Vulnerability CVE-2021-38495: Information

Description

Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.1 and Firefox ESR < 91.1.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2021-38495
Published: Nov. 3, 2021
Modified: Dec. 9, 2022
Error type identifier: CWE-787

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
firefoxsisyphus92.0-alt1125.0.2-alt1ALT-PU-2021-2739-1284746Fixed
firefoxp1092.0-alt1118.0.2-alt0.p10.1ALT-PU-2021-2849-1284964Fixed
firefoxp993.0-alt0.p9.1105.0.1-alt0.c9.1ALT-PU-2022-1782-1288073Fixed
firefoxc10f192.0-alt1112.0.2-alt0.p10.1ALT-PU-2021-2849-1284964Fixed
firefoxc9f293.0-alt0.p9.1105.0.1-alt0.c9.1ALT-PU-2021-3368-1288792Fixed
firefox-esrsisyphus91.1.0-alt1115.10.0-alt1ALT-PU-2021-2766-1284831Fixed
firefox-esrp1091.1.0-alt1115.10.0-alt1ALT-PU-2021-2881-1284980Fixed
firefox-esrp991.7.0-alt0.p9.1102.11.0-alt0.c9.1ALT-PU-2022-1781-1288073Fixed
firefox-esrc10f191.1.0-alt1115.9.1-alt0.c10.1ALT-PU-2021-2881-1284980Fixed
firefox-esrc9f291.3.0-alt1.c9.1102.12.0-alt0.c9.1ALT-PU-2021-3369-1288792Fixed
thunderbirdsisyphus91.1.0-alt1115.9.0-alt1ALT-PU-2021-2762-1284839Fixed
thunderbirdp1091.1.0-alt1115.9.0-alt1ALT-PU-2021-2807-1284957Fixed
thunderbirdp991.6.0-alt0.p9.1102.11.0-alt0.c9.1ALT-PU-2022-1783-1288073Fixed
thunderbirdc10f191.1.0-alt1115.9.0-alt0.c10.1ALT-PU-2021-2807-1284957Fixed
thunderbirdc9f291.3.0-alt0.c9.1102.11.0-alt0.c9.1ALT-PU-2021-3370-1288792Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://www.mozilla.org/security/advisories/mfsa2021-41/
  • Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2021-40/
  • Vendor Advisory
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1723391%2C1723920%2C1724101%2C1724107
  • Vendor Advisory
GLSA-202202-03
  • Third Party Advisory
GLSA-202208-14
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
      End excliding
      91.1
      cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
      End excliding
      91.1
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.4.2
Back to top