Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.4
CVSSv2

CVE-2021-29949

Published: 24/06/2021 Updated: 30/06/2021
CVSS v2 Base Score: 4.4 | Impact Score: 6.4 | Exploitability Score: 3.4
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 392
Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Thunderbird

Vulnerability Summary

When loading the shared library that provides the OTR protocol implementation, Thunderbird will initially attempt to open it using a filename that isn't distributed by Thunderbird. If a computer has already been infected with a malicious library of the alternative filename, and the malicious library has been copied to a directory that is contained in the search path for executable libraries, then Thunderbird will load the incorrect library. This vulnerability affects Thunderbird < 78.9.1.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

mozilla thunderbird

Vendor Advisories

Debian Security Advisories: DSA-4897-1 thunderbird -- security update
Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code or information disclosure In adddition a number of security issues were addressed in the OpenPGP support For the stable distribution (buster), these problems have been fixed in version 1:78100-1~deb10u1 We recommend that you upgrade y ...
Mozilla: Security Vulnerabilities fixed in Thunderbird 78.9.1
Mozilla Foundation Security Advisory 2021-13 Security Vulnerabilities fixed in Thunderbird 7891 Announced April 8, 2021 Impact moderate Products Thunderbird Fixed in Thunderbird 7891 ...
Red Hat: CVE-2021-29949
No description is available for this CVE ...
Arch Linux Issues:
A security issue was found in Thunderbird before version 7891 When loading the shared library that provides the OTR protocol implementation, Thunderbird will initially attempt to open it using a filename that isn't distributed by Thunderbird If a computer has already been infected with a malicious library of the alternative filename, and the ma ...

References

CWE-427https://www.mozilla.org/security/advisories/mfsa2021-13/https://bugzilla.mozilla.org/show_bug.cgi?id=1682101https://nvd.nist.govhttps://www.debian.org/security/2021/dsa-4897
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook