Action not permitted
Modal body text goes here.
Modal Title
Modal Body
usn-4995-1
Vulnerability from osv_ubuntu
Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, spoof the UI, bypass security restrictions, or execute arbitrary code. (CVE-2021-23961, CVE-2021-23981, CVE-2021-23982, CVE-2021-23987, CVE-2021-23994, CVE-2021-23998, CVE-2021-23999, CVE-2021-29945, CVE-2021-29946, CVE-2021-29967)
It was discovered that extensions could open popup windows with control of the window title in some circumstances. If a user were tricked into installing a specially crafted extension, an attacker could potentially exploit this to spoof a website and trick the user into providing credentials. (CVE-2021-23984)
Multiple security issues were discovered in Thunderbird's OpenPGP integration. If a user were tricked into importing a specially crafted key in some circumstances, an attacker could potentially exploit this to cause a denial of service (inability to send encrypted email) or confuse the user. (CVE-2021-23991, CVE-2021-23992, CVE-2021-23993)
A use-after-free was discovered when Responsive Design Mode was enabled. If a user were tricked into opening a specially crafted website with Responsive Design Mode enabled, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2021-23995)
It was discovered that Thunderbird mishandled ftp URLs with encoded newline characters. If a user were tricked into clicking on a specially crafted link, an attacker could potentially exploit this to send arbitrary FTP commands. (CVE-2021-24002)
It was discovered that Thunderbird wrote signatures to disk and read them back during verification. A local attacker could potentially exploit this to replace the data with another signature file. (CVE-2021-29948)
It was discovered that Thunderbird might load an alternative OTR library. If a user were tricked into copying a specially crafted library to one of Thunderbird's search paths, an attacker could potentially exploit this to execute arbitrary code. (CVE-2021-29949)
It was discovered that secret keys imported into Thunderbird were stored unencrypted. A local attacker could potentially exploit this to obtain private keys. (CVE-2021-29956)
It was discovered that Thunderbird did not indicate when an inline signed or encrypted message contained additional unprotected parts. (CVE-2021-29957)
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2021-23961",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-23981",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-23982",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-23984",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-23987",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-23991",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-23992",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-23993",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-23994",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-23995",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-23998",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-23999",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-24002",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-29945",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-29946",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-29948",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-29949",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-29956",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-29957",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-29967",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:20.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:78.11.0+build1-0ubuntu0.20.04.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:78.11.0+build1-0ubuntu0.20.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:68.1.2+build1-0ubuntu1",
"1:68.1.2+build1-0ubuntu2",
"1:68.2.1+build1-0ubuntu1",
"1:68.2.2+build1-0ubuntu1",
"1:68.3.0+build2-0ubuntu1",
"1:68.3.1+build1-0ubuntu2",
"1:68.4.1+build1-0ubuntu1",
"1:68.4.2+build2-0ubuntu1",
"1:68.5.0+build1-0ubuntu1",
"1:68.6.0+build2-0ubuntu1",
"1:68.7.0+build1-0ubuntu1",
"1:68.7.0+build1-0ubuntu2",
"1:68.8.0+build2-0ubuntu0.20.04.2",
"1:68.10.0+build1-0ubuntu0.20.04.1",
"1:78.7.1+build1-0ubuntu0.20.04.1",
"1:78.8.1+build1-0ubuntu0.20.04.1"
]
}
],
"aliases": [],
"details": "Multiple security issues were discovered in Thunderbird. If a user were\ntricked into opening a specially crafted website in a browsing context, an\nattacker could potentially exploit these to cause a denial of service,\nobtain sensitive information, spoof the UI, bypass security restrictions,\nor execute arbitrary code. (CVE-2021-23961, CVE-2021-23981,\nCVE-2021-23982, CVE-2021-23987, CVE-2021-23994, CVE-2021-23998,\nCVE-2021-23999, CVE-2021-29945, CVE-2021-29946, CVE-2021-29967)\n\nIt was discovered that extensions could open popup windows with control\nof the window title in some circumstances. If a user were tricked into\ninstalling a specially crafted extension, an attacker could potentially\nexploit this to spoof a website and trick the user into providing\ncredentials. (CVE-2021-23984)\n\nMultiple security issues were discovered in Thunderbird\u0027s OpenPGP\nintegration. If a user were tricked into importing a specially crafted\nkey in some circumstances, an attacker could potentially exploit this\nto cause a denial of service (inability to send encrypted email) or\nconfuse the user. (CVE-2021-23991, CVE-2021-23992, CVE-2021-23993)\n\nA use-after-free was discovered when Responsive Design Mode was\nenabled. If a user were tricked into opening a specially crafted\nwebsite with Responsive Design Mode enabled, an attacker could\npotentially exploit this to cause a denial of service, or execute\narbitrary code. (CVE-2021-23995)\n\nIt was discovered that Thunderbird mishandled ftp URLs with encoded\nnewline characters. If a user were tricked into clicking on a specially\ncrafted link, an attacker could potentially exploit this to send arbitrary\nFTP commands. (CVE-2021-24002)\n\nIt was discovered that Thunderbird wrote signatures to disk and read them\nback during verification. A local attacker could potentially exploit this\nto replace the data with another signature file. (CVE-2021-29948)\n\nIt was discovered that Thunderbird might load an alternative OTR\nlibrary. If a user were tricked into copying a specially crafted\nlibrary to one of Thunderbird\u0027s search paths, an attacker could\npotentially exploit this to execute arbitrary code. (CVE-2021-29949)\n\nIt was discovered that secret keys imported into Thunderbird were\nstored unencrypted. A local attacker could potentially exploit this to\nobtain private keys. (CVE-2021-29956)\n\nIt was discovered that Thunderbird did not indicate when an inline signed\nor encrypted message contained additional unprotected parts.\n(CVE-2021-29957)\n",
"id": "USN-4995-1",
"modified": "2026-04-22T07:36:59Z",
"published": "2021-06-22T16:43:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4995-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-23961"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-23981"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-23982"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-23984"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-23987"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-23991"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-23992"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-23993"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-23994"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-23995"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-23998"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-23999"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-24002"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-29945"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-29946"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-29948"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-29949"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-29956"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-29957"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-29967"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "thunderbird vulnerabilities",
"upstream": [
"UBUNTU-CVE-2021-23961",
"UBUNTU-CVE-2021-23981",
"UBUNTU-CVE-2021-23982",
"UBUNTU-CVE-2021-23984",
"UBUNTU-CVE-2021-23987",
"UBUNTU-CVE-2021-23991",
"UBUNTU-CVE-2021-23992",
"UBUNTU-CVE-2021-23993",
"UBUNTU-CVE-2021-23994",
"UBUNTU-CVE-2021-23995",
"UBUNTU-CVE-2021-23998",
"UBUNTU-CVE-2021-23999",
"UBUNTU-CVE-2021-24002",
"UBUNTU-CVE-2021-29945",
"UBUNTU-CVE-2021-29946",
"UBUNTU-CVE-2021-29948",
"UBUNTU-CVE-2021-29949",
"UBUNTU-CVE-2021-29956",
"UBUNTU-CVE-2021-29957",
"UBUNTU-CVE-2021-29967"
]
}
ubuntu-cve-2021-23961
Vulnerability from osv_ubuntu
Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 85.
| URL | Type | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "85.0+build1-0ubuntu0.16.04.1"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "85.0+build1-0ubuntu0.16.04.1"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "85.0+build1-0ubuntu0.16.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@85.0+build1-0ubuntu0.16.04.1?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "85.0+build1-0ubuntu0.16.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"41.0.2+build2-0ubuntu1",
"42.0+build2-0ubuntu1",
"44.0+build3-0ubuntu2",
"44.0.1+build1-0ubuntu1",
"44.0.2+build1-0ubuntu1",
"45.0+build2-0ubuntu1",
"45.0.1+build1-0ubuntu1",
"45.0.2+build1-0ubuntu1",
"46.0+build5-0ubuntu0.16.04.2",
"46.0.1+build1-0ubuntu0.16.04.2",
"47.0+build3-0ubuntu0.16.04.1",
"48.0+build2-0ubuntu0.16.04.1",
"49.0+build4-0ubuntu0.16.04.1",
"49.0.2+build2-0ubuntu0.16.04.2",
"50.0+build2-0ubuntu0.16.04.2",
"50.0.2+build1-0ubuntu0.16.04.1",
"50.1.0+build2-0ubuntu0.16.04.1",
"51.0.1+build2-0ubuntu0.16.04.1",
"51.0.1+build2-0ubuntu0.16.04.2",
"52.0+build2-0ubuntu0.16.04.1",
"52.0.1+build2-0ubuntu0.16.04.1",
"52.0.2+build1-0ubuntu0.16.04.1",
"53.0+build6-0ubuntu0.16.04.1",
"53.0.2+build1-0ubuntu0.16.04.2",
"53.0.3+build1-0ubuntu0.16.04.2",
"54.0+build3-0ubuntu0.16.04.1",
"55.0.1+build2-0ubuntu0.16.04.2",
"55.0.2+build1-0ubuntu0.16.04.1",
"56.0+build6-0ubuntu0.16.04.1",
"56.0+build6-0ubuntu0.16.04.2",
"57.0+build4-0ubuntu0.16.04.5",
"57.0+build4-0ubuntu0.16.04.6",
"57.0.1+build2-0ubuntu0.16.04.1",
"57.0.3+build1-0ubuntu0.16.04.1",
"57.0.4+build1-0ubuntu0.16.04.1",
"58.0+build6-0ubuntu0.16.04.1",
"58.0.1+build1-0ubuntu0.16.04.1",
"58.0.2+build1-0ubuntu0.16.04.1",
"59.0+build5-0ubuntu0.16.04.1",
"59.0.1+build1-0ubuntu0.16.04.1",
"59.0.2+build1-0ubuntu0.16.04.1",
"59.0.2+build1-0ubuntu0.16.04.3",
"60.0+build2-0ubuntu0.16.04.1",
"60.0.1+build2-0ubuntu0.16.04.1",
"60.0.2+build1-0ubuntu0.16.04.1",
"61.0+build3-0ubuntu0.16.04.2",
"61.0.1+build1-0ubuntu0.16.04.1",
"62.0+build2-0ubuntu0.16.04.3",
"62.0+build2-0ubuntu0.16.04.4",
"62.0+build2-0ubuntu0.16.04.5",
"62.0.3+build1-0ubuntu0.16.04.2",
"63.0+build2-0ubuntu0.16.04.2",
"63.0.3+build1-0ubuntu0.16.04.1",
"64.0+build3-0ubuntu0.16.04.1",
"65.0+build2-0ubuntu0.16.04.1",
"65.0.1+build2-0ubuntu0.16.04.1",
"66.0+build3-0ubuntu0.16.04.2",
"66.0.1+build1-0ubuntu0.16.04.1",
"66.0.2+build1-0ubuntu0.16.04.1",
"66.0.3+build1-0ubuntu0.16.04.1",
"66.0.4+build3-0ubuntu0.16.04.1",
"66.0.5+build1-0ubuntu0.16.04.1",
"67.0+build2-0ubuntu0.16.04.1",
"67.0.1+build1-0ubuntu0.16.04.1",
"67.0.2+build2-0ubuntu0.16.04.1",
"67.0.3+build1-0ubuntu0.16.04.1",
"67.0.4+build1-0ubuntu0.16.04.1",
"68.0+build3-0ubuntu0.16.04.1",
"68.0.1+build1-0ubuntu0.16.04.1",
"68.0.2+build1-0ubuntu0.16.04.1",
"69.0+build2-0ubuntu0.16.04.4",
"69.0.1+build1-0ubuntu0.16.04.1",
"69.0.2+build1-0ubuntu0.16.04.1",
"70.0+build2-0ubuntu0.16.04.1",
"70.0.1+build1-0ubuntu0.16.04.1",
"71.0+build5-0ubuntu0.16.04.1",
"72.0.1+build1-0ubuntu0.16.04.1",
"72.0.2+build1-0ubuntu0.16.04.1",
"73.0.1+build1-0ubuntu0.16.04.1",
"74.0+build3-0ubuntu0.16.04.1",
"74.0.1+build1-0ubuntu0.16.04.1",
"75.0+build3-0ubuntu0.16.04.1",
"76.0+build2-0ubuntu0.16.04.1",
"76.0.1+build1-0ubuntu0.16.04.1",
"77.0.1+build1-0ubuntu0.16.04.1",
"78.0.1+build1-0ubuntu0.16.04.1",
"78.0.2+build2-0ubuntu0.16.04.1",
"79.0+build1-0ubuntu0.16.04.2",
"80.0+build2-0ubuntu0.16.04.1",
"80.0.1+build1-0ubuntu0.16.04.1",
"81.0+build2-0ubuntu0.16.04.1",
"81.0.2+build1-0ubuntu0.16.04.1",
"82.0+build2-0ubuntu0.16.04.5",
"82.0.2+build1-0ubuntu0.16.04.1",
"82.0.3+build1-0ubuntu0.16.04.1",
"83.0+build2-0ubuntu0.16.04.3",
"84.0+build3-0ubuntu0.16.04.1",
"84.0.1+build1-0ubuntu0.16.04.1",
"84.0.2+build1-0ubuntu0.16.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "85.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "85.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "85.0+build1-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@85.0+build1-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "85.0+build1-0ubuntu0.18.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"56.0+build6-0ubuntu1",
"57.0.1+build2-0ubuntu1",
"59.0.1+build1-0ubuntu1",
"59.0.2+build1-0ubuntu1",
"60.0+build2-0ubuntu1",
"60.0.1+build2-0ubuntu0.18.04.1",
"60.0.2+build1-0ubuntu0.18.04.1",
"61.0+build3-0ubuntu0.18.04.1",
"61.0.1+build1-0ubuntu0.18.04.1",
"62.0+build2-0ubuntu0.18.04.3",
"62.0+build2-0ubuntu0.18.04.4",
"62.0+build2-0ubuntu0.18.04.5",
"62.0.3+build1-0ubuntu0.18.04.1",
"63.0+build2-0ubuntu0.18.04.2",
"63.0.3+build1-0ubuntu0.18.04.1",
"64.0+build3-0ubuntu0.18.04.1",
"65.0+build2-0ubuntu0.18.04.1",
"65.0.1+build2-0ubuntu0.18.04.1",
"66.0+build3-0ubuntu0.18.04.1",
"66.0.1+build1-0ubuntu0.18.04.1",
"66.0.2+build1-0ubuntu0.18.04.1",
"66.0.3+build1-0ubuntu0.18.04.1",
"66.0.4+build3-0ubuntu0.18.04.1",
"66.0.5+build1-0ubuntu0.18.04.1",
"67.0+build2-0ubuntu0.18.04.1",
"67.0.1+build1-0ubuntu0.18.04.1",
"67.0.2+build2-0ubuntu0.18.04.1",
"67.0.3+build1-0ubuntu0.18.04.1",
"67.0.4+build1-0ubuntu0.18.04.1",
"68.0+build3-0ubuntu0.18.04.1",
"68.0.1+build1-0ubuntu0.18.04.1",
"68.0.2+build1-0ubuntu0.18.04.1",
"69.0+build2-0ubuntu0.18.04.1",
"69.0.1+build1-0ubuntu0.18.04.1",
"69.0.2+build1-0ubuntu0.18.04.1",
"70.0+build2-0ubuntu0.18.04.1",
"70.0.1+build1-0ubuntu0.18.04.1",
"71.0+build5-0ubuntu0.18.04.1",
"72.0.1+build1-0ubuntu0.18.04.1",
"72.0.2+build1-0ubuntu0.18.04.1",
"73.0+build3-0ubuntu0.18.04.1",
"73.0.1+build1-0ubuntu0.18.04.1",
"74.0+build3-0ubuntu0.18.04.1",
"74.0.1+build1-0ubuntu0.18.04.1",
"75.0+build3-0ubuntu0.18.04.1",
"76.0+build2-0ubuntu0.18.04.1",
"76.0.1+build1-0ubuntu0.18.04.1",
"77.0.1+build1-0ubuntu0.18.04.1",
"78.0.1+build1-0ubuntu0.18.04.1",
"78.0.2+build2-0ubuntu0.18.04.1",
"79.0+build1-0ubuntu0.18.04.1",
"80.0+build2-0ubuntu0.18.04.1",
"80.0.1+build1-0ubuntu0.18.04.1",
"81.0+build2-0ubuntu0.18.04.1",
"81.0.2+build1-0ubuntu0.18.04.1",
"82.0+build2-0ubuntu0.18.04.1",
"82.0.2+build1-0ubuntu0.18.04.1",
"82.0.3+build1-0ubuntu0.18.04.1",
"83.0+build2-0ubuntu0.18.04.2",
"84.0+build3-0ubuntu0.18.04.1",
"84.0.1+build1-0ubuntu0.18.04.1",
"84.0.2+build1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:78.11.0+build1-0ubuntu0.18.04.2?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:78.11.0+build1-0ubuntu0.18.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:52.4.0+build1-0ubuntu2",
"1:52.6.0+build1-0ubuntu1",
"1:52.7.0+build1-0ubuntu1",
"1:52.8.0+build1-0ubuntu0.18.04.1",
"1:52.9.1+build3-0ubuntu0.18.04.1",
"1:60.2.1+build1-0ubuntu0.18.04.2",
"1:60.4.0+build2-0ubuntu0.18.04.1",
"1:60.5.1+build2-0ubuntu0.18.04.1",
"1:60.6.1+build2-0ubuntu0.18.04.1",
"1:60.7.0+build1-0ubuntu0.18.04.1",
"1:60.7.1+build1-0ubuntu0.18.04.1",
"1:60.7.2+build2-0ubuntu0.18.04.1",
"1:60.8.0+build1-0ubuntu0.18.04.1",
"1:60.9.0+build1-0ubuntu0.18.04.1",
"1:68.2.1+build1-0ubuntu0.18.04.1",
"1:68.2.2+build1-0ubuntu0.18.04.1",
"1:68.4.1+build1-0ubuntu0.18.04.1",
"1:68.7.0+build1-0ubuntu0.18.04.1",
"1:68.8.0+build2-0ubuntu0.18.04.2",
"1:68.10.0+build1-0ubuntu0.18.04.1",
"1:78.8.1+build1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.3.1-0ubuntu3",
"52.3.1-7fakesync1",
"52.8.1-0ubuntu0.18.04.1",
"52.9.1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-38-0",
"binary_version": "38.8.0~repack1-0ubuntu4"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs38",
"purl": "pkg:deb/ubuntu/mozjs38@38.8.0~repack1-0ubuntu4?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"38.8.0~repack1-0ubuntu1",
"38.8.0~repack1-0ubuntu3",
"38.8.0~repack1-0ubuntu4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "85.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "85.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "85.0+build1-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@85.0+build1-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "85.0+build1-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"69.0.3+build1-0ubuntu1",
"70.0+build2-0ubuntu1",
"70.0+build2-0ubuntu2",
"70.0.1+build1-0ubuntu2",
"71.0+build2-0ubuntu2",
"71.0+build5-0ubuntu1",
"72.0.1+build1-0ubuntu1",
"72.0.2+build1-0ubuntu1",
"73.0+build1-0ubuntu1",
"73.0+build2-0ubuntu1",
"73.0+build3-0ubuntu1",
"73.0.1+build1-0ubuntu1",
"74.0+build1-0ubuntu1",
"74.0+build2-0ubuntu1",
"74.0+build2-0ubuntu2",
"74.0+build3-0ubuntu1",
"75.0+build3-0ubuntu1",
"76.0+build2-0ubuntu0.20.04.1",
"76.0.1+build1-0ubuntu0.20.04.1",
"77.0.1+build1-0ubuntu0.20.04.1",
"78.0.1+build1-0ubuntu0.20.04.1",
"78.0.2+build2-0ubuntu0.20.04.1",
"79.0+build1-0ubuntu0.20.04.1",
"80.0+build2-0ubuntu0.20.04.1",
"80.0.1+build1-0ubuntu0.20.04.1",
"81.0+build2-0ubuntu0.20.04.1",
"81.0.2+build1-0ubuntu0.20.04.1",
"82.0+build2-0ubuntu0.20.04.1",
"82.0.2+build1-0ubuntu0.20.04.1",
"82.0.3+build1-0ubuntu0.20.04.1",
"83.0+build2-0ubuntu0.20.04.1",
"84.0+build3-0ubuntu0.20.04.1",
"84.0.1+build1-0ubuntu0.20.04.1",
"84.0.2+build1-0ubuntu0.20.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:78.11.0+build1-0ubuntu0.20.04.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:78.11.0+build1-0ubuntu0.20.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:68.1.2+build1-0ubuntu1",
"1:68.1.2+build1-0ubuntu2",
"1:68.2.1+build1-0ubuntu1",
"1:68.2.2+build1-0ubuntu1",
"1:68.3.0+build2-0ubuntu1",
"1:68.3.1+build1-0ubuntu2",
"1:68.4.1+build1-0ubuntu1",
"1:68.4.2+build2-0ubuntu1",
"1:68.5.0+build1-0ubuntu1",
"1:68.6.0+build2-0ubuntu1",
"1:68.7.0+build1-0ubuntu1",
"1:68.7.0+build1-0ubuntu2",
"1:68.8.0+build2-0ubuntu0.20.04.2",
"1:68.10.0+build1-0ubuntu0.20.04.1",
"1:78.7.1+build1-0ubuntu0.20.04.1",
"1:78.8.1+build1-0ubuntu0.20.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-68-0",
"binary_version": "68.6.0-1ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs68",
"purl": "pkg:deb/ubuntu/mozjs68@68.6.0-1ubuntu1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"68.5.0-1~fakesync",
"68.5.0-2~fakesync",
"68.6.0-1",
"68.6.0-1ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-1ubuntu3"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-1ubuntu3?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.9.1-1build1",
"52.9.1-1ubuntu3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-78-0",
"binary_version": "78.15.0-4ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs78",
"purl": "pkg:deb/ubuntu/mozjs78@78.15.0-4ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"78.13.0-1",
"78.15.0-2",
"78.15.0-4ubuntu1"
]
}
],
"aliases": [],
"details": "Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network\u0027s hosts as well as services running on the user\u0027s local machine. This vulnerability affects Firefox \u003c 85.",
"id": "UBUNTU-CVE-2021-23961",
"modified": "2026-04-22T07:39:56Z",
"published": "2021-01-26T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-23961"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23961"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4717-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4995-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4995-2"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23961"
}
],
"related": [
"USN-4717-1",
"USN-4995-1",
"USN-4995-2"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2021-23961"
]
}
ubuntu-cve-2021-23981
Vulnerability from osv_ubuntu
A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.
| URL | Type | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "87.0+build3-0ubuntu0.16.04.2"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "87.0+build3-0ubuntu0.16.04.2"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "87.0+build3-0ubuntu0.16.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@87.0+build3-0ubuntu0.16.04.2?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "87.0+build3-0ubuntu0.16.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"41.0.2+build2-0ubuntu1",
"42.0+build2-0ubuntu1",
"44.0+build3-0ubuntu2",
"44.0.1+build1-0ubuntu1",
"44.0.2+build1-0ubuntu1",
"45.0+build2-0ubuntu1",
"45.0.1+build1-0ubuntu1",
"45.0.2+build1-0ubuntu1",
"46.0+build5-0ubuntu0.16.04.2",
"46.0.1+build1-0ubuntu0.16.04.2",
"47.0+build3-0ubuntu0.16.04.1",
"48.0+build2-0ubuntu0.16.04.1",
"49.0+build4-0ubuntu0.16.04.1",
"49.0.2+build2-0ubuntu0.16.04.2",
"50.0+build2-0ubuntu0.16.04.2",
"50.0.2+build1-0ubuntu0.16.04.1",
"50.1.0+build2-0ubuntu0.16.04.1",
"51.0.1+build2-0ubuntu0.16.04.1",
"51.0.1+build2-0ubuntu0.16.04.2",
"52.0+build2-0ubuntu0.16.04.1",
"52.0.1+build2-0ubuntu0.16.04.1",
"52.0.2+build1-0ubuntu0.16.04.1",
"53.0+build6-0ubuntu0.16.04.1",
"53.0.2+build1-0ubuntu0.16.04.2",
"53.0.3+build1-0ubuntu0.16.04.2",
"54.0+build3-0ubuntu0.16.04.1",
"55.0.1+build2-0ubuntu0.16.04.2",
"55.0.2+build1-0ubuntu0.16.04.1",
"56.0+build6-0ubuntu0.16.04.1",
"56.0+build6-0ubuntu0.16.04.2",
"57.0+build4-0ubuntu0.16.04.5",
"57.0+build4-0ubuntu0.16.04.6",
"57.0.1+build2-0ubuntu0.16.04.1",
"57.0.3+build1-0ubuntu0.16.04.1",
"57.0.4+build1-0ubuntu0.16.04.1",
"58.0+build6-0ubuntu0.16.04.1",
"58.0.1+build1-0ubuntu0.16.04.1",
"58.0.2+build1-0ubuntu0.16.04.1",
"59.0+build5-0ubuntu0.16.04.1",
"59.0.1+build1-0ubuntu0.16.04.1",
"59.0.2+build1-0ubuntu0.16.04.1",
"59.0.2+build1-0ubuntu0.16.04.3",
"60.0+build2-0ubuntu0.16.04.1",
"60.0.1+build2-0ubuntu0.16.04.1",
"60.0.2+build1-0ubuntu0.16.04.1",
"61.0+build3-0ubuntu0.16.04.2",
"61.0.1+build1-0ubuntu0.16.04.1",
"62.0+build2-0ubuntu0.16.04.3",
"62.0+build2-0ubuntu0.16.04.4",
"62.0+build2-0ubuntu0.16.04.5",
"62.0.3+build1-0ubuntu0.16.04.2",
"63.0+build2-0ubuntu0.16.04.2",
"63.0.3+build1-0ubuntu0.16.04.1",
"64.0+build3-0ubuntu0.16.04.1",
"65.0+build2-0ubuntu0.16.04.1",
"65.0.1+build2-0ubuntu0.16.04.1",
"66.0+build3-0ubuntu0.16.04.2",
"66.0.1+build1-0ubuntu0.16.04.1",
"66.0.2+build1-0ubuntu0.16.04.1",
"66.0.3+build1-0ubuntu0.16.04.1",
"66.0.4+build3-0ubuntu0.16.04.1",
"66.0.5+build1-0ubuntu0.16.04.1",
"67.0+build2-0ubuntu0.16.04.1",
"67.0.1+build1-0ubuntu0.16.04.1",
"67.0.2+build2-0ubuntu0.16.04.1",
"67.0.3+build1-0ubuntu0.16.04.1",
"67.0.4+build1-0ubuntu0.16.04.1",
"68.0+build3-0ubuntu0.16.04.1",
"68.0.1+build1-0ubuntu0.16.04.1",
"68.0.2+build1-0ubuntu0.16.04.1",
"69.0+build2-0ubuntu0.16.04.4",
"69.0.1+build1-0ubuntu0.16.04.1",
"69.0.2+build1-0ubuntu0.16.04.1",
"70.0+build2-0ubuntu0.16.04.1",
"70.0.1+build1-0ubuntu0.16.04.1",
"71.0+build5-0ubuntu0.16.04.1",
"72.0.1+build1-0ubuntu0.16.04.1",
"72.0.2+build1-0ubuntu0.16.04.1",
"73.0.1+build1-0ubuntu0.16.04.1",
"74.0+build3-0ubuntu0.16.04.1",
"74.0.1+build1-0ubuntu0.16.04.1",
"75.0+build3-0ubuntu0.16.04.1",
"76.0+build2-0ubuntu0.16.04.1",
"76.0.1+build1-0ubuntu0.16.04.1",
"77.0.1+build1-0ubuntu0.16.04.1",
"78.0.1+build1-0ubuntu0.16.04.1",
"78.0.2+build2-0ubuntu0.16.04.1",
"79.0+build1-0ubuntu0.16.04.2",
"80.0+build2-0ubuntu0.16.04.1",
"80.0.1+build1-0ubuntu0.16.04.1",
"81.0+build2-0ubuntu0.16.04.1",
"81.0.2+build1-0ubuntu0.16.04.1",
"82.0+build2-0ubuntu0.16.04.5",
"82.0.2+build1-0ubuntu0.16.04.1",
"82.0.3+build1-0ubuntu0.16.04.1",
"83.0+build2-0ubuntu0.16.04.3",
"84.0+build3-0ubuntu0.16.04.1",
"84.0.1+build1-0ubuntu0.16.04.1",
"84.0.2+build1-0ubuntu0.16.04.1",
"85.0+build1-0ubuntu0.16.04.1",
"85.0.1+build1-0ubuntu0.16.04.1",
"86.0+build3-0ubuntu0.16.04.1",
"86.0.1+build1-0ubuntu0.16.04.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "87.0+build3-0ubuntu0.18.04.2"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "87.0+build3-0ubuntu0.18.04.2"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "87.0+build3-0ubuntu0.18.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@87.0+build3-0ubuntu0.18.04.2?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "87.0+build3-0ubuntu0.18.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"56.0+build6-0ubuntu1",
"57.0.1+build2-0ubuntu1",
"59.0.1+build1-0ubuntu1",
"59.0.2+build1-0ubuntu1",
"60.0+build2-0ubuntu1",
"60.0.1+build2-0ubuntu0.18.04.1",
"60.0.2+build1-0ubuntu0.18.04.1",
"61.0+build3-0ubuntu0.18.04.1",
"61.0.1+build1-0ubuntu0.18.04.1",
"62.0+build2-0ubuntu0.18.04.3",
"62.0+build2-0ubuntu0.18.04.4",
"62.0+build2-0ubuntu0.18.04.5",
"62.0.3+build1-0ubuntu0.18.04.1",
"63.0+build2-0ubuntu0.18.04.2",
"63.0.3+build1-0ubuntu0.18.04.1",
"64.0+build3-0ubuntu0.18.04.1",
"65.0+build2-0ubuntu0.18.04.1",
"65.0.1+build2-0ubuntu0.18.04.1",
"66.0+build3-0ubuntu0.18.04.1",
"66.0.1+build1-0ubuntu0.18.04.1",
"66.0.2+build1-0ubuntu0.18.04.1",
"66.0.3+build1-0ubuntu0.18.04.1",
"66.0.4+build3-0ubuntu0.18.04.1",
"66.0.5+build1-0ubuntu0.18.04.1",
"67.0+build2-0ubuntu0.18.04.1",
"67.0.1+build1-0ubuntu0.18.04.1",
"67.0.2+build2-0ubuntu0.18.04.1",
"67.0.3+build1-0ubuntu0.18.04.1",
"67.0.4+build1-0ubuntu0.18.04.1",
"68.0+build3-0ubuntu0.18.04.1",
"68.0.1+build1-0ubuntu0.18.04.1",
"68.0.2+build1-0ubuntu0.18.04.1",
"69.0+build2-0ubuntu0.18.04.1",
"69.0.1+build1-0ubuntu0.18.04.1",
"69.0.2+build1-0ubuntu0.18.04.1",
"70.0+build2-0ubuntu0.18.04.1",
"70.0.1+build1-0ubuntu0.18.04.1",
"71.0+build5-0ubuntu0.18.04.1",
"72.0.1+build1-0ubuntu0.18.04.1",
"72.0.2+build1-0ubuntu0.18.04.1",
"73.0+build3-0ubuntu0.18.04.1",
"73.0.1+build1-0ubuntu0.18.04.1",
"74.0+build3-0ubuntu0.18.04.1",
"74.0.1+build1-0ubuntu0.18.04.1",
"75.0+build3-0ubuntu0.18.04.1",
"76.0+build2-0ubuntu0.18.04.1",
"76.0.1+build1-0ubuntu0.18.04.1",
"77.0.1+build1-0ubuntu0.18.04.1",
"78.0.1+build1-0ubuntu0.18.04.1",
"78.0.2+build2-0ubuntu0.18.04.1",
"79.0+build1-0ubuntu0.18.04.1",
"80.0+build2-0ubuntu0.18.04.1",
"80.0.1+build1-0ubuntu0.18.04.1",
"81.0+build2-0ubuntu0.18.04.1",
"81.0.2+build1-0ubuntu0.18.04.1",
"82.0+build2-0ubuntu0.18.04.1",
"82.0.2+build1-0ubuntu0.18.04.1",
"82.0.3+build1-0ubuntu0.18.04.1",
"83.0+build2-0ubuntu0.18.04.2",
"84.0+build3-0ubuntu0.18.04.1",
"84.0.1+build1-0ubuntu0.18.04.1",
"84.0.2+build1-0ubuntu0.18.04.1",
"85.0+build1-0ubuntu0.18.04.1",
"85.0.1+build1-0ubuntu0.18.04.1",
"86.0+build3-0ubuntu0.18.04.1",
"86.0.1+build1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:78.11.0+build1-0ubuntu0.18.04.2?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:78.11.0+build1-0ubuntu0.18.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:52.4.0+build1-0ubuntu2",
"1:52.6.0+build1-0ubuntu1",
"1:52.7.0+build1-0ubuntu1",
"1:52.8.0+build1-0ubuntu0.18.04.1",
"1:52.9.1+build3-0ubuntu0.18.04.1",
"1:60.2.1+build1-0ubuntu0.18.04.2",
"1:60.4.0+build2-0ubuntu0.18.04.1",
"1:60.5.1+build2-0ubuntu0.18.04.1",
"1:60.6.1+build2-0ubuntu0.18.04.1",
"1:60.7.0+build1-0ubuntu0.18.04.1",
"1:60.7.1+build1-0ubuntu0.18.04.1",
"1:60.7.2+build2-0ubuntu0.18.04.1",
"1:60.8.0+build1-0ubuntu0.18.04.1",
"1:60.9.0+build1-0ubuntu0.18.04.1",
"1:68.2.1+build1-0ubuntu0.18.04.1",
"1:68.2.2+build1-0ubuntu0.18.04.1",
"1:68.4.1+build1-0ubuntu0.18.04.1",
"1:68.7.0+build1-0ubuntu0.18.04.1",
"1:68.8.0+build2-0ubuntu0.18.04.2",
"1:68.10.0+build1-0ubuntu0.18.04.1",
"1:78.8.1+build1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.3.1-0ubuntu3",
"52.3.1-7fakesync1",
"52.8.1-0ubuntu0.18.04.1",
"52.9.1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-38-0",
"binary_version": "38.8.0~repack1-0ubuntu4"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs38",
"purl": "pkg:deb/ubuntu/mozjs38@38.8.0~repack1-0ubuntu4?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"38.8.0~repack1-0ubuntu1",
"38.8.0~repack1-0ubuntu3",
"38.8.0~repack1-0ubuntu4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "87.0+build3-0ubuntu0.20.04.2"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "87.0+build3-0ubuntu0.20.04.2"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "87.0+build3-0ubuntu0.20.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@87.0+build3-0ubuntu0.20.04.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "87.0+build3-0ubuntu0.20.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"69.0.3+build1-0ubuntu1",
"70.0+build2-0ubuntu1",
"70.0+build2-0ubuntu2",
"70.0.1+build1-0ubuntu2",
"71.0+build2-0ubuntu2",
"71.0+build5-0ubuntu1",
"72.0.1+build1-0ubuntu1",
"72.0.2+build1-0ubuntu1",
"73.0+build1-0ubuntu1",
"73.0+build2-0ubuntu1",
"73.0+build3-0ubuntu1",
"73.0.1+build1-0ubuntu1",
"74.0+build1-0ubuntu1",
"74.0+build2-0ubuntu1",
"74.0+build2-0ubuntu2",
"74.0+build3-0ubuntu1",
"75.0+build3-0ubuntu1",
"76.0+build2-0ubuntu0.20.04.1",
"76.0.1+build1-0ubuntu0.20.04.1",
"77.0.1+build1-0ubuntu0.20.04.1",
"78.0.1+build1-0ubuntu0.20.04.1",
"78.0.2+build2-0ubuntu0.20.04.1",
"79.0+build1-0ubuntu0.20.04.1",
"80.0+build2-0ubuntu0.20.04.1",
"80.0.1+build1-0ubuntu0.20.04.1",
"81.0+build2-0ubuntu0.20.04.1",
"81.0.2+build1-0ubuntu0.20.04.1",
"82.0+build2-0ubuntu0.20.04.1",
"82.0.2+build1-0ubuntu0.20.04.1",
"82.0.3+build1-0ubuntu0.20.04.1",
"83.0+build2-0ubuntu0.20.04.1",
"84.0+build3-0ubuntu0.20.04.1",
"84.0.1+build1-0ubuntu0.20.04.1",
"84.0.2+build1-0ubuntu0.20.04.1",
"85.0+build1-0ubuntu0.20.04.1",
"85.0.1+build1-0ubuntu0.20.04.1",
"86.0+build3-0ubuntu0.20.04.1",
"86.0.1+build1-0ubuntu0.20.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:78.11.0+build1-0ubuntu0.20.04.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:78.11.0+build1-0ubuntu0.20.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:68.1.2+build1-0ubuntu1",
"1:68.1.2+build1-0ubuntu2",
"1:68.2.1+build1-0ubuntu1",
"1:68.2.2+build1-0ubuntu1",
"1:68.3.0+build2-0ubuntu1",
"1:68.3.1+build1-0ubuntu2",
"1:68.4.1+build1-0ubuntu1",
"1:68.4.2+build2-0ubuntu1",
"1:68.5.0+build1-0ubuntu1",
"1:68.6.0+build2-0ubuntu1",
"1:68.7.0+build1-0ubuntu1",
"1:68.7.0+build1-0ubuntu2",
"1:68.8.0+build2-0ubuntu0.20.04.2",
"1:68.10.0+build1-0ubuntu0.20.04.1",
"1:78.7.1+build1-0ubuntu0.20.04.1",
"1:78.8.1+build1-0ubuntu0.20.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-68-0",
"binary_version": "68.6.0-1ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs68",
"purl": "pkg:deb/ubuntu/mozjs68@68.6.0-1ubuntu1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"68.5.0-1~fakesync",
"68.5.0-2~fakesync",
"68.6.0-1",
"68.6.0-1ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-1ubuntu3"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-1ubuntu3?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.9.1-1build1",
"52.9.1-1ubuntu3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-78-0",
"binary_version": "78.15.0-4ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs78",
"purl": "pkg:deb/ubuntu/mozjs78@78.15.0-4ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"78.13.0-1",
"78.15.0-2",
"78.15.0-4ubuntu1"
]
}
],
"aliases": [],
"details": "A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR \u003c 78.9, Firefox \u003c 87, and Thunderbird \u003c 78.9.",
"id": "UBUNTU-CVE-2021-23981",
"modified": "2026-04-22T07:39:56Z",
"published": "2021-03-24T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-23981"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23981"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-11/#CVE-2021-23981"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/#CVE-2021-23981"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4893-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4995-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4995-2"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23981"
}
],
"related": [
"USN-4893-1",
"USN-4995-1",
"USN-4995-2"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2021-23981"
]
}
ubuntu-cve-2021-23982
Vulnerability from osv_ubuntu
Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRTC connections. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.
| URL | Type | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "87.0+build3-0ubuntu0.16.04.2"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "87.0+build3-0ubuntu0.16.04.2"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "87.0+build3-0ubuntu0.16.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@87.0+build3-0ubuntu0.16.04.2?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "87.0+build3-0ubuntu0.16.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"41.0.2+build2-0ubuntu1",
"42.0+build2-0ubuntu1",
"44.0+build3-0ubuntu2",
"44.0.1+build1-0ubuntu1",
"44.0.2+build1-0ubuntu1",
"45.0+build2-0ubuntu1",
"45.0.1+build1-0ubuntu1",
"45.0.2+build1-0ubuntu1",
"46.0+build5-0ubuntu0.16.04.2",
"46.0.1+build1-0ubuntu0.16.04.2",
"47.0+build3-0ubuntu0.16.04.1",
"48.0+build2-0ubuntu0.16.04.1",
"49.0+build4-0ubuntu0.16.04.1",
"49.0.2+build2-0ubuntu0.16.04.2",
"50.0+build2-0ubuntu0.16.04.2",
"50.0.2+build1-0ubuntu0.16.04.1",
"50.1.0+build2-0ubuntu0.16.04.1",
"51.0.1+build2-0ubuntu0.16.04.1",
"51.0.1+build2-0ubuntu0.16.04.2",
"52.0+build2-0ubuntu0.16.04.1",
"52.0.1+build2-0ubuntu0.16.04.1",
"52.0.2+build1-0ubuntu0.16.04.1",
"53.0+build6-0ubuntu0.16.04.1",
"53.0.2+build1-0ubuntu0.16.04.2",
"53.0.3+build1-0ubuntu0.16.04.2",
"54.0+build3-0ubuntu0.16.04.1",
"55.0.1+build2-0ubuntu0.16.04.2",
"55.0.2+build1-0ubuntu0.16.04.1",
"56.0+build6-0ubuntu0.16.04.1",
"56.0+build6-0ubuntu0.16.04.2",
"57.0+build4-0ubuntu0.16.04.5",
"57.0+build4-0ubuntu0.16.04.6",
"57.0.1+build2-0ubuntu0.16.04.1",
"57.0.3+build1-0ubuntu0.16.04.1",
"57.0.4+build1-0ubuntu0.16.04.1",
"58.0+build6-0ubuntu0.16.04.1",
"58.0.1+build1-0ubuntu0.16.04.1",
"58.0.2+build1-0ubuntu0.16.04.1",
"59.0+build5-0ubuntu0.16.04.1",
"59.0.1+build1-0ubuntu0.16.04.1",
"59.0.2+build1-0ubuntu0.16.04.1",
"59.0.2+build1-0ubuntu0.16.04.3",
"60.0+build2-0ubuntu0.16.04.1",
"60.0.1+build2-0ubuntu0.16.04.1",
"60.0.2+build1-0ubuntu0.16.04.1",
"61.0+build3-0ubuntu0.16.04.2",
"61.0.1+build1-0ubuntu0.16.04.1",
"62.0+build2-0ubuntu0.16.04.3",
"62.0+build2-0ubuntu0.16.04.4",
"62.0+build2-0ubuntu0.16.04.5",
"62.0.3+build1-0ubuntu0.16.04.2",
"63.0+build2-0ubuntu0.16.04.2",
"63.0.3+build1-0ubuntu0.16.04.1",
"64.0+build3-0ubuntu0.16.04.1",
"65.0+build2-0ubuntu0.16.04.1",
"65.0.1+build2-0ubuntu0.16.04.1",
"66.0+build3-0ubuntu0.16.04.2",
"66.0.1+build1-0ubuntu0.16.04.1",
"66.0.2+build1-0ubuntu0.16.04.1",
"66.0.3+build1-0ubuntu0.16.04.1",
"66.0.4+build3-0ubuntu0.16.04.1",
"66.0.5+build1-0ubuntu0.16.04.1",
"67.0+build2-0ubuntu0.16.04.1",
"67.0.1+build1-0ubuntu0.16.04.1",
"67.0.2+build2-0ubuntu0.16.04.1",
"67.0.3+build1-0ubuntu0.16.04.1",
"67.0.4+build1-0ubuntu0.16.04.1",
"68.0+build3-0ubuntu0.16.04.1",
"68.0.1+build1-0ubuntu0.16.04.1",
"68.0.2+build1-0ubuntu0.16.04.1",
"69.0+build2-0ubuntu0.16.04.4",
"69.0.1+build1-0ubuntu0.16.04.1",
"69.0.2+build1-0ubuntu0.16.04.1",
"70.0+build2-0ubuntu0.16.04.1",
"70.0.1+build1-0ubuntu0.16.04.1",
"71.0+build5-0ubuntu0.16.04.1",
"72.0.1+build1-0ubuntu0.16.04.1",
"72.0.2+build1-0ubuntu0.16.04.1",
"73.0.1+build1-0ubuntu0.16.04.1",
"74.0+build3-0ubuntu0.16.04.1",
"74.0.1+build1-0ubuntu0.16.04.1",
"75.0+build3-0ubuntu0.16.04.1",
"76.0+build2-0ubuntu0.16.04.1",
"76.0.1+build1-0ubuntu0.16.04.1",
"77.0.1+build1-0ubuntu0.16.04.1",
"78.0.1+build1-0ubuntu0.16.04.1",
"78.0.2+build2-0ubuntu0.16.04.1",
"79.0+build1-0ubuntu0.16.04.2",
"80.0+build2-0ubuntu0.16.04.1",
"80.0.1+build1-0ubuntu0.16.04.1",
"81.0+build2-0ubuntu0.16.04.1",
"81.0.2+build1-0ubuntu0.16.04.1",
"82.0+build2-0ubuntu0.16.04.5",
"82.0.2+build1-0ubuntu0.16.04.1",
"82.0.3+build1-0ubuntu0.16.04.1",
"83.0+build2-0ubuntu0.16.04.3",
"84.0+build3-0ubuntu0.16.04.1",
"84.0.1+build1-0ubuntu0.16.04.1",
"84.0.2+build1-0ubuntu0.16.04.1",
"85.0+build1-0ubuntu0.16.04.1",
"85.0.1+build1-0ubuntu0.16.04.1",
"86.0+build3-0ubuntu0.16.04.1",
"86.0.1+build1-0ubuntu0.16.04.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "87.0+build3-0ubuntu0.18.04.2"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "87.0+build3-0ubuntu0.18.04.2"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "87.0+build3-0ubuntu0.18.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@87.0+build3-0ubuntu0.18.04.2?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "87.0+build3-0ubuntu0.18.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"56.0+build6-0ubuntu1",
"57.0.1+build2-0ubuntu1",
"59.0.1+build1-0ubuntu1",
"59.0.2+build1-0ubuntu1",
"60.0+build2-0ubuntu1",
"60.0.1+build2-0ubuntu0.18.04.1",
"60.0.2+build1-0ubuntu0.18.04.1",
"61.0+build3-0ubuntu0.18.04.1",
"61.0.1+build1-0ubuntu0.18.04.1",
"62.0+build2-0ubuntu0.18.04.3",
"62.0+build2-0ubuntu0.18.04.4",
"62.0+build2-0ubuntu0.18.04.5",
"62.0.3+build1-0ubuntu0.18.04.1",
"63.0+build2-0ubuntu0.18.04.2",
"63.0.3+build1-0ubuntu0.18.04.1",
"64.0+build3-0ubuntu0.18.04.1",
"65.0+build2-0ubuntu0.18.04.1",
"65.0.1+build2-0ubuntu0.18.04.1",
"66.0+build3-0ubuntu0.18.04.1",
"66.0.1+build1-0ubuntu0.18.04.1",
"66.0.2+build1-0ubuntu0.18.04.1",
"66.0.3+build1-0ubuntu0.18.04.1",
"66.0.4+build3-0ubuntu0.18.04.1",
"66.0.5+build1-0ubuntu0.18.04.1",
"67.0+build2-0ubuntu0.18.04.1",
"67.0.1+build1-0ubuntu0.18.04.1",
"67.0.2+build2-0ubuntu0.18.04.1",
"67.0.3+build1-0ubuntu0.18.04.1",
"67.0.4+build1-0ubuntu0.18.04.1",
"68.0+build3-0ubuntu0.18.04.1",
"68.0.1+build1-0ubuntu0.18.04.1",
"68.0.2+build1-0ubuntu0.18.04.1",
"69.0+build2-0ubuntu0.18.04.1",
"69.0.1+build1-0ubuntu0.18.04.1",
"69.0.2+build1-0ubuntu0.18.04.1",
"70.0+build2-0ubuntu0.18.04.1",
"70.0.1+build1-0ubuntu0.18.04.1",
"71.0+build5-0ubuntu0.18.04.1",
"72.0.1+build1-0ubuntu0.18.04.1",
"72.0.2+build1-0ubuntu0.18.04.1",
"73.0+build3-0ubuntu0.18.04.1",
"73.0.1+build1-0ubuntu0.18.04.1",
"74.0+build3-0ubuntu0.18.04.1",
"74.0.1+build1-0ubuntu0.18.04.1",
"75.0+build3-0ubuntu0.18.04.1",
"76.0+build2-0ubuntu0.18.04.1",
"76.0.1+build1-0ubuntu0.18.04.1",
"77.0.1+build1-0ubuntu0.18.04.1",
"78.0.1+build1-0ubuntu0.18.04.1",
"78.0.2+build2-0ubuntu0.18.04.1",
"79.0+build1-0ubuntu0.18.04.1",
"80.0+build2-0ubuntu0.18.04.1",
"80.0.1+build1-0ubuntu0.18.04.1",
"81.0+build2-0ubuntu0.18.04.1",
"81.0.2+build1-0ubuntu0.18.04.1",
"82.0+build2-0ubuntu0.18.04.1",
"82.0.2+build1-0ubuntu0.18.04.1",
"82.0.3+build1-0ubuntu0.18.04.1",
"83.0+build2-0ubuntu0.18.04.2",
"84.0+build3-0ubuntu0.18.04.1",
"84.0.1+build1-0ubuntu0.18.04.1",
"84.0.2+build1-0ubuntu0.18.04.1",
"85.0+build1-0ubuntu0.18.04.1",
"85.0.1+build1-0ubuntu0.18.04.1",
"86.0+build3-0ubuntu0.18.04.1",
"86.0.1+build1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:78.11.0+build1-0ubuntu0.18.04.2?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:78.11.0+build1-0ubuntu0.18.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:52.4.0+build1-0ubuntu2",
"1:52.6.0+build1-0ubuntu1",
"1:52.7.0+build1-0ubuntu1",
"1:52.8.0+build1-0ubuntu0.18.04.1",
"1:52.9.1+build3-0ubuntu0.18.04.1",
"1:60.2.1+build1-0ubuntu0.18.04.2",
"1:60.4.0+build2-0ubuntu0.18.04.1",
"1:60.5.1+build2-0ubuntu0.18.04.1",
"1:60.6.1+build2-0ubuntu0.18.04.1",
"1:60.7.0+build1-0ubuntu0.18.04.1",
"1:60.7.1+build1-0ubuntu0.18.04.1",
"1:60.7.2+build2-0ubuntu0.18.04.1",
"1:60.8.0+build1-0ubuntu0.18.04.1",
"1:60.9.0+build1-0ubuntu0.18.04.1",
"1:68.2.1+build1-0ubuntu0.18.04.1",
"1:68.2.2+build1-0ubuntu0.18.04.1",
"1:68.4.1+build1-0ubuntu0.18.04.1",
"1:68.7.0+build1-0ubuntu0.18.04.1",
"1:68.8.0+build2-0ubuntu0.18.04.2",
"1:68.10.0+build1-0ubuntu0.18.04.1",
"1:78.8.1+build1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.3.1-0ubuntu3",
"52.3.1-7fakesync1",
"52.8.1-0ubuntu0.18.04.1",
"52.9.1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-38-0",
"binary_version": "38.8.0~repack1-0ubuntu4"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs38",
"purl": "pkg:deb/ubuntu/mozjs38@38.8.0~repack1-0ubuntu4?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"38.8.0~repack1-0ubuntu1",
"38.8.0~repack1-0ubuntu3",
"38.8.0~repack1-0ubuntu4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "87.0+build3-0ubuntu0.20.04.2"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "87.0+build3-0ubuntu0.20.04.2"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "87.0+build3-0ubuntu0.20.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@87.0+build3-0ubuntu0.20.04.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "87.0+build3-0ubuntu0.20.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"69.0.3+build1-0ubuntu1",
"70.0+build2-0ubuntu1",
"70.0+build2-0ubuntu2",
"70.0.1+build1-0ubuntu2",
"71.0+build2-0ubuntu2",
"71.0+build5-0ubuntu1",
"72.0.1+build1-0ubuntu1",
"72.0.2+build1-0ubuntu1",
"73.0+build1-0ubuntu1",
"73.0+build2-0ubuntu1",
"73.0+build3-0ubuntu1",
"73.0.1+build1-0ubuntu1",
"74.0+build1-0ubuntu1",
"74.0+build2-0ubuntu1",
"74.0+build2-0ubuntu2",
"74.0+build3-0ubuntu1",
"75.0+build3-0ubuntu1",
"76.0+build2-0ubuntu0.20.04.1",
"76.0.1+build1-0ubuntu0.20.04.1",
"77.0.1+build1-0ubuntu0.20.04.1",
"78.0.1+build1-0ubuntu0.20.04.1",
"78.0.2+build2-0ubuntu0.20.04.1",
"79.0+build1-0ubuntu0.20.04.1",
"80.0+build2-0ubuntu0.20.04.1",
"80.0.1+build1-0ubuntu0.20.04.1",
"81.0+build2-0ubuntu0.20.04.1",
"81.0.2+build1-0ubuntu0.20.04.1",
"82.0+build2-0ubuntu0.20.04.1",
"82.0.2+build1-0ubuntu0.20.04.1",
"82.0.3+build1-0ubuntu0.20.04.1",
"83.0+build2-0ubuntu0.20.04.1",
"84.0+build3-0ubuntu0.20.04.1",
"84.0.1+build1-0ubuntu0.20.04.1",
"84.0.2+build1-0ubuntu0.20.04.1",
"85.0+build1-0ubuntu0.20.04.1",
"85.0.1+build1-0ubuntu0.20.04.1",
"86.0+build3-0ubuntu0.20.04.1",
"86.0.1+build1-0ubuntu0.20.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:78.11.0+build1-0ubuntu0.20.04.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:78.11.0+build1-0ubuntu0.20.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:68.1.2+build1-0ubuntu1",
"1:68.1.2+build1-0ubuntu2",
"1:68.2.1+build1-0ubuntu1",
"1:68.2.2+build1-0ubuntu1",
"1:68.3.0+build2-0ubuntu1",
"1:68.3.1+build1-0ubuntu2",
"1:68.4.1+build1-0ubuntu1",
"1:68.4.2+build2-0ubuntu1",
"1:68.5.0+build1-0ubuntu1",
"1:68.6.0+build2-0ubuntu1",
"1:68.7.0+build1-0ubuntu1",
"1:68.7.0+build1-0ubuntu2",
"1:68.8.0+build2-0ubuntu0.20.04.2",
"1:68.10.0+build1-0ubuntu0.20.04.1",
"1:78.7.1+build1-0ubuntu0.20.04.1",
"1:78.8.1+build1-0ubuntu0.20.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-68-0",
"binary_version": "68.6.0-1ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs68",
"purl": "pkg:deb/ubuntu/mozjs68@68.6.0-1ubuntu1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"68.5.0-1~fakesync",
"68.5.0-2~fakesync",
"68.6.0-1",
"68.6.0-1ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-1ubuntu3"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-1ubuntu3?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.9.1-1build1",
"52.9.1-1ubuntu3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-78-0",
"binary_version": "78.15.0-4ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs78",
"purl": "pkg:deb/ubuntu/mozjs78@78.15.0-4ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"78.13.0-1",
"78.15.0-2",
"78.15.0-4ubuntu1"
]
}
],
"aliases": [],
"details": "Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network\u0027s hosts as well as services running on the user\u0027s local machine utilizing WebRTC connections. This vulnerability affects Firefox ESR \u003c 78.9, Firefox \u003c 87, and Thunderbird \u003c 78.9.",
"id": "UBUNTU-CVE-2021-23982",
"modified": "2026-04-22T07:39:56Z",
"published": "2021-03-24T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-23982"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23982"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-11/#CVE-2021-23982"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/#CVE-2021-23982"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4893-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4995-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4995-2"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23982"
}
],
"related": [
"USN-4893-1",
"USN-4995-1",
"USN-4995-2"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2021-23982"
]
}
ubuntu-cve-2021-23984
Vulnerability from osv_ubuntu
A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.
| URL | Type | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "87.0+build3-0ubuntu0.16.04.2"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "87.0+build3-0ubuntu0.16.04.2"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "87.0+build3-0ubuntu0.16.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@87.0+build3-0ubuntu0.16.04.2?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "87.0+build3-0ubuntu0.16.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"41.0.2+build2-0ubuntu1",
"42.0+build2-0ubuntu1",
"44.0+build3-0ubuntu2",
"44.0.1+build1-0ubuntu1",
"44.0.2+build1-0ubuntu1",
"45.0+build2-0ubuntu1",
"45.0.1+build1-0ubuntu1",
"45.0.2+build1-0ubuntu1",
"46.0+build5-0ubuntu0.16.04.2",
"46.0.1+build1-0ubuntu0.16.04.2",
"47.0+build3-0ubuntu0.16.04.1",
"48.0+build2-0ubuntu0.16.04.1",
"49.0+build4-0ubuntu0.16.04.1",
"49.0.2+build2-0ubuntu0.16.04.2",
"50.0+build2-0ubuntu0.16.04.2",
"50.0.2+build1-0ubuntu0.16.04.1",
"50.1.0+build2-0ubuntu0.16.04.1",
"51.0.1+build2-0ubuntu0.16.04.1",
"51.0.1+build2-0ubuntu0.16.04.2",
"52.0+build2-0ubuntu0.16.04.1",
"52.0.1+build2-0ubuntu0.16.04.1",
"52.0.2+build1-0ubuntu0.16.04.1",
"53.0+build6-0ubuntu0.16.04.1",
"53.0.2+build1-0ubuntu0.16.04.2",
"53.0.3+build1-0ubuntu0.16.04.2",
"54.0+build3-0ubuntu0.16.04.1",
"55.0.1+build2-0ubuntu0.16.04.2",
"55.0.2+build1-0ubuntu0.16.04.1",
"56.0+build6-0ubuntu0.16.04.1",
"56.0+build6-0ubuntu0.16.04.2",
"57.0+build4-0ubuntu0.16.04.5",
"57.0+build4-0ubuntu0.16.04.6",
"57.0.1+build2-0ubuntu0.16.04.1",
"57.0.3+build1-0ubuntu0.16.04.1",
"57.0.4+build1-0ubuntu0.16.04.1",
"58.0+build6-0ubuntu0.16.04.1",
"58.0.1+build1-0ubuntu0.16.04.1",
"58.0.2+build1-0ubuntu0.16.04.1",
"59.0+build5-0ubuntu0.16.04.1",
"59.0.1+build1-0ubuntu0.16.04.1",
"59.0.2+build1-0ubuntu0.16.04.1",
"59.0.2+build1-0ubuntu0.16.04.3",
"60.0+build2-0ubuntu0.16.04.1",
"60.0.1+build2-0ubuntu0.16.04.1",
"60.0.2+build1-0ubuntu0.16.04.1",
"61.0+build3-0ubuntu0.16.04.2",
"61.0.1+build1-0ubuntu0.16.04.1",
"62.0+build2-0ubuntu0.16.04.3",
"62.0+build2-0ubuntu0.16.04.4",
"62.0+build2-0ubuntu0.16.04.5",
"62.0.3+build1-0ubuntu0.16.04.2",
"63.0+build2-0ubuntu0.16.04.2",
"63.0.3+build1-0ubuntu0.16.04.1",
"64.0+build3-0ubuntu0.16.04.1",
"65.0+build2-0ubuntu0.16.04.1",
"65.0.1+build2-0ubuntu0.16.04.1",
"66.0+build3-0ubuntu0.16.04.2",
"66.0.1+build1-0ubuntu0.16.04.1",
"66.0.2+build1-0ubuntu0.16.04.1",
"66.0.3+build1-0ubuntu0.16.04.1",
"66.0.4+build3-0ubuntu0.16.04.1",
"66.0.5+build1-0ubuntu0.16.04.1",
"67.0+build2-0ubuntu0.16.04.1",
"67.0.1+build1-0ubuntu0.16.04.1",
"67.0.2+build2-0ubuntu0.16.04.1",
"67.0.3+build1-0ubuntu0.16.04.1",
"67.0.4+build1-0ubuntu0.16.04.1",
"68.0+build3-0ubuntu0.16.04.1",
"68.0.1+build1-0ubuntu0.16.04.1",
"68.0.2+build1-0ubuntu0.16.04.1",
"69.0+build2-0ubuntu0.16.04.4",
"69.0.1+build1-0ubuntu0.16.04.1",
"69.0.2+build1-0ubuntu0.16.04.1",
"70.0+build2-0ubuntu0.16.04.1",
"70.0.1+build1-0ubuntu0.16.04.1",
"71.0+build5-0ubuntu0.16.04.1",
"72.0.1+build1-0ubuntu0.16.04.1",
"72.0.2+build1-0ubuntu0.16.04.1",
"73.0.1+build1-0ubuntu0.16.04.1",
"74.0+build3-0ubuntu0.16.04.1",
"74.0.1+build1-0ubuntu0.16.04.1",
"75.0+build3-0ubuntu0.16.04.1",
"76.0+build2-0ubuntu0.16.04.1",
"76.0.1+build1-0ubuntu0.16.04.1",
"77.0.1+build1-0ubuntu0.16.04.1",
"78.0.1+build1-0ubuntu0.16.04.1",
"78.0.2+build2-0ubuntu0.16.04.1",
"79.0+build1-0ubuntu0.16.04.2",
"80.0+build2-0ubuntu0.16.04.1",
"80.0.1+build1-0ubuntu0.16.04.1",
"81.0+build2-0ubuntu0.16.04.1",
"81.0.2+build1-0ubuntu0.16.04.1",
"82.0+build2-0ubuntu0.16.04.5",
"82.0.2+build1-0ubuntu0.16.04.1",
"82.0.3+build1-0ubuntu0.16.04.1",
"83.0+build2-0ubuntu0.16.04.3",
"84.0+build3-0ubuntu0.16.04.1",
"84.0.1+build1-0ubuntu0.16.04.1",
"84.0.2+build1-0ubuntu0.16.04.1",
"85.0+build1-0ubuntu0.16.04.1",
"85.0.1+build1-0ubuntu0.16.04.1",
"86.0+build3-0ubuntu0.16.04.1",
"86.0.1+build1-0ubuntu0.16.04.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "87.0+build3-0ubuntu0.18.04.2"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "87.0+build3-0ubuntu0.18.04.2"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "87.0+build3-0ubuntu0.18.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@87.0+build3-0ubuntu0.18.04.2?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "87.0+build3-0ubuntu0.18.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"56.0+build6-0ubuntu1",
"57.0.1+build2-0ubuntu1",
"59.0.1+build1-0ubuntu1",
"59.0.2+build1-0ubuntu1",
"60.0+build2-0ubuntu1",
"60.0.1+build2-0ubuntu0.18.04.1",
"60.0.2+build1-0ubuntu0.18.04.1",
"61.0+build3-0ubuntu0.18.04.1",
"61.0.1+build1-0ubuntu0.18.04.1",
"62.0+build2-0ubuntu0.18.04.3",
"62.0+build2-0ubuntu0.18.04.4",
"62.0+build2-0ubuntu0.18.04.5",
"62.0.3+build1-0ubuntu0.18.04.1",
"63.0+build2-0ubuntu0.18.04.2",
"63.0.3+build1-0ubuntu0.18.04.1",
"64.0+build3-0ubuntu0.18.04.1",
"65.0+build2-0ubuntu0.18.04.1",
"65.0.1+build2-0ubuntu0.18.04.1",
"66.0+build3-0ubuntu0.18.04.1",
"66.0.1+build1-0ubuntu0.18.04.1",
"66.0.2+build1-0ubuntu0.18.04.1",
"66.0.3+build1-0ubuntu0.18.04.1",
"66.0.4+build3-0ubuntu0.18.04.1",
"66.0.5+build1-0ubuntu0.18.04.1",
"67.0+build2-0ubuntu0.18.04.1",
"67.0.1+build1-0ubuntu0.18.04.1",
"67.0.2+build2-0ubuntu0.18.04.1",
"67.0.3+build1-0ubuntu0.18.04.1",
"67.0.4+build1-0ubuntu0.18.04.1",
"68.0+build3-0ubuntu0.18.04.1",
"68.0.1+build1-0ubuntu0.18.04.1",
"68.0.2+build1-0ubuntu0.18.04.1",
"69.0+build2-0ubuntu0.18.04.1",
"69.0.1+build1-0ubuntu0.18.04.1",
"69.0.2+build1-0ubuntu0.18.04.1",
"70.0+build2-0ubuntu0.18.04.1",
"70.0.1+build1-0ubuntu0.18.04.1",
"71.0+build5-0ubuntu0.18.04.1",
"72.0.1+build1-0ubuntu0.18.04.1",
"72.0.2+build1-0ubuntu0.18.04.1",
"73.0+build3-0ubuntu0.18.04.1",
"73.0.1+build1-0ubuntu0.18.04.1",
"74.0+build3-0ubuntu0.18.04.1",
"74.0.1+build1-0ubuntu0.18.04.1",
"75.0+build3-0ubuntu0.18.04.1",
"76.0+build2-0ubuntu0.18.04.1",
"76.0.1+build1-0ubuntu0.18.04.1",
"77.0.1+build1-0ubuntu0.18.04.1",
"78.0.1+build1-0ubuntu0.18.04.1",
"78.0.2+build2-0ubuntu0.18.04.1",
"79.0+build1-0ubuntu0.18.04.1",
"80.0+build2-0ubuntu0.18.04.1",
"80.0.1+build1-0ubuntu0.18.04.1",
"81.0+build2-0ubuntu0.18.04.1",
"81.0.2+build1-0ubuntu0.18.04.1",
"82.0+build2-0ubuntu0.18.04.1",
"82.0.2+build1-0ubuntu0.18.04.1",
"82.0.3+build1-0ubuntu0.18.04.1",
"83.0+build2-0ubuntu0.18.04.2",
"84.0+build3-0ubuntu0.18.04.1",
"84.0.1+build1-0ubuntu0.18.04.1",
"84.0.2+build1-0ubuntu0.18.04.1",
"85.0+build1-0ubuntu0.18.04.1",
"85.0.1+build1-0ubuntu0.18.04.1",
"86.0+build3-0ubuntu0.18.04.1",
"86.0.1+build1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:78.11.0+build1-0ubuntu0.18.04.2?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:78.11.0+build1-0ubuntu0.18.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:52.4.0+build1-0ubuntu2",
"1:52.6.0+build1-0ubuntu1",
"1:52.7.0+build1-0ubuntu1",
"1:52.8.0+build1-0ubuntu0.18.04.1",
"1:52.9.1+build3-0ubuntu0.18.04.1",
"1:60.2.1+build1-0ubuntu0.18.04.2",
"1:60.4.0+build2-0ubuntu0.18.04.1",
"1:60.5.1+build2-0ubuntu0.18.04.1",
"1:60.6.1+build2-0ubuntu0.18.04.1",
"1:60.7.0+build1-0ubuntu0.18.04.1",
"1:60.7.1+build1-0ubuntu0.18.04.1",
"1:60.7.2+build2-0ubuntu0.18.04.1",
"1:60.8.0+build1-0ubuntu0.18.04.1",
"1:60.9.0+build1-0ubuntu0.18.04.1",
"1:68.2.1+build1-0ubuntu0.18.04.1",
"1:68.2.2+build1-0ubuntu0.18.04.1",
"1:68.4.1+build1-0ubuntu0.18.04.1",
"1:68.7.0+build1-0ubuntu0.18.04.1",
"1:68.8.0+build2-0ubuntu0.18.04.2",
"1:68.10.0+build1-0ubuntu0.18.04.1",
"1:78.8.1+build1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.3.1-0ubuntu3",
"52.3.1-7fakesync1",
"52.8.1-0ubuntu0.18.04.1",
"52.9.1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-38-0",
"binary_version": "38.8.0~repack1-0ubuntu4"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs38",
"purl": "pkg:deb/ubuntu/mozjs38@38.8.0~repack1-0ubuntu4?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"38.8.0~repack1-0ubuntu1",
"38.8.0~repack1-0ubuntu3",
"38.8.0~repack1-0ubuntu4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "87.0+build3-0ubuntu0.20.04.2"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "87.0+build3-0ubuntu0.20.04.2"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "87.0+build3-0ubuntu0.20.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@87.0+build3-0ubuntu0.20.04.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "87.0+build3-0ubuntu0.20.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"69.0.3+build1-0ubuntu1",
"70.0+build2-0ubuntu1",
"70.0+build2-0ubuntu2",
"70.0.1+build1-0ubuntu2",
"71.0+build2-0ubuntu2",
"71.0+build5-0ubuntu1",
"72.0.1+build1-0ubuntu1",
"72.0.2+build1-0ubuntu1",
"73.0+build1-0ubuntu1",
"73.0+build2-0ubuntu1",
"73.0+build3-0ubuntu1",
"73.0.1+build1-0ubuntu1",
"74.0+build1-0ubuntu1",
"74.0+build2-0ubuntu1",
"74.0+build2-0ubuntu2",
"74.0+build3-0ubuntu1",
"75.0+build3-0ubuntu1",
"76.0+build2-0ubuntu0.20.04.1",
"76.0.1+build1-0ubuntu0.20.04.1",
"77.0.1+build1-0ubuntu0.20.04.1",
"78.0.1+build1-0ubuntu0.20.04.1",
"78.0.2+build2-0ubuntu0.20.04.1",
"79.0+build1-0ubuntu0.20.04.1",
"80.0+build2-0ubuntu0.20.04.1",
"80.0.1+build1-0ubuntu0.20.04.1",
"81.0+build2-0ubuntu0.20.04.1",
"81.0.2+build1-0ubuntu0.20.04.1",
"82.0+build2-0ubuntu0.20.04.1",
"82.0.2+build1-0ubuntu0.20.04.1",
"82.0.3+build1-0ubuntu0.20.04.1",
"83.0+build2-0ubuntu0.20.04.1",
"84.0+build3-0ubuntu0.20.04.1",
"84.0.1+build1-0ubuntu0.20.04.1",
"84.0.2+build1-0ubuntu0.20.04.1",
"85.0+build1-0ubuntu0.20.04.1",
"85.0.1+build1-0ubuntu0.20.04.1",
"86.0+build3-0ubuntu0.20.04.1",
"86.0.1+build1-0ubuntu0.20.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:78.11.0+build1-0ubuntu0.20.04.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:78.11.0+build1-0ubuntu0.20.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:68.1.2+build1-0ubuntu1",
"1:68.1.2+build1-0ubuntu2",
"1:68.2.1+build1-0ubuntu1",
"1:68.2.2+build1-0ubuntu1",
"1:68.3.0+build2-0ubuntu1",
"1:68.3.1+build1-0ubuntu2",
"1:68.4.1+build1-0ubuntu1",
"1:68.4.2+build2-0ubuntu1",
"1:68.5.0+build1-0ubuntu1",
"1:68.6.0+build2-0ubuntu1",
"1:68.7.0+build1-0ubuntu1",
"1:68.7.0+build1-0ubuntu2",
"1:68.8.0+build2-0ubuntu0.20.04.2",
"1:68.10.0+build1-0ubuntu0.20.04.1",
"1:78.7.1+build1-0ubuntu0.20.04.1",
"1:78.8.1+build1-0ubuntu0.20.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-68-0",
"binary_version": "68.6.0-1ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs68",
"purl": "pkg:deb/ubuntu/mozjs68@68.6.0-1ubuntu1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"68.5.0-1~fakesync",
"68.5.0-2~fakesync",
"68.6.0-1",
"68.6.0-1ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-1ubuntu3"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-1ubuntu3?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.9.1-1build1",
"52.9.1-1ubuntu3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-78-0",
"binary_version": "78.15.0-4ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs78",
"purl": "pkg:deb/ubuntu/mozjs78@78.15.0-4ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"78.13.0-1",
"78.15.0-2",
"78.15.0-4ubuntu1"
]
}
],
"aliases": [],
"details": "A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials. This vulnerability affects Firefox ESR \u003c 78.9, Firefox \u003c 87, and Thunderbird \u003c 78.9.",
"id": "UBUNTU-CVE-2021-23984",
"modified": "2026-04-22T07:39:56Z",
"published": "2021-03-25T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-23984"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23984"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-11/#CVE-2021-23984"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/#CVE-2021-23984"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4893-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4995-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4995-2"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23984"
}
],
"related": [
"USN-4893-1",
"USN-4995-1",
"USN-4995-2"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2021-23984"
]
}
ubuntu-cve-2021-23987
Vulnerability from osv_ubuntu
Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.
| URL | Type | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "87.0+build3-0ubuntu0.16.04.2"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "87.0+build3-0ubuntu0.16.04.2"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "87.0+build3-0ubuntu0.16.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@87.0+build3-0ubuntu0.16.04.2?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "87.0+build3-0ubuntu0.16.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"41.0.2+build2-0ubuntu1",
"42.0+build2-0ubuntu1",
"44.0+build3-0ubuntu2",
"44.0.1+build1-0ubuntu1",
"44.0.2+build1-0ubuntu1",
"45.0+build2-0ubuntu1",
"45.0.1+build1-0ubuntu1",
"45.0.2+build1-0ubuntu1",
"46.0+build5-0ubuntu0.16.04.2",
"46.0.1+build1-0ubuntu0.16.04.2",
"47.0+build3-0ubuntu0.16.04.1",
"48.0+build2-0ubuntu0.16.04.1",
"49.0+build4-0ubuntu0.16.04.1",
"49.0.2+build2-0ubuntu0.16.04.2",
"50.0+build2-0ubuntu0.16.04.2",
"50.0.2+build1-0ubuntu0.16.04.1",
"50.1.0+build2-0ubuntu0.16.04.1",
"51.0.1+build2-0ubuntu0.16.04.1",
"51.0.1+build2-0ubuntu0.16.04.2",
"52.0+build2-0ubuntu0.16.04.1",
"52.0.1+build2-0ubuntu0.16.04.1",
"52.0.2+build1-0ubuntu0.16.04.1",
"53.0+build6-0ubuntu0.16.04.1",
"53.0.2+build1-0ubuntu0.16.04.2",
"53.0.3+build1-0ubuntu0.16.04.2",
"54.0+build3-0ubuntu0.16.04.1",
"55.0.1+build2-0ubuntu0.16.04.2",
"55.0.2+build1-0ubuntu0.16.04.1",
"56.0+build6-0ubuntu0.16.04.1",
"56.0+build6-0ubuntu0.16.04.2",
"57.0+build4-0ubuntu0.16.04.5",
"57.0+build4-0ubuntu0.16.04.6",
"57.0.1+build2-0ubuntu0.16.04.1",
"57.0.3+build1-0ubuntu0.16.04.1",
"57.0.4+build1-0ubuntu0.16.04.1",
"58.0+build6-0ubuntu0.16.04.1",
"58.0.1+build1-0ubuntu0.16.04.1",
"58.0.2+build1-0ubuntu0.16.04.1",
"59.0+build5-0ubuntu0.16.04.1",
"59.0.1+build1-0ubuntu0.16.04.1",
"59.0.2+build1-0ubuntu0.16.04.1",
"59.0.2+build1-0ubuntu0.16.04.3",
"60.0+build2-0ubuntu0.16.04.1",
"60.0.1+build2-0ubuntu0.16.04.1",
"60.0.2+build1-0ubuntu0.16.04.1",
"61.0+build3-0ubuntu0.16.04.2",
"61.0.1+build1-0ubuntu0.16.04.1",
"62.0+build2-0ubuntu0.16.04.3",
"62.0+build2-0ubuntu0.16.04.4",
"62.0+build2-0ubuntu0.16.04.5",
"62.0.3+build1-0ubuntu0.16.04.2",
"63.0+build2-0ubuntu0.16.04.2",
"63.0.3+build1-0ubuntu0.16.04.1",
"64.0+build3-0ubuntu0.16.04.1",
"65.0+build2-0ubuntu0.16.04.1",
"65.0.1+build2-0ubuntu0.16.04.1",
"66.0+build3-0ubuntu0.16.04.2",
"66.0.1+build1-0ubuntu0.16.04.1",
"66.0.2+build1-0ubuntu0.16.04.1",
"66.0.3+build1-0ubuntu0.16.04.1",
"66.0.4+build3-0ubuntu0.16.04.1",
"66.0.5+build1-0ubuntu0.16.04.1",
"67.0+build2-0ubuntu0.16.04.1",
"67.0.1+build1-0ubuntu0.16.04.1",
"67.0.2+build2-0ubuntu0.16.04.1",
"67.0.3+build1-0ubuntu0.16.04.1",
"67.0.4+build1-0ubuntu0.16.04.1",
"68.0+build3-0ubuntu0.16.04.1",
"68.0.1+build1-0ubuntu0.16.04.1",
"68.0.2+build1-0ubuntu0.16.04.1",
"69.0+build2-0ubuntu0.16.04.4",
"69.0.1+build1-0ubuntu0.16.04.1",
"69.0.2+build1-0ubuntu0.16.04.1",
"70.0+build2-0ubuntu0.16.04.1",
"70.0.1+build1-0ubuntu0.16.04.1",
"71.0+build5-0ubuntu0.16.04.1",
"72.0.1+build1-0ubuntu0.16.04.1",
"72.0.2+build1-0ubuntu0.16.04.1",
"73.0.1+build1-0ubuntu0.16.04.1",
"74.0+build3-0ubuntu0.16.04.1",
"74.0.1+build1-0ubuntu0.16.04.1",
"75.0+build3-0ubuntu0.16.04.1",
"76.0+build2-0ubuntu0.16.04.1",
"76.0.1+build1-0ubuntu0.16.04.1",
"77.0.1+build1-0ubuntu0.16.04.1",
"78.0.1+build1-0ubuntu0.16.04.1",
"78.0.2+build2-0ubuntu0.16.04.1",
"79.0+build1-0ubuntu0.16.04.2",
"80.0+build2-0ubuntu0.16.04.1",
"80.0.1+build1-0ubuntu0.16.04.1",
"81.0+build2-0ubuntu0.16.04.1",
"81.0.2+build1-0ubuntu0.16.04.1",
"82.0+build2-0ubuntu0.16.04.5",
"82.0.2+build1-0ubuntu0.16.04.1",
"82.0.3+build1-0ubuntu0.16.04.1",
"83.0+build2-0ubuntu0.16.04.3",
"84.0+build3-0ubuntu0.16.04.1",
"84.0.1+build1-0ubuntu0.16.04.1",
"84.0.2+build1-0ubuntu0.16.04.1",
"85.0+build1-0ubuntu0.16.04.1",
"85.0.1+build1-0ubuntu0.16.04.1",
"86.0+build3-0ubuntu0.16.04.1",
"86.0.1+build1-0ubuntu0.16.04.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "87.0+build3-0ubuntu0.18.04.2"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "87.0+build3-0ubuntu0.18.04.2"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "87.0+build3-0ubuntu0.18.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@87.0+build3-0ubuntu0.18.04.2?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "87.0+build3-0ubuntu0.18.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"56.0+build6-0ubuntu1",
"57.0.1+build2-0ubuntu1",
"59.0.1+build1-0ubuntu1",
"59.0.2+build1-0ubuntu1",
"60.0+build2-0ubuntu1",
"60.0.1+build2-0ubuntu0.18.04.1",
"60.0.2+build1-0ubuntu0.18.04.1",
"61.0+build3-0ubuntu0.18.04.1",
"61.0.1+build1-0ubuntu0.18.04.1",
"62.0+build2-0ubuntu0.18.04.3",
"62.0+build2-0ubuntu0.18.04.4",
"62.0+build2-0ubuntu0.18.04.5",
"62.0.3+build1-0ubuntu0.18.04.1",
"63.0+build2-0ubuntu0.18.04.2",
"63.0.3+build1-0ubuntu0.18.04.1",
"64.0+build3-0ubuntu0.18.04.1",
"65.0+build2-0ubuntu0.18.04.1",
"65.0.1+build2-0ubuntu0.18.04.1",
"66.0+build3-0ubuntu0.18.04.1",
"66.0.1+build1-0ubuntu0.18.04.1",
"66.0.2+build1-0ubuntu0.18.04.1",
"66.0.3+build1-0ubuntu0.18.04.1",
"66.0.4+build3-0ubuntu0.18.04.1",
"66.0.5+build1-0ubuntu0.18.04.1",
"67.0+build2-0ubuntu0.18.04.1",
"67.0.1+build1-0ubuntu0.18.04.1",
"67.0.2+build2-0ubuntu0.18.04.1",
"67.0.3+build1-0ubuntu0.18.04.1",
"67.0.4+build1-0ubuntu0.18.04.1",
"68.0+build3-0ubuntu0.18.04.1",
"68.0.1+build1-0ubuntu0.18.04.1",
"68.0.2+build1-0ubuntu0.18.04.1",
"69.0+build2-0ubuntu0.18.04.1",
"69.0.1+build1-0ubuntu0.18.04.1",
"69.0.2+build1-0ubuntu0.18.04.1",
"70.0+build2-0ubuntu0.18.04.1",
"70.0.1+build1-0ubuntu0.18.04.1",
"71.0+build5-0ubuntu0.18.04.1",
"72.0.1+build1-0ubuntu0.18.04.1",
"72.0.2+build1-0ubuntu0.18.04.1",
"73.0+build3-0ubuntu0.18.04.1",
"73.0.1+build1-0ubuntu0.18.04.1",
"74.0+build3-0ubuntu0.18.04.1",
"74.0.1+build1-0ubuntu0.18.04.1",
"75.0+build3-0ubuntu0.18.04.1",
"76.0+build2-0ubuntu0.18.04.1",
"76.0.1+build1-0ubuntu0.18.04.1",
"77.0.1+build1-0ubuntu0.18.04.1",
"78.0.1+build1-0ubuntu0.18.04.1",
"78.0.2+build2-0ubuntu0.18.04.1",
"79.0+build1-0ubuntu0.18.04.1",
"80.0+build2-0ubuntu0.18.04.1",
"80.0.1+build1-0ubuntu0.18.04.1",
"81.0+build2-0ubuntu0.18.04.1",
"81.0.2+build1-0ubuntu0.18.04.1",
"82.0+build2-0ubuntu0.18.04.1",
"82.0.2+build1-0ubuntu0.18.04.1",
"82.0.3+build1-0ubuntu0.18.04.1",
"83.0+build2-0ubuntu0.18.04.2",
"84.0+build3-0ubuntu0.18.04.1",
"84.0.1+build1-0ubuntu0.18.04.1",
"84.0.2+build1-0ubuntu0.18.04.1",
"85.0+build1-0ubuntu0.18.04.1",
"85.0.1+build1-0ubuntu0.18.04.1",
"86.0+build3-0ubuntu0.18.04.1",
"86.0.1+build1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:78.11.0+build1-0ubuntu0.18.04.2?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:78.11.0+build1-0ubuntu0.18.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:52.4.0+build1-0ubuntu2",
"1:52.6.0+build1-0ubuntu1",
"1:52.7.0+build1-0ubuntu1",
"1:52.8.0+build1-0ubuntu0.18.04.1",
"1:52.9.1+build3-0ubuntu0.18.04.1",
"1:60.2.1+build1-0ubuntu0.18.04.2",
"1:60.4.0+build2-0ubuntu0.18.04.1",
"1:60.5.1+build2-0ubuntu0.18.04.1",
"1:60.6.1+build2-0ubuntu0.18.04.1",
"1:60.7.0+build1-0ubuntu0.18.04.1",
"1:60.7.1+build1-0ubuntu0.18.04.1",
"1:60.7.2+build2-0ubuntu0.18.04.1",
"1:60.8.0+build1-0ubuntu0.18.04.1",
"1:60.9.0+build1-0ubuntu0.18.04.1",
"1:68.2.1+build1-0ubuntu0.18.04.1",
"1:68.2.2+build1-0ubuntu0.18.04.1",
"1:68.4.1+build1-0ubuntu0.18.04.1",
"1:68.7.0+build1-0ubuntu0.18.04.1",
"1:68.8.0+build2-0ubuntu0.18.04.2",
"1:68.10.0+build1-0ubuntu0.18.04.1",
"1:78.8.1+build1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.3.1-0ubuntu3",
"52.3.1-7fakesync1",
"52.8.1-0ubuntu0.18.04.1",
"52.9.1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-38-0",
"binary_version": "38.8.0~repack1-0ubuntu4"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs38",
"purl": "pkg:deb/ubuntu/mozjs38@38.8.0~repack1-0ubuntu4?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"38.8.0~repack1-0ubuntu1",
"38.8.0~repack1-0ubuntu3",
"38.8.0~repack1-0ubuntu4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "87.0+build3-0ubuntu0.20.04.2"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "87.0+build3-0ubuntu0.20.04.2"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "87.0+build3-0ubuntu0.20.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@87.0+build3-0ubuntu0.20.04.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "87.0+build3-0ubuntu0.20.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"69.0.3+build1-0ubuntu1",
"70.0+build2-0ubuntu1",
"70.0+build2-0ubuntu2",
"70.0.1+build1-0ubuntu2",
"71.0+build2-0ubuntu2",
"71.0+build5-0ubuntu1",
"72.0.1+build1-0ubuntu1",
"72.0.2+build1-0ubuntu1",
"73.0+build1-0ubuntu1",
"73.0+build2-0ubuntu1",
"73.0+build3-0ubuntu1",
"73.0.1+build1-0ubuntu1",
"74.0+build1-0ubuntu1",
"74.0+build2-0ubuntu1",
"74.0+build2-0ubuntu2",
"74.0+build3-0ubuntu1",
"75.0+build3-0ubuntu1",
"76.0+build2-0ubuntu0.20.04.1",
"76.0.1+build1-0ubuntu0.20.04.1",
"77.0.1+build1-0ubuntu0.20.04.1",
"78.0.1+build1-0ubuntu0.20.04.1",
"78.0.2+build2-0ubuntu0.20.04.1",
"79.0+build1-0ubuntu0.20.04.1",
"80.0+build2-0ubuntu0.20.04.1",
"80.0.1+build1-0ubuntu0.20.04.1",
"81.0+build2-0ubuntu0.20.04.1",
"81.0.2+build1-0ubuntu0.20.04.1",
"82.0+build2-0ubuntu0.20.04.1",
"82.0.2+build1-0ubuntu0.20.04.1",
"82.0.3+build1-0ubuntu0.20.04.1",
"83.0+build2-0ubuntu0.20.04.1",
"84.0+build3-0ubuntu0.20.04.1",
"84.0.1+build1-0ubuntu0.20.04.1",
"84.0.2+build1-0ubuntu0.20.04.1",
"85.0+build1-0ubuntu0.20.04.1",
"85.0.1+build1-0ubuntu0.20.04.1",
"86.0+build3-0ubuntu0.20.04.1",
"86.0.1+build1-0ubuntu0.20.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:78.11.0+build1-0ubuntu0.20.04.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:78.11.0+build1-0ubuntu0.20.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:68.1.2+build1-0ubuntu1",
"1:68.1.2+build1-0ubuntu2",
"1:68.2.1+build1-0ubuntu1",
"1:68.2.2+build1-0ubuntu1",
"1:68.3.0+build2-0ubuntu1",
"1:68.3.1+build1-0ubuntu2",
"1:68.4.1+build1-0ubuntu1",
"1:68.4.2+build2-0ubuntu1",
"1:68.5.0+build1-0ubuntu1",
"1:68.6.0+build2-0ubuntu1",
"1:68.7.0+build1-0ubuntu1",
"1:68.7.0+build1-0ubuntu2",
"1:68.8.0+build2-0ubuntu0.20.04.2",
"1:68.10.0+build1-0ubuntu0.20.04.1",
"1:78.7.1+build1-0ubuntu0.20.04.1",
"1:78.8.1+build1-0ubuntu0.20.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-68-0",
"binary_version": "68.6.0-1ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs68",
"purl": "pkg:deb/ubuntu/mozjs68@68.6.0-1ubuntu1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"68.5.0-1~fakesync",
"68.5.0-2~fakesync",
"68.6.0-1",
"68.6.0-1ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-1ubuntu3"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-1ubuntu3?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.9.1-1build1",
"52.9.1-1ubuntu3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-78-0",
"binary_version": "78.15.0-4ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs78",
"purl": "pkg:deb/ubuntu/mozjs78@78.15.0-4ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"78.13.0-1",
"78.15.0-2",
"78.15.0-4ubuntu1"
]
}
],
"aliases": [],
"details": "Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 78.9, Firefox \u003c 87, and Thunderbird \u003c 78.9.",
"id": "UBUNTU-CVE-2021-23987",
"modified": "2026-04-22T07:39:56Z",
"published": "2021-03-25T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-23987"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23987"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-11/#CVE-2021-23987"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/#CVE-2021-23987"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4893-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4995-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4995-2"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23987"
}
],
"related": [
"USN-4893-1",
"USN-4995-1",
"USN-4995-2"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2021-23987"
]
}
ubuntu-cve-2021-23991
Vulnerability from osv_ubuntu
If a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has extended the validity period of her key, but Alice's updated key has not yet been imported, an attacker may send an email containing a crafted version of Alice's key with an invalid subkey, Thunderbird might subsequently attempt to use the invalid subkey, and will fail to send encrypted email to Alice. This vulnerability affects Thunderbird < 78.9.1.
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:78.11.0+build1-0ubuntu0.18.04.2?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:78.11.0+build1-0ubuntu0.18.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:52.4.0+build1-0ubuntu2",
"1:52.6.0+build1-0ubuntu1",
"1:52.7.0+build1-0ubuntu1",
"1:52.8.0+build1-0ubuntu0.18.04.1",
"1:52.9.1+build3-0ubuntu0.18.04.1",
"1:60.2.1+build1-0ubuntu0.18.04.2",
"1:60.4.0+build2-0ubuntu0.18.04.1",
"1:60.5.1+build2-0ubuntu0.18.04.1",
"1:60.6.1+build2-0ubuntu0.18.04.1",
"1:60.7.0+build1-0ubuntu0.18.04.1",
"1:60.7.1+build1-0ubuntu0.18.04.1",
"1:60.7.2+build2-0ubuntu0.18.04.1",
"1:60.8.0+build1-0ubuntu0.18.04.1",
"1:60.9.0+build1-0ubuntu0.18.04.1",
"1:68.2.1+build1-0ubuntu0.18.04.1",
"1:68.2.2+build1-0ubuntu0.18.04.1",
"1:68.4.1+build1-0ubuntu0.18.04.1",
"1:68.7.0+build1-0ubuntu0.18.04.1",
"1:68.8.0+build2-0ubuntu0.18.04.2",
"1:68.10.0+build1-0ubuntu0.18.04.1",
"1:78.8.1+build1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:78.11.0+build1-0ubuntu0.20.04.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:78.11.0+build1-0ubuntu0.20.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:68.1.2+build1-0ubuntu1",
"1:68.1.2+build1-0ubuntu2",
"1:68.2.1+build1-0ubuntu1",
"1:68.2.2+build1-0ubuntu1",
"1:68.3.0+build2-0ubuntu1",
"1:68.3.1+build1-0ubuntu2",
"1:68.4.1+build1-0ubuntu1",
"1:68.4.2+build2-0ubuntu1",
"1:68.5.0+build1-0ubuntu1",
"1:68.6.0+build2-0ubuntu1",
"1:68.7.0+build1-0ubuntu1",
"1:68.7.0+build1-0ubuntu2",
"1:68.8.0+build2-0ubuntu0.20.04.2",
"1:68.10.0+build1-0ubuntu0.20.04.1",
"1:78.7.1+build1-0ubuntu0.20.04.1",
"1:78.8.1+build1-0ubuntu0.20.04.1"
]
}
],
"aliases": [],
"details": "If a Thunderbird user has previously imported Alice\u0027s OpenPGP key, and Alice has extended the validity period of her key, but Alice\u0027s updated key has not yet been imported, an attacker may send an email containing a crafted version of Alice\u0027s key with an invalid subkey, Thunderbird might subsequently attempt to use the invalid subkey, and will fail to send encrypted email to Alice. This vulnerability affects Thunderbird \u003c 78.9.1.",
"id": "UBUNTU-CVE-2021-23991",
"modified": "2026-04-22T07:39:56Z",
"published": "2021-04-13T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-23991"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-13/#CVE-2021-23991"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4995-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4995-2"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23991"
}
],
"related": [
"USN-4995-1",
"USN-4995-2"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2021-23991"
]
}
ubuntu-cve-2021-23992
Vulnerability from osv_ubuntu
Thunderbird did not check if the user ID associated with an OpenPGP key has a valid self signature. An attacker may create a crafted version of an OpenPGP key, by either replacing the original user ID, or by adding another user ID. If Thunderbird imports and accepts the crafted key, the Thunderbird user may falsely conclude that the false user ID belongs to the correspondent. This vulnerability affects Thunderbird < 78.9.1.
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:78.11.0+build1-0ubuntu0.18.04.2?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:78.11.0+build1-0ubuntu0.18.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:52.4.0+build1-0ubuntu2",
"1:52.6.0+build1-0ubuntu1",
"1:52.7.0+build1-0ubuntu1",
"1:52.8.0+build1-0ubuntu0.18.04.1",
"1:52.9.1+build3-0ubuntu0.18.04.1",
"1:60.2.1+build1-0ubuntu0.18.04.2",
"1:60.4.0+build2-0ubuntu0.18.04.1",
"1:60.5.1+build2-0ubuntu0.18.04.1",
"1:60.6.1+build2-0ubuntu0.18.04.1",
"1:60.7.0+build1-0ubuntu0.18.04.1",
"1:60.7.1+build1-0ubuntu0.18.04.1",
"1:60.7.2+build2-0ubuntu0.18.04.1",
"1:60.8.0+build1-0ubuntu0.18.04.1",
"1:60.9.0+build1-0ubuntu0.18.04.1",
"1:68.2.1+build1-0ubuntu0.18.04.1",
"1:68.2.2+build1-0ubuntu0.18.04.1",
"1:68.4.1+build1-0ubuntu0.18.04.1",
"1:68.7.0+build1-0ubuntu0.18.04.1",
"1:68.8.0+build2-0ubuntu0.18.04.2",
"1:68.10.0+build1-0ubuntu0.18.04.1",
"1:78.8.1+build1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:78.11.0+build1-0ubuntu0.20.04.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:78.11.0+build1-0ubuntu0.20.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:68.1.2+build1-0ubuntu1",
"1:68.1.2+build1-0ubuntu2",
"1:68.2.1+build1-0ubuntu1",
"1:68.2.2+build1-0ubuntu1",
"1:68.3.0+build2-0ubuntu1",
"1:68.3.1+build1-0ubuntu2",
"1:68.4.1+build1-0ubuntu1",
"1:68.4.2+build2-0ubuntu1",
"1:68.5.0+build1-0ubuntu1",
"1:68.6.0+build2-0ubuntu1",
"1:68.7.0+build1-0ubuntu1",
"1:68.7.0+build1-0ubuntu2",
"1:68.8.0+build2-0ubuntu0.20.04.2",
"1:68.10.0+build1-0ubuntu0.20.04.1",
"1:78.7.1+build1-0ubuntu0.20.04.1",
"1:78.8.1+build1-0ubuntu0.20.04.1"
]
}
],
"aliases": [],
"details": "Thunderbird did not check if the user ID associated with an OpenPGP key has a valid self signature. An attacker may create a crafted version of an OpenPGP key, by either replacing the original user ID, or by adding another user ID. If Thunderbird imports and accepts the crafted key, the Thunderbird user may falsely conclude that the false user ID belongs to the correspondent. This vulnerability affects Thunderbird \u003c 78.9.1.",
"id": "UBUNTU-CVE-2021-23992",
"modified": "2026-04-22T07:39:56Z",
"published": "2021-04-13T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-23992"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-13/#CVE-2021-23992"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4995-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4995-2"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23992"
}
],
"related": [
"USN-4995-1",
"USN-4995-2"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2021-23992"
]
}
ubuntu-cve-2021-23993
Vulnerability from osv_ubuntu
An attacker may perform a DoS attack to prevent a user from sending encrypted email to a correspondent. If an attacker creates a crafted OpenPGP key with a subkey that has an invalid self signature, and the Thunderbird user imports the crafted key, then Thunderbird may try to use the invalid subkey, but the RNP library rejects it from being used, causing encryption to fail. This vulnerability affects Thunderbird < 78.9.1.
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:78.11.0+build1-0ubuntu0.18.04.2?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:78.11.0+build1-0ubuntu0.18.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:52.4.0+build1-0ubuntu2",
"1:52.6.0+build1-0ubuntu1",
"1:52.7.0+build1-0ubuntu1",
"1:52.8.0+build1-0ubuntu0.18.04.1",
"1:52.9.1+build3-0ubuntu0.18.04.1",
"1:60.2.1+build1-0ubuntu0.18.04.2",
"1:60.4.0+build2-0ubuntu0.18.04.1",
"1:60.5.1+build2-0ubuntu0.18.04.1",
"1:60.6.1+build2-0ubuntu0.18.04.1",
"1:60.7.0+build1-0ubuntu0.18.04.1",
"1:60.7.1+build1-0ubuntu0.18.04.1",
"1:60.7.2+build2-0ubuntu0.18.04.1",
"1:60.8.0+build1-0ubuntu0.18.04.1",
"1:60.9.0+build1-0ubuntu0.18.04.1",
"1:68.2.1+build1-0ubuntu0.18.04.1",
"1:68.2.2+build1-0ubuntu0.18.04.1",
"1:68.4.1+build1-0ubuntu0.18.04.1",
"1:68.7.0+build1-0ubuntu0.18.04.1",
"1:68.8.0+build2-0ubuntu0.18.04.2",
"1:68.10.0+build1-0ubuntu0.18.04.1",
"1:78.8.1+build1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:78.11.0+build1-0ubuntu0.20.04.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:78.11.0+build1-0ubuntu0.20.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:68.1.2+build1-0ubuntu1",
"1:68.1.2+build1-0ubuntu2",
"1:68.2.1+build1-0ubuntu1",
"1:68.2.2+build1-0ubuntu1",
"1:68.3.0+build2-0ubuntu1",
"1:68.3.1+build1-0ubuntu2",
"1:68.4.1+build1-0ubuntu1",
"1:68.4.2+build2-0ubuntu1",
"1:68.5.0+build1-0ubuntu1",
"1:68.6.0+build2-0ubuntu1",
"1:68.7.0+build1-0ubuntu1",
"1:68.7.0+build1-0ubuntu2",
"1:68.8.0+build2-0ubuntu0.20.04.2",
"1:68.10.0+build1-0ubuntu0.20.04.1",
"1:78.7.1+build1-0ubuntu0.20.04.1",
"1:78.8.1+build1-0ubuntu0.20.04.1"
]
}
],
"aliases": [],
"details": "An attacker may perform a DoS attack to prevent a user from sending encrypted email to a correspondent. If an attacker creates a crafted OpenPGP key with a subkey that has an invalid self signature, and the Thunderbird user imports the crafted key, then Thunderbird may try to use the invalid subkey, but the RNP library rejects it from being used, causing encryption to fail. This vulnerability affects Thunderbird \u003c 78.9.1.",
"id": "UBUNTU-CVE-2021-23993",
"modified": "2026-04-22T07:39:56Z",
"published": "2021-04-13T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-23993"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-13/#CVE-2021-23993"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4995-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4995-2"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23993"
}
],
"related": [
"USN-4995-1",
"USN-4995-2"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2021-23993"
]
}
ubuntu-cve-2021-23994
Vulnerability from osv_ubuntu
A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
| URL | Type | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "88.0+build2-0ubuntu0.16.04.1"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "88.0+build2-0ubuntu0.16.04.1"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "88.0+build2-0ubuntu0.16.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@88.0+build2-0ubuntu0.16.04.1?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "88.0+build2-0ubuntu0.16.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"41.0.2+build2-0ubuntu1",
"42.0+build2-0ubuntu1",
"44.0+build3-0ubuntu2",
"44.0.1+build1-0ubuntu1",
"44.0.2+build1-0ubuntu1",
"45.0+build2-0ubuntu1",
"45.0.1+build1-0ubuntu1",
"45.0.2+build1-0ubuntu1",
"46.0+build5-0ubuntu0.16.04.2",
"46.0.1+build1-0ubuntu0.16.04.2",
"47.0+build3-0ubuntu0.16.04.1",
"48.0+build2-0ubuntu0.16.04.1",
"49.0+build4-0ubuntu0.16.04.1",
"49.0.2+build2-0ubuntu0.16.04.2",
"50.0+build2-0ubuntu0.16.04.2",
"50.0.2+build1-0ubuntu0.16.04.1",
"50.1.0+build2-0ubuntu0.16.04.1",
"51.0.1+build2-0ubuntu0.16.04.1",
"51.0.1+build2-0ubuntu0.16.04.2",
"52.0+build2-0ubuntu0.16.04.1",
"52.0.1+build2-0ubuntu0.16.04.1",
"52.0.2+build1-0ubuntu0.16.04.1",
"53.0+build6-0ubuntu0.16.04.1",
"53.0.2+build1-0ubuntu0.16.04.2",
"53.0.3+build1-0ubuntu0.16.04.2",
"54.0+build3-0ubuntu0.16.04.1",
"55.0.1+build2-0ubuntu0.16.04.2",
"55.0.2+build1-0ubuntu0.16.04.1",
"56.0+build6-0ubuntu0.16.04.1",
"56.0+build6-0ubuntu0.16.04.2",
"57.0+build4-0ubuntu0.16.04.5",
"57.0+build4-0ubuntu0.16.04.6",
"57.0.1+build2-0ubuntu0.16.04.1",
"57.0.3+build1-0ubuntu0.16.04.1",
"57.0.4+build1-0ubuntu0.16.04.1",
"58.0+build6-0ubuntu0.16.04.1",
"58.0.1+build1-0ubuntu0.16.04.1",
"58.0.2+build1-0ubuntu0.16.04.1",
"59.0+build5-0ubuntu0.16.04.1",
"59.0.1+build1-0ubuntu0.16.04.1",
"59.0.2+build1-0ubuntu0.16.04.1",
"59.0.2+build1-0ubuntu0.16.04.3",
"60.0+build2-0ubuntu0.16.04.1",
"60.0.1+build2-0ubuntu0.16.04.1",
"60.0.2+build1-0ubuntu0.16.04.1",
"61.0+build3-0ubuntu0.16.04.2",
"61.0.1+build1-0ubuntu0.16.04.1",
"62.0+build2-0ubuntu0.16.04.3",
"62.0+build2-0ubuntu0.16.04.4",
"62.0+build2-0ubuntu0.16.04.5",
"62.0.3+build1-0ubuntu0.16.04.2",
"63.0+build2-0ubuntu0.16.04.2",
"63.0.3+build1-0ubuntu0.16.04.1",
"64.0+build3-0ubuntu0.16.04.1",
"65.0+build2-0ubuntu0.16.04.1",
"65.0.1+build2-0ubuntu0.16.04.1",
"66.0+build3-0ubuntu0.16.04.2",
"66.0.1+build1-0ubuntu0.16.04.1",
"66.0.2+build1-0ubuntu0.16.04.1",
"66.0.3+build1-0ubuntu0.16.04.1",
"66.0.4+build3-0ubuntu0.16.04.1",
"66.0.5+build1-0ubuntu0.16.04.1",
"67.0+build2-0ubuntu0.16.04.1",
"67.0.1+build1-0ubuntu0.16.04.1",
"67.0.2+build2-0ubuntu0.16.04.1",
"67.0.3+build1-0ubuntu0.16.04.1",
"67.0.4+build1-0ubuntu0.16.04.1",
"68.0+build3-0ubuntu0.16.04.1",
"68.0.1+build1-0ubuntu0.16.04.1",
"68.0.2+build1-0ubuntu0.16.04.1",
"69.0+build2-0ubuntu0.16.04.4",
"69.0.1+build1-0ubuntu0.16.04.1",
"69.0.2+build1-0ubuntu0.16.04.1",
"70.0+build2-0ubuntu0.16.04.1",
"70.0.1+build1-0ubuntu0.16.04.1",
"71.0+build5-0ubuntu0.16.04.1",
"72.0.1+build1-0ubuntu0.16.04.1",
"72.0.2+build1-0ubuntu0.16.04.1",
"73.0.1+build1-0ubuntu0.16.04.1",
"74.0+build3-0ubuntu0.16.04.1",
"74.0.1+build1-0ubuntu0.16.04.1",
"75.0+build3-0ubuntu0.16.04.1",
"76.0+build2-0ubuntu0.16.04.1",
"76.0.1+build1-0ubuntu0.16.04.1",
"77.0.1+build1-0ubuntu0.16.04.1",
"78.0.1+build1-0ubuntu0.16.04.1",
"78.0.2+build2-0ubuntu0.16.04.1",
"79.0+build1-0ubuntu0.16.04.2",
"80.0+build2-0ubuntu0.16.04.1",
"80.0.1+build1-0ubuntu0.16.04.1",
"81.0+build2-0ubuntu0.16.04.1",
"81.0.2+build1-0ubuntu0.16.04.1",
"82.0+build2-0ubuntu0.16.04.5",
"82.0.2+build1-0ubuntu0.16.04.1",
"82.0.3+build1-0ubuntu0.16.04.1",
"83.0+build2-0ubuntu0.16.04.3",
"84.0+build3-0ubuntu0.16.04.1",
"84.0.1+build1-0ubuntu0.16.04.1",
"84.0.2+build1-0ubuntu0.16.04.1",
"85.0+build1-0ubuntu0.16.04.1",
"85.0.1+build1-0ubuntu0.16.04.1",
"86.0+build3-0ubuntu0.16.04.1",
"86.0.1+build1-0ubuntu0.16.04.2",
"87.0+build3-0ubuntu0.16.04.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "88.0+build2-0ubuntu0.18.04.2"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "88.0+build2-0ubuntu0.18.04.2"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "88.0+build2-0ubuntu0.18.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@88.0+build2-0ubuntu0.18.04.2?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "88.0+build2-0ubuntu0.18.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"56.0+build6-0ubuntu1",
"57.0.1+build2-0ubuntu1",
"59.0.1+build1-0ubuntu1",
"59.0.2+build1-0ubuntu1",
"60.0+build2-0ubuntu1",
"60.0.1+build2-0ubuntu0.18.04.1",
"60.0.2+build1-0ubuntu0.18.04.1",
"61.0+build3-0ubuntu0.18.04.1",
"61.0.1+build1-0ubuntu0.18.04.1",
"62.0+build2-0ubuntu0.18.04.3",
"62.0+build2-0ubuntu0.18.04.4",
"62.0+build2-0ubuntu0.18.04.5",
"62.0.3+build1-0ubuntu0.18.04.1",
"63.0+build2-0ubuntu0.18.04.2",
"63.0.3+build1-0ubuntu0.18.04.1",
"64.0+build3-0ubuntu0.18.04.1",
"65.0+build2-0ubuntu0.18.04.1",
"65.0.1+build2-0ubuntu0.18.04.1",
"66.0+build3-0ubuntu0.18.04.1",
"66.0.1+build1-0ubuntu0.18.04.1",
"66.0.2+build1-0ubuntu0.18.04.1",
"66.0.3+build1-0ubuntu0.18.04.1",
"66.0.4+build3-0ubuntu0.18.04.1",
"66.0.5+build1-0ubuntu0.18.04.1",
"67.0+build2-0ubuntu0.18.04.1",
"67.0.1+build1-0ubuntu0.18.04.1",
"67.0.2+build2-0ubuntu0.18.04.1",
"67.0.3+build1-0ubuntu0.18.04.1",
"67.0.4+build1-0ubuntu0.18.04.1",
"68.0+build3-0ubuntu0.18.04.1",
"68.0.1+build1-0ubuntu0.18.04.1",
"68.0.2+build1-0ubuntu0.18.04.1",
"69.0+build2-0ubuntu0.18.04.1",
"69.0.1+build1-0ubuntu0.18.04.1",
"69.0.2+build1-0ubuntu0.18.04.1",
"70.0+build2-0ubuntu0.18.04.1",
"70.0.1+build1-0ubuntu0.18.04.1",
"71.0+build5-0ubuntu0.18.04.1",
"72.0.1+build1-0ubuntu0.18.04.1",
"72.0.2+build1-0ubuntu0.18.04.1",
"73.0+build3-0ubuntu0.18.04.1",
"73.0.1+build1-0ubuntu0.18.04.1",
"74.0+build3-0ubuntu0.18.04.1",
"74.0.1+build1-0ubuntu0.18.04.1",
"75.0+build3-0ubuntu0.18.04.1",
"76.0+build2-0ubuntu0.18.04.1",
"76.0.1+build1-0ubuntu0.18.04.1",
"77.0.1+build1-0ubuntu0.18.04.1",
"78.0.1+build1-0ubuntu0.18.04.1",
"78.0.2+build2-0ubuntu0.18.04.1",
"79.0+build1-0ubuntu0.18.04.1",
"80.0+build2-0ubuntu0.18.04.1",
"80.0.1+build1-0ubuntu0.18.04.1",
"81.0+build2-0ubuntu0.18.04.1",
"81.0.2+build1-0ubuntu0.18.04.1",
"82.0+build2-0ubuntu0.18.04.1",
"82.0.2+build1-0ubuntu0.18.04.1",
"82.0.3+build1-0ubuntu0.18.04.1",
"83.0+build2-0ubuntu0.18.04.2",
"84.0+build3-0ubuntu0.18.04.1",
"84.0.1+build1-0ubuntu0.18.04.1",
"84.0.2+build1-0ubuntu0.18.04.1",
"85.0+build1-0ubuntu0.18.04.1",
"85.0.1+build1-0ubuntu0.18.04.1",
"86.0+build3-0ubuntu0.18.04.1",
"86.0.1+build1-0ubuntu0.18.04.1",
"87.0+build3-0ubuntu0.18.04.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:78.11.0+build1-0ubuntu0.18.04.2?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:78.11.0+build1-0ubuntu0.18.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:52.4.0+build1-0ubuntu2",
"1:52.6.0+build1-0ubuntu1",
"1:52.7.0+build1-0ubuntu1",
"1:52.8.0+build1-0ubuntu0.18.04.1",
"1:52.9.1+build3-0ubuntu0.18.04.1",
"1:60.2.1+build1-0ubuntu0.18.04.2",
"1:60.4.0+build2-0ubuntu0.18.04.1",
"1:60.5.1+build2-0ubuntu0.18.04.1",
"1:60.6.1+build2-0ubuntu0.18.04.1",
"1:60.7.0+build1-0ubuntu0.18.04.1",
"1:60.7.1+build1-0ubuntu0.18.04.1",
"1:60.7.2+build2-0ubuntu0.18.04.1",
"1:60.8.0+build1-0ubuntu0.18.04.1",
"1:60.9.0+build1-0ubuntu0.18.04.1",
"1:68.2.1+build1-0ubuntu0.18.04.1",
"1:68.2.2+build1-0ubuntu0.18.04.1",
"1:68.4.1+build1-0ubuntu0.18.04.1",
"1:68.7.0+build1-0ubuntu0.18.04.1",
"1:68.8.0+build2-0ubuntu0.18.04.2",
"1:68.10.0+build1-0ubuntu0.18.04.1",
"1:78.8.1+build1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.3.1-0ubuntu3",
"52.3.1-7fakesync1",
"52.8.1-0ubuntu0.18.04.1",
"52.9.1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-38-0",
"binary_version": "38.8.0~repack1-0ubuntu4"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs38",
"purl": "pkg:deb/ubuntu/mozjs38@38.8.0~repack1-0ubuntu4?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"38.8.0~repack1-0ubuntu1",
"38.8.0~repack1-0ubuntu3",
"38.8.0~repack1-0ubuntu4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "88.0+build2-0ubuntu0.20.04.1"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "88.0+build2-0ubuntu0.20.04.1"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "88.0+build2-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@88.0+build2-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "88.0+build2-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"69.0.3+build1-0ubuntu1",
"70.0+build2-0ubuntu1",
"70.0+build2-0ubuntu2",
"70.0.1+build1-0ubuntu2",
"71.0+build2-0ubuntu2",
"71.0+build5-0ubuntu1",
"72.0.1+build1-0ubuntu1",
"72.0.2+build1-0ubuntu1",
"73.0+build1-0ubuntu1",
"73.0+build2-0ubuntu1",
"73.0+build3-0ubuntu1",
"73.0.1+build1-0ubuntu1",
"74.0+build1-0ubuntu1",
"74.0+build2-0ubuntu1",
"74.0+build2-0ubuntu2",
"74.0+build3-0ubuntu1",
"75.0+build3-0ubuntu1",
"76.0+build2-0ubuntu0.20.04.1",
"76.0.1+build1-0ubuntu0.20.04.1",
"77.0.1+build1-0ubuntu0.20.04.1",
"78.0.1+build1-0ubuntu0.20.04.1",
"78.0.2+build2-0ubuntu0.20.04.1",
"79.0+build1-0ubuntu0.20.04.1",
"80.0+build2-0ubuntu0.20.04.1",
"80.0.1+build1-0ubuntu0.20.04.1",
"81.0+build2-0ubuntu0.20.04.1",
"81.0.2+build1-0ubuntu0.20.04.1",
"82.0+build2-0ubuntu0.20.04.1",
"82.0.2+build1-0ubuntu0.20.04.1",
"82.0.3+build1-0ubuntu0.20.04.1",
"83.0+build2-0ubuntu0.20.04.1",
"84.0+build3-0ubuntu0.20.04.1",
"84.0.1+build1-0ubuntu0.20.04.1",
"84.0.2+build1-0ubuntu0.20.04.1",
"85.0+build1-0ubuntu0.20.04.1",
"85.0.1+build1-0ubuntu0.20.04.1",
"86.0+build3-0ubuntu0.20.04.1",
"86.0.1+build1-0ubuntu0.20.04.1",
"87.0+build3-0ubuntu0.20.04.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:78.11.0+build1-0ubuntu0.20.04.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:78.11.0+build1-0ubuntu0.20.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:68.1.2+build1-0ubuntu1",
"1:68.1.2+build1-0ubuntu2",
"1:68.2.1+build1-0ubuntu1",
"1:68.2.2+build1-0ubuntu1",
"1:68.3.0+build2-0ubuntu1",
"1:68.3.1+build1-0ubuntu2",
"1:68.4.1+build1-0ubuntu1",
"1:68.4.2+build2-0ubuntu1",
"1:68.5.0+build1-0ubuntu1",
"1:68.6.0+build2-0ubuntu1",
"1:68.7.0+build1-0ubuntu1",
"1:68.7.0+build1-0ubuntu2",
"1:68.8.0+build2-0ubuntu0.20.04.2",
"1:68.10.0+build1-0ubuntu0.20.04.1",
"1:78.7.1+build1-0ubuntu0.20.04.1",
"1:78.8.1+build1-0ubuntu0.20.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-68-0",
"binary_version": "68.6.0-1ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs68",
"purl": "pkg:deb/ubuntu/mozjs68@68.6.0-1ubuntu1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"68.5.0-1~fakesync",
"68.5.0-2~fakesync",
"68.6.0-1",
"68.6.0-1ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-1ubuntu3"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-1ubuntu3?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.9.1-1build1",
"52.9.1-1ubuntu3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-78-0",
"binary_version": "78.15.0-4ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs78",
"purl": "pkg:deb/ubuntu/mozjs78@78.15.0-4ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"78.13.0-1",
"78.15.0-2",
"78.15.0-4ubuntu1"
]
}
],
"aliases": [],
"details": "A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. This vulnerability affects Firefox ESR \u003c 78.10, Thunderbird \u003c 78.10, and Firefox \u003c 88.",
"id": "UBUNTU-CVE-2021-23994",
"modified": "2026-04-22T07:39:56Z",
"published": "2021-04-19T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-23994"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-23994"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-23994"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23994"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4926-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4995-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4995-2"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23994"
}
],
"related": [
"USN-4926-1",
"USN-4995-1",
"USN-4995-2"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2021-23994"
]
}
ubuntu-cve-2021-23995
Vulnerability from osv_ubuntu
When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
| URL | Type | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "88.0+build2-0ubuntu0.16.04.1"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "88.0+build2-0ubuntu0.16.04.1"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "88.0+build2-0ubuntu0.16.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@88.0+build2-0ubuntu0.16.04.1?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "88.0+build2-0ubuntu0.16.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"41.0.2+build2-0ubuntu1",
"42.0+build2-0ubuntu1",
"44.0+build3-0ubuntu2",
"44.0.1+build1-0ubuntu1",
"44.0.2+build1-0ubuntu1",
"45.0+build2-0ubuntu1",
"45.0.1+build1-0ubuntu1",
"45.0.2+build1-0ubuntu1",
"46.0+build5-0ubuntu0.16.04.2",
"46.0.1+build1-0ubuntu0.16.04.2",
"47.0+build3-0ubuntu0.16.04.1",
"48.0+build2-0ubuntu0.16.04.1",
"49.0+build4-0ubuntu0.16.04.1",
"49.0.2+build2-0ubuntu0.16.04.2",
"50.0+build2-0ubuntu0.16.04.2",
"50.0.2+build1-0ubuntu0.16.04.1",
"50.1.0+build2-0ubuntu0.16.04.1",
"51.0.1+build2-0ubuntu0.16.04.1",
"51.0.1+build2-0ubuntu0.16.04.2",
"52.0+build2-0ubuntu0.16.04.1",
"52.0.1+build2-0ubuntu0.16.04.1",
"52.0.2+build1-0ubuntu0.16.04.1",
"53.0+build6-0ubuntu0.16.04.1",
"53.0.2+build1-0ubuntu0.16.04.2",
"53.0.3+build1-0ubuntu0.16.04.2",
"54.0+build3-0ubuntu0.16.04.1",
"55.0.1+build2-0ubuntu0.16.04.2",
"55.0.2+build1-0ubuntu0.16.04.1",
"56.0+build6-0ubuntu0.16.04.1",
"56.0+build6-0ubuntu0.16.04.2",
"57.0+build4-0ubuntu0.16.04.5",
"57.0+build4-0ubuntu0.16.04.6",
"57.0.1+build2-0ubuntu0.16.04.1",
"57.0.3+build1-0ubuntu0.16.04.1",
"57.0.4+build1-0ubuntu0.16.04.1",
"58.0+build6-0ubuntu0.16.04.1",
"58.0.1+build1-0ubuntu0.16.04.1",
"58.0.2+build1-0ubuntu0.16.04.1",
"59.0+build5-0ubuntu0.16.04.1",
"59.0.1+build1-0ubuntu0.16.04.1",
"59.0.2+build1-0ubuntu0.16.04.1",
"59.0.2+build1-0ubuntu0.16.04.3",
"60.0+build2-0ubuntu0.16.04.1",
"60.0.1+build2-0ubuntu0.16.04.1",
"60.0.2+build1-0ubuntu0.16.04.1",
"61.0+build3-0ubuntu0.16.04.2",
"61.0.1+build1-0ubuntu0.16.04.1",
"62.0+build2-0ubuntu0.16.04.3",
"62.0+build2-0ubuntu0.16.04.4",
"62.0+build2-0ubuntu0.16.04.5",
"62.0.3+build1-0ubuntu0.16.04.2",
"63.0+build2-0ubuntu0.16.04.2",
"63.0.3+build1-0ubuntu0.16.04.1",
"64.0+build3-0ubuntu0.16.04.1",
"65.0+build2-0ubuntu0.16.04.1",
"65.0.1+build2-0ubuntu0.16.04.1",
"66.0+build3-0ubuntu0.16.04.2",
"66.0.1+build1-0ubuntu0.16.04.1",
"66.0.2+build1-0ubuntu0.16.04.1",
"66.0.3+build1-0ubuntu0.16.04.1",
"66.0.4+build3-0ubuntu0.16.04.1",
"66.0.5+build1-0ubuntu0.16.04.1",
"67.0+build2-0ubuntu0.16.04.1",
"67.0.1+build1-0ubuntu0.16.04.1",
"67.0.2+build2-0ubuntu0.16.04.1",
"67.0.3+build1-0ubuntu0.16.04.1",
"67.0.4+build1-0ubuntu0.16.04.1",
"68.0+build3-0ubuntu0.16.04.1",
"68.0.1+build1-0ubuntu0.16.04.1",
"68.0.2+build1-0ubuntu0.16.04.1",
"69.0+build2-0ubuntu0.16.04.4",
"69.0.1+build1-0ubuntu0.16.04.1",
"69.0.2+build1-0ubuntu0.16.04.1",
"70.0+build2-0ubuntu0.16.04.1",
"70.0.1+build1-0ubuntu0.16.04.1",
"71.0+build5-0ubuntu0.16.04.1",
"72.0.1+build1-0ubuntu0.16.04.1",
"72.0.2+build1-0ubuntu0.16.04.1",
"73.0.1+build1-0ubuntu0.16.04.1",
"74.0+build3-0ubuntu0.16.04.1",
"74.0.1+build1-0ubuntu0.16.04.1",
"75.0+build3-0ubuntu0.16.04.1",
"76.0+build2-0ubuntu0.16.04.1",
"76.0.1+build1-0ubuntu0.16.04.1",
"77.0.1+build1-0ubuntu0.16.04.1",
"78.0.1+build1-0ubuntu0.16.04.1",
"78.0.2+build2-0ubuntu0.16.04.1",
"79.0+build1-0ubuntu0.16.04.2",
"80.0+build2-0ubuntu0.16.04.1",
"80.0.1+build1-0ubuntu0.16.04.1",
"81.0+build2-0ubuntu0.16.04.1",
"81.0.2+build1-0ubuntu0.16.04.1",
"82.0+build2-0ubuntu0.16.04.5",
"82.0.2+build1-0ubuntu0.16.04.1",
"82.0.3+build1-0ubuntu0.16.04.1",
"83.0+build2-0ubuntu0.16.04.3",
"84.0+build3-0ubuntu0.16.04.1",
"84.0.1+build1-0ubuntu0.16.04.1",
"84.0.2+build1-0ubuntu0.16.04.1",
"85.0+build1-0ubuntu0.16.04.1",
"85.0.1+build1-0ubuntu0.16.04.1",
"86.0+build3-0ubuntu0.16.04.1",
"86.0.1+build1-0ubuntu0.16.04.2",
"87.0+build3-0ubuntu0.16.04.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "88.0+build2-0ubuntu0.18.04.2"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "88.0+build2-0ubuntu0.18.04.2"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "88.0+build2-0ubuntu0.18.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@88.0+build2-0ubuntu0.18.04.2?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "88.0+build2-0ubuntu0.18.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"56.0+build6-0ubuntu1",
"57.0.1+build2-0ubuntu1",
"59.0.1+build1-0ubuntu1",
"59.0.2+build1-0ubuntu1",
"60.0+build2-0ubuntu1",
"60.0.1+build2-0ubuntu0.18.04.1",
"60.0.2+build1-0ubuntu0.18.04.1",
"61.0+build3-0ubuntu0.18.04.1",
"61.0.1+build1-0ubuntu0.18.04.1",
"62.0+build2-0ubuntu0.18.04.3",
"62.0+build2-0ubuntu0.18.04.4",
"62.0+build2-0ubuntu0.18.04.5",
"62.0.3+build1-0ubuntu0.18.04.1",
"63.0+build2-0ubuntu0.18.04.2",
"63.0.3+build1-0ubuntu0.18.04.1",
"64.0+build3-0ubuntu0.18.04.1",
"65.0+build2-0ubuntu0.18.04.1",
"65.0.1+build2-0ubuntu0.18.04.1",
"66.0+build3-0ubuntu0.18.04.1",
"66.0.1+build1-0ubuntu0.18.04.1",
"66.0.2+build1-0ubuntu0.18.04.1",
"66.0.3+build1-0ubuntu0.18.04.1",
"66.0.4+build3-0ubuntu0.18.04.1",
"66.0.5+build1-0ubuntu0.18.04.1",
"67.0+build2-0ubuntu0.18.04.1",
"67.0.1+build1-0ubuntu0.18.04.1",
"67.0.2+build2-0ubuntu0.18.04.1",
"67.0.3+build1-0ubuntu0.18.04.1",
"67.0.4+build1-0ubuntu0.18.04.1",
"68.0+build3-0ubuntu0.18.04.1",
"68.0.1+build1-0ubuntu0.18.04.1",
"68.0.2+build1-0ubuntu0.18.04.1",
"69.0+build2-0ubuntu0.18.04.1",
"69.0.1+build1-0ubuntu0.18.04.1",
"69.0.2+build1-0ubuntu0.18.04.1",
"70.0+build2-0ubuntu0.18.04.1",
"70.0.1+build1-0ubuntu0.18.04.1",
"71.0+build5-0ubuntu0.18.04.1",
"72.0.1+build1-0ubuntu0.18.04.1",
"72.0.2+build1-0ubuntu0.18.04.1",
"73.0+build3-0ubuntu0.18.04.1",
"73.0.1+build1-0ubuntu0.18.04.1",
"74.0+build3-0ubuntu0.18.04.1",
"74.0.1+build1-0ubuntu0.18.04.1",
"75.0+build3-0ubuntu0.18.04.1",
"76.0+build2-0ubuntu0.18.04.1",
"76.0.1+build1-0ubuntu0.18.04.1",
"77.0.1+build1-0ubuntu0.18.04.1",
"78.0.1+build1-0ubuntu0.18.04.1",
"78.0.2+build2-0ubuntu0.18.04.1",
"79.0+build1-0ubuntu0.18.04.1",
"80.0+build2-0ubuntu0.18.04.1",
"80.0.1+build1-0ubuntu0.18.04.1",
"81.0+build2-0ubuntu0.18.04.1",
"81.0.2+build1-0ubuntu0.18.04.1",
"82.0+build2-0ubuntu0.18.04.1",
"82.0.2+build1-0ubuntu0.18.04.1",
"82.0.3+build1-0ubuntu0.18.04.1",
"83.0+build2-0ubuntu0.18.04.2",
"84.0+build3-0ubuntu0.18.04.1",
"84.0.1+build1-0ubuntu0.18.04.1",
"84.0.2+build1-0ubuntu0.18.04.1",
"85.0+build1-0ubuntu0.18.04.1",
"85.0.1+build1-0ubuntu0.18.04.1",
"86.0+build3-0ubuntu0.18.04.1",
"86.0.1+build1-0ubuntu0.18.04.1",
"87.0+build3-0ubuntu0.18.04.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:78.11.0+build1-0ubuntu0.18.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:78.11.0+build1-0ubuntu0.18.04.2?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:78.11.0+build1-0ubuntu0.18.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:52.4.0+build1-0ubuntu2",
"1:52.6.0+build1-0ubuntu1",
"1:52.7.0+build1-0ubuntu1",
"1:52.8.0+build1-0ubuntu0.18.04.1",
"1:52.9.1+build3-0ubuntu0.18.04.1",
"1:60.2.1+build1-0ubuntu0.18.04.2",
"1:60.4.0+build2-0ubuntu0.18.04.1",
"1:60.5.1+build2-0ubuntu0.18.04.1",
"1:60.6.1+build2-0ubuntu0.18.04.1",
"1:60.7.0+build1-0ubuntu0.18.04.1",
"1:60.7.1+build1-0ubuntu0.18.04.1",
"1:60.7.2+build2-0ubuntu0.18.04.1",
"1:60.8.0+build1-0ubuntu0.18.04.1",
"1:60.9.0+build1-0ubuntu0.18.04.1",
"1:68.2.1+build1-0ubuntu0.18.04.1",
"1:68.2.2+build1-0ubuntu0.18.04.1",
"1:68.4.1+build1-0ubuntu0.18.04.1",
"1:68.7.0+build1-0ubuntu0.18.04.1",
"1:68.8.0+build2-0ubuntu0.18.04.2",
"1:68.10.0+build1-0ubuntu0.18.04.1",
"1:78.8.1+build1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-0ubuntu0.18.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-0ubuntu0.18.04.1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.3.1-0ubuntu3",
"52.3.1-7fakesync1",
"52.8.1-0ubuntu0.18.04.1",
"52.9.1-0ubuntu0.18.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-38-0",
"binary_version": "38.8.0~repack1-0ubuntu4"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "mozjs38",
"purl": "pkg:deb/ubuntu/mozjs38@38.8.0~repack1-0ubuntu4?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"38.8.0~repack1-0ubuntu1",
"38.8.0~repack1-0ubuntu3",
"38.8.0~repack1-0ubuntu4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "88.0+build2-0ubuntu0.20.04.1"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "88.0+build2-0ubuntu0.20.04.1"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "88.0+build2-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@88.0+build2-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "88.0+build2-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"69.0.3+build1-0ubuntu1",
"70.0+build2-0ubuntu1",
"70.0+build2-0ubuntu2",
"70.0.1+build1-0ubuntu2",
"71.0+build2-0ubuntu2",
"71.0+build5-0ubuntu1",
"72.0.1+build1-0ubuntu1",
"72.0.2+build1-0ubuntu1",
"73.0+build1-0ubuntu1",
"73.0+build2-0ubuntu1",
"73.0+build3-0ubuntu1",
"73.0.1+build1-0ubuntu1",
"74.0+build1-0ubuntu1",
"74.0+build2-0ubuntu1",
"74.0+build2-0ubuntu2",
"74.0+build3-0ubuntu1",
"75.0+build3-0ubuntu1",
"76.0+build2-0ubuntu0.20.04.1",
"76.0.1+build1-0ubuntu0.20.04.1",
"77.0.1+build1-0ubuntu0.20.04.1",
"78.0.1+build1-0ubuntu0.20.04.1",
"78.0.2+build2-0ubuntu0.20.04.1",
"79.0+build1-0ubuntu0.20.04.1",
"80.0+build2-0ubuntu0.20.04.1",
"80.0.1+build1-0ubuntu0.20.04.1",
"81.0+build2-0ubuntu0.20.04.1",
"81.0.2+build1-0ubuntu0.20.04.1",
"82.0+build2-0ubuntu0.20.04.1",
"82.0.2+build1-0ubuntu0.20.04.1",
"82.0.3+build1-0ubuntu0.20.04.1",
"83.0+build2-0ubuntu0.20.04.1",
"84.0+build3-0ubuntu0.20.04.1",
"84.0.1+build1-0ubuntu0.20.04.1",
"84.0.2+build1-0ubuntu0.20.04.1",
"85.0+build1-0ubuntu0.20.04.1",
"85.0.1+build1-0ubuntu0.20.04.1",
"86.0+build3-0ubuntu0.20.04.1",
"86.0.1+build1-0ubuntu0.20.04.1",
"87.0+build3-0ubuntu0.20.04.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:78.11.0+build1-0ubuntu0.20.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:78.11.0+build1-0ubuntu0.20.04.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:78.11.0+build1-0ubuntu0.20.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:68.1.2+build1-0ubuntu1",
"1:68.1.2+build1-0ubuntu2",
"1:68.2.1+build1-0ubuntu1",
"1:68.2.2+build1-0ubuntu1",
"1:68.3.0+build2-0ubuntu1",
"1:68.3.1+build1-0ubuntu2",
"1:68.4.1+build1-0ubuntu1",
"1:68.4.2+build2-0ubuntu1",
"1:68.5.0+build1-0ubuntu1",
"1:68.6.0+build2-0ubuntu1",
"1:68.7.0+build1-0ubuntu1",
"1:68.7.0+build1-0ubuntu2",
"1:68.8.0+build2-0ubuntu0.20.04.2",
"1:68.10.0+build1-0ubuntu0.20.04.1",
"1:78.7.1+build1-0ubuntu0.20.04.1",
"1:78.8.1+build1-0ubuntu0.20.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-68-0",
"binary_version": "68.6.0-1ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs68",
"purl": "pkg:deb/ubuntu/mozjs68@68.6.0-1ubuntu1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"68.5.0-1~fakesync",
"68.5.0-2~fakesync",
"68.6.0-1",
"68.6.0-1ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-52-0",
"binary_version": "52.9.1-1ubuntu3"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "mozjs52",
"purl": "pkg:deb/ubuntu/mozjs52@52.9.1-1ubuntu3?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"52.9.1-1build1",
"52.9.1-1ubuntu3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libmozjs-78-0",
"binary_version": "78.15.0-4ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "mozjs78",
"purl": "pkg:deb/ubuntu/mozjs78@78.15.0-4ubuntu1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"78.13.0-1",
"78.15.0-2",
"78.15.0-4ubuntu1"
]
}
],
"aliases": [],
"details": "When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 78.10, Thunderbird \u003c 78.10, and Firefox \u003c 88.",
"id": "UBUNTU-CVE-2021-23995",
"modified": "2026-04-22T07:39:56Z",
"published": "2021-04-19T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-23995"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-23995"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-23995"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23995"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4926-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4995-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4995-2"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23995"
}
],
"related": [
"USN-4926-1",
"USN-4995-1",
"USN-4995-2"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2021-23995"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.