====================================================================

                             CERT-Renater

                 Note d'Information No. 2021/VULN174
_____________________________________________________________________

DATE                : 24/03/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Thunderbird versions prior to
                                          78.9.

=====================================================================
https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/
_____________________________________________________________________


Mozilla Foundation Security Advisory 2021-12
Security Vulnerabilities fixed in Thunderbird 78.9

Announced        March 23, 2021
Impact           high
Products         Thunderbird
Fixed in
        Thunderbird 78.9

In general, these flaws cannot be exploited through email in the
Thunderbird product because scripting is disabled when reading mail, but
are potentially risks in browser or browser-like contexts.


#CVE-2021-23981: Texture upload into an unbound backing buffer resulted
in an out-of-bound read

Reporter       Omair
Impact         high

Description

A texture upload of a Pixel Buffer Object could have confused the WebGL
code to skip binding the buffer used to unpack it, resulting in memory
corruption and a potentially exploitable information leak or crash.


References

    Bug 1692832


#CVE-2021-23982: Internal network hosts could have been probed by a
malicious webpage

Reporter        Samy Kamkar, Ben Seri, and Gregory Vishnepolsky
Impact          moderate

Description

Using techniques that built on the slipstream research, a malicious
webpage could have scanned both an internal network's hosts as well as
services running on the user's local machine utilizing WebRTC
connections.

References

    Bug 1677046


#CVE-2021-23984: Malicious extensions could have spoofed popup information

Reporter         Rob Wu
Impact           moderate

Description

A malicious extension could have opened a popup window lacking an
address bar. The title of the popup lacking an address bar should not be
fully controllable, but in this situation was. This could have been used
to spoof a website and attempt to trick the user into providing
credentials.

References

    Bug 1693664


#CVE-2021-23987: Memory safety bugs fixed in Thunderbird 78.9

Reporter         Mozilla developers and community
Impact           high

Description

Mozilla developers and community members Alexis Beingessner, Tyson
Smith, Julien Wajsberg, and Matthew Gregan reported memory safety bugs
present in Thunderbird 78.8. Some of these bugs showed evidence of
memory corruption and we presume that with enough effort some of these
could have been exploited to run arbitrary code.

References

    Memory safety bugs fixed in Thunderbird 78.9



=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================