04.1",
"1:78.11.0+build1-0ubuntu0.20.04.2",
"1:78.13.0+build1-0ubuntu0.20.04.2",
"1:78.14.0+build1-0ubuntu0.20.04.1",
"1:78.14.0+build1-0ubuntu0.20.04.2"
]
}
],
"aliases": [],
"details": "Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities. This vulnerability affects Thunderbird \u003c 91.4.0.",
"id": "UBUNTU-CVE-2021-43528",
"modified": "2026-04-22T07:40:11Z",
"published": "2021-12-08T22:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-43528"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43528"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5246-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5248-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43528"
}
],
"related": [
"USN-5246-1",
"USN-5248-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2021-43528"
]
}
CVE-2021-43528 (GCVE-0-2021-43528)
Vulnerability from cvelistv5 – Published: 2021-12-08 21:21 – Updated: 2024-08-04 03:55- JavaScript unexpectedly enabled for the composition area
| URL | Tags |
|---|---|
| https://www.mozilla.org/security/advisories/mfsa2… | x_refsource_MISC |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1742579 | x_refsource_MISC |
| https://www.debian.org/security/2022/dsa-5034 | vendor-advisoryx_refsource_DEBIAN |
| https://lists.debian.org/debian-lts-announce/2022… | mailing-listx_refsource_MLIST |
| https://security.gentoo.org/glsa/202208-14 | vendor-advisoryx_refsource_GENTOO |
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Thunderbird |
Affected:
unspecified , < 91.4.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:55:29.399Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-54/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1742579"
},
{
"name": "DSA-5034",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5034"
},
{
"name": "[debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html"
},
{
"name": "GLSA-202208-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "91.4.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities. This vulnerability affects Thunderbird \u003c 91.4.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "JavaScript unexpectedly enabled for the composition area",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-10T05:12:51.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2021-54/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1742579"
},
{
"name": "DSA-5034",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5034"
},
{
"name": "[debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html"
},
{
"name": "GLSA-202208-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-14"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2021-43528",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "91.4.0"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities. This vulnerability affects Thunderbird \u003c 91.4.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "JavaScript unexpectedly enabled for the composition area"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2021-54/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2021-54/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1742579",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1742579"
},
{
"name": "DSA-5034",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5034"
},
{
"name": "[debian-lts-announce] 20220104 [SECURITY] [DLA 2874-1] thunderbird security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html"
},
{
"name": "GLSA-202208-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-14"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2021-43528",
"datePublished": "2021-12-08T21:21:12.000Z",
"dateReserved": "2021-11-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:55:29.399Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
usn-5248-1
Vulnerability from osv_ubuntu
Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, trick a user into accepting unwanted permissions, conduct header splitting attacks, conduct spoofing attacks, bypass security restrictions, confuse the user, or execute arbitrary code. (CVE-2021-4129, CVE-2021-4140, CVE-2021-29981, CVE-2021-29982, CVE-2021-29987, CVE-2021-29991, CVE-2021-38495, CVE-2021-38496, CVE-2021-38497, CVE-2021-38498, CVE-2021-38500, CVE-2021-38501, CVE-2021-38503, CVE-2021-38504, CVE-2021-38506, CVE-2021-38507, CVE-2021-38508, CVE-2021-38509, CVE-2021-43534, CVE-2021-43535, CVE-2021-43536, CVE-2021-43537, CVE-2021-43538, CVE-2021-43539, CVE-2021-43541, CVE-2021-43542, CVE-2021-43543, CVE-2021-43545, CVE-2021-43656, CVE-2022-22737, CVE-2022-22738, CVE-2022-22739, CVE-2022-22740, CVE-2022-22741, CVE-2022-22742, CVE-2022-22743, CVE-2022-22745, CVE-2022-22747, CVE-2022-22748, CVE-2022-22751)
It was discovered that Thunderbird ignored the configuration to require STARTTLS for an SMTP connection. A person-in-the-middle could potentially exploit this to perform a downgrade attack in order to intercept messages or take control of a session. (CVE-2021-38502)
It was discovered that JavaScript was unexpectedly enabled in the composition area. An attacker could potentially exploit this in combination with another vulnerability, with unspecified impacts. (CVE-2021-43528)
A buffer overflow was discovered in the Matrix chat library bundled with Thunderbird. An attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2021-44538)
It was discovered that Thunderbird's OpenPGP integration only considered the inner signed message when checking signature validity in a message that contains an additional outer MIME layer. An attacker could potentially exploit this to trick the user into thinking that a message has a valid signature. (CVE-2021-4126)
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2021-4126",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-4129",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-4140",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-29981",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-29982",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-29987",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-29991",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38495",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38496",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38497",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38498",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38500",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38501",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38502",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38503",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38504",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38506",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38507",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38508",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38509",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-43528",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-43534",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-43535",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-43536",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-43537",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-43538",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-43539",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-43541",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-43542",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-43543",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-43545",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-43546",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-44538",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-22737",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-22738",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-22739",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-22740",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-22741",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-22742",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-22743",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-22745",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-22747",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-22748",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-22751",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:18.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:91.5.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:91.5.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:91.5.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:91.5.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:91.5.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:91.5.0+build1-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:91.5.0+build1-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:91.5.0+build1-0ubuntu0.18.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:52.4.0+build1-0ubuntu2",
"1:52.6.0+build1-0ubuntu1",
"1:52.7.0+build1-0ubuntu1",
"1:52.8.0+build1-0ubuntu0.18.04.1",
"1:52.9.1+build3-0ubuntu0.18.04.1",
"1:60.2.1+build1-0ubuntu0.18.04.2",
"1:60.4.0+build2-0ubuntu0.18.04.1",
"1:60.5.1+build2-0ubuntu0.18.04.1",
"1:60.6.1+build2-0ubuntu0.18.04.1",
"1:60.7.0+build1-0ubuntu0.18.04.1",
"1:60.7.1+build1-0ubuntu0.18.04.1",
"1:60.7.2+build2-0ubuntu0.18.04.1",
"1:60.8.0+build1-0ubuntu0.18.04.1",
"1:60.9.0+build1-0ubuntu0.18.04.1",
"1:68.2.1+build1-0ubuntu0.18.04.1",
"1:68.2.2+build1-0ubuntu0.18.04.1",
"1:68.4.1+build1-0ubuntu0.18.04.1",
"1:68.7.0+build1-0ubuntu0.18.04.1",
"1:68.8.0+build2-0ubuntu0.18.04.2",
"1:68.10.0+build1-0ubuntu0.18.04.1",
"1:78.8.1+build1-0ubuntu0.18.04.1",
"1:78.11.0+build1-0ubuntu0.18.04.2",
"1:78.13.0+build1-0ubuntu0.18.04.1",
"1:78.14.0+build1-0ubuntu0.18.04.1",
"1:78.14.0+build1-0ubuntu0.18.04.2"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2021-4126",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-4129",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-4140",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-29981",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-29982",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-29987",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-29991",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38495",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38496",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38497",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38498",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38500",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38501",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38502",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38503",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38504",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38506",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38507",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38508",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-38509",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-43528",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-43534",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-43535",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-43536",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-43537",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-43538",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-43539",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-43541",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-43542",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-43543",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-43545",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-43546",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-44538",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-22737",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-22738",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-22739",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-22740",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-22741",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-22742",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-22743",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-22745",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-22747",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-22748",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-22751",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:20.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:91.5.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:91.5.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:91.5.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:91.5.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:91.5.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:91.5.0+build1-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:91.5.0+build1-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:91.5.0+build1-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:68.1.2+build1-0ubuntu1",
"1:68.1.2+build1-0ubuntu2",
"1:68.2.1+build1-0ubuntu1",
"1:68.2.2+build1-0ubuntu1",
"1:68.3.0+build2-0ubuntu1",
"1:68.3.1+build1-0ubuntu2",
"1:68.4.1+build1-0ubuntu1",
"1:68.4.2+build2-0ubuntu1",
"1:68.5.0+build1-0ubuntu1",
"1:68.6.0+build2-0ubuntu1",
"1:68.7.0+build1-0ubuntu1",
"1:68.7.0+build1-0ubuntu2",
"1:68.8.0+build2-0ubuntu0.20.04.2",
"1:68.10.0+build1-0ubuntu0.20.04.1",
"1:78.7.1+build1-0ubuntu0.20.04.1",
"1:78.8.1+build1-0ubuntu0.20.04.1",
"1:78.11.0+build1-0ubuntu0.20.04.2",
"1:78.13.0+build1-0ubuntu0.20.04.2",
"1:78.14.0+build1-0ubuntu0.20.04.1",
"1:78.14.0+build1-0ubuntu0.20.04.2"
]
}
],
"aliases": [],
"details": "Multiple security issues were discovered in Thunderbird. If a user were\ntricked into opening a specially crafted website in a browsing context, an\nattacker could potentially exploit these to cause a denial of service,\nobtain sensitive information, trick a user into accepting unwanted\npermissions, conduct header splitting attacks, conduct spoofing attacks,\nbypass security restrictions, confuse the user, or execute arbitrary code.\n(CVE-2021-4129, CVE-2021-4140, CVE-2021-29981, CVE-2021-29982,\nCVE-2021-29987, CVE-2021-29991, CVE-2021-38495, CVE-2021-38496,\nCVE-2021-38497, CVE-2021-38498, CVE-2021-38500, CVE-2021-38501,\nCVE-2021-38503, CVE-2021-38504, CVE-2021-38506, CVE-2021-38507,\nCVE-2021-38508, CVE-2021-38509, CVE-2021-43534, CVE-2021-43535,\nCVE-2021-43536, CVE-2021-43537, CVE-2021-43538, CVE-2021-43539,\nCVE-2021-43541, CVE-2021-43542, CVE-2021-43543, CVE-2021-43545,\nCVE-2021-43656, CVE-2022-22737, CVE-2022-22738, CVE-2022-22739,\nCVE-2022-22740, CVE-2022-22741, CVE-2022-22742, CVE-2022-22743,\nCVE-2022-22745, CVE-2022-22747, CVE-2022-22748, CVE-2022-22751)\n\nIt was discovered that Thunderbird ignored the configuration to require\nSTARTTLS for an SMTP connection. A person-in-the-middle could potentially\nexploit this to perform a downgrade attack in order to intercept messages\nor take control of a session. (CVE-2021-38502)\n\nIt was discovered that JavaScript was unexpectedly enabled in the\ncomposition area. An attacker could potentially exploit this in\ncombination with another vulnerability, with unspecified impacts.\n(CVE-2021-43528)\n\nA buffer overflow was discovered in the Matrix chat library bundled with\nThunderbird. An attacker could potentially exploit this to cause a denial\nof service, or execute arbitrary code. (CVE-2021-44538)\n\nIt was discovered that Thunderbird\u0027s OpenPGP integration only considered\nthe inner signed message when checking signature validity in a message\nthat contains an additional outer MIME layer. An attacker could\npotentially exploit this to trick the user into thinking that a message\nhas a valid signature. (CVE-2021-4126)\n",
"id": "USN-5248-1",
"modified": "2026-04-27T14:11:27Z",
"published": "2022-01-21T17:00:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5248-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-4126"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-4129"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-4140"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-29981"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-29982"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-29987"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-29991"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-38495"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-38496"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-38497"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-38498"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-38500"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-38501"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-38502"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-38503"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-38504"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-38506"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-38507"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-38508"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-38509"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-43528"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-43534"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-43535"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-43536"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-43537"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-43538"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-43539"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-43541"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-43542"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-43543"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-43545"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-43546"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-44538"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-22737"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-22738"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-22739"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-22740"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-22741"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-22742"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-22743"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-22745"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-22747"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-22748"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-22751"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "thunderbird vulnerabilities",
"upstream": [
"UBUNTU-CVE-2021-4126",
"UBUNTU-CVE-2021-4129",
"UBUNTU-CVE-2021-4140",
"UBUNTU-CVE-2021-29981",
"UBUNTU-CVE-2021-29982",
"UBUNTU-CVE-2021-29987",
"UBUNTU-CVE-2021-29991",
"UBUNTU-CVE-2021-38495",
"UBUNTU-CVE-2021-38496",
"UBUNTU-CVE-2021-38497",
"UBUNTU-CVE-2021-38498",
"UBUNTU-CVE-2021-38500",
"UBUNTU-CVE-2021-38501",
"UBUNTU-CVE-2021-38502",
"UBUNTU-CVE-2021-38503",
"UBUNTU-CVE-2021-38504",
"UBUNTU-CVE-2021-38506",
"UBUNTU-CVE-2021-38507",
"UBUNTU-CVE-2021-38508",
"UBUNTU-CVE-2021-38509",
"UBUNTU-CVE-2021-43528",
"UBUNTU-CVE-2021-43534",
"UBUNTU-CVE-2021-43535",
"UBUNTU-CVE-2021-43536",
"UBUNTU-CVE-2021-43537",
"UBUNTU-CVE-2021-43538",
"UBUNTU-CVE-2021-43539",
"UBUNTU-CVE-2021-43541",
"UBUNTU-CVE-2021-43542",
"UBUNTU-CVE-2021-43543",
"UBUNTU-CVE-2021-43545",
"UBUNTU-CVE-2021-43546",
"UBUNTU-CVE-2021-44538",
"UBUNTU-CVE-2022-22737",
"UBUNTU-CVE-2022-22738",
"UBUNTU-CVE-2022-22739",
"UBUNTU-CVE-2022-22740",
"UBUNTU-CVE-2022-22741",
"UBUNTU-CVE-2022-22742",
"UBUNTU-CVE-2022-22743",
"UBUNTU-CVE-2022-22745",
"UBUNTU-CVE-2022-22747",
"UBUNTU-CVE-2022-22748",
"UBUNTU-CVE-2022-22751"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.