SB2022012125 - Ubuntu update for thunderbird
Published: January 21, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 44 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2021-4129)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Security features bypass (CVE-ID: CVE-2021-4140)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to an error in iframe sandbox implementation when processing XSLT markup. A remote attacker can bypass iframe sandbox and execute arbitrary JavaScript code in context of arbitrary window.
3) Input validation error (CVE-ID: CVE-2021-29981)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input when lowering/register allocation during live range splitting. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger register confusion failures in JITted code and execute arbitrary code on the system.
4) Type Confusion (CVE-ID: CVE-2021-29982)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect JIT optimization and a type confusion error. A remote attacker can trick the victim to open a specially crafted web page and read a single bit of memory.
5) Insufficient UI Warning of Dangerous Operations (CVE-ID: CVE-2021-29987)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to the way Firefox displays permission panels. After requesting multiple permissions, and closing the first permission panel, subsequent permission panels will be displayed in a different position but still record a click in the default location, making it possible to trick a user into accepting a permission they did not want to.
Note, the vulnerability affects Linux installations only.
6) HTTP response splitting (CVE-ID: CVE-2021-29991)
The vulnerability allows a remote attacker to perform HTTP splitting attacks.
The vulnerability exists due to the affected software incorrectly accepts a newline in a HTTP/3 header, interpretting it as two separate headers. A remote attacker can perform a header splitting attack against servers using HTTP/3.
7) Buffer overflow (CVE-ID: CVE-2021-38495)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
8) Use-after-free (CVE-ID: CVE-2021-38496)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error during operations on MessageTasks. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
9) Origin validation error (CVE-ID: CVE-2021-38497)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error, which can cause a plain-text validation message to overlaid on another origin through the use of reportValidity() and window.open(). A remote attacker can perform a spoofing attack.
10) Use-after-free (CVE-ID: CVE-2021-38498)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the nsLanguageAtomService object. A remote attacker can trick the victim to open a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
11) Memory corruption (CVE-ID: CVE-2021-38500)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can trick the victim to visit a specially crafted web page, trigger a memory corruption and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
12) Buffer overflow (CVE-ID: CVE-2021-38501)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
13) Security features bypass (CVE-ID: CVE-2021-38503)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to the iframe sandbox rules were not correctly applied to XSLT stylesheets. A remote attacker can load use an iframe to bypass restrictions such as executing scripts or navigating the top-level frame.
14) Use-after-free (CVE-ID: CVE-2021-38504)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when interacting with an HTML input element's file picker dialog with webkitdirectory set. A remote attacker can trick the victim to open a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
15) Insufficient UI Warning of Dangerous Operations (CVE-ID: CVE-2021-38506)
The vulnerability allows a remote attacker to perform spoofing attacks.
The vulnerability exists due to Firefox could have entered fullscreen mode without notification or warning to the user. A remote attacker can perform spoofing attacks on the browser UI.
16) Security features bypass (CVE-ID: CVE-2021-38507)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists in the Opportunistic Encryption feature of HTTP2, which allows a connection to be transparently upgraded to TLS while retaining
the visual properties of an HTTP connection, including being
same-origin with unencrypted connections on port 80. However, if a second encrypted port on the same IP address (e.g. port
8443) did not opt-in to opportunistic encryption; a network attacker
could forward a connection from the browser from port 443 to port 8443,
causing the browser to treat the content of port 8443 as same-origin
with HTTP. As a result, a remote attacker can bypass Same-Origin-Policy on services hosted on other ports.
17) Improper Restriction of Rendered UI Layers or Frames (CVE-ID: CVE-2021-38508)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to Firefox displays the form validity message in the correct location at the same time as a permission prompt (such as for geolocation). The validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission.
18) Improper Restriction of Rendered UI Layers or Frames (CVE-ID: CVE-2021-38509)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of an unusual sequence of attacker-controlled events. A remote attacker can display a Javascript alert() dialog with arbitrary (although unstyled) contents over top of arbitrary webpage of the attacker's choosing.
19) Buffer overflow (CVE-ID: CVE-2021-43534)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted webpage, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
20) Use-after-free (CVE-ID: CVE-2021-43535)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing HTTP/2 session object. A remote attacker can trick the victim to open a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
21) Information disclosure (CVE-ID: CVE-2021-43536)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to URL leakage when executing asynchronous functions. A remote attacker can trick the victim to open a specially crafted web page and reveal the URL of the page that is being visited afterwards.
22) Type conversion (CVE-ID: CVE-2021-43537)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a type conversion error when processing sizes from 64bit to 32bit integers when using structured clone. A remote attacker can trick the victim to visit a specially crafted web page, trigger a heap-based buffer overflow and execute arbitrary code on the system.
23) Spoofing attack (CVE-ID: CVE-2021-43538)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to a race in notification code. A remote attacker can hide the notification for pages that had received full screen and pointer lock access. Successful exploitation of the vulnerability may allow an attacker to perform spoofing attack.
24) Use-after-free (CVE-ID: CVE-2021-43539)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in GC rooting when calling wasm instance methods. A remote attacker can trick the victim to open a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
25) Input validation error (CVE-ID: CVE-2021-43541)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient validation of user-supplied input when handling spaces in URLS with external protocol handlers. A remote attacker can trick the victim to click on a specially crafted link and pass unescaped input to a third-party application via URI handler.
26) Information disclosure (CVE-ID: CVE-2021-43542)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the way Firefox handles XMLHttpRequest requests. A remote attacker can initiate a XMLHttpRequest and identify installed applications by probing error messages for loading external protocols.
27) Security features bypass (CVE-ID: CVE-2021-43543)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to an error when handling CSP policies. Documents loaded with the CSP sandbox directive can escape the sandbox's script restriction by embedding additional content.
28) Infinite loop (CVE-ID: CVE-2021-43545)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop when using Location API. A remote attacker can consume all available system resources and cause denial of service conditions.
29) Use-after-free (CVE-ID: CVE-2022-22737)
The vulnerability allows a remote attacker to compromise the affected system.
30) Heap-based buffer overflow (CVE-ID: CVE-2022-22738)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in blendGaussianBlur when applying CSS filter. A remote attacker can trick the victim to open a specially crafted web page, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
31) Security features bypass (CVE-ID: CVE-2022-22739)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to missing throttling on external protocol launch dialog. A malicious websites can trick users into accepting launching a program to handle an external URL protocol.
32) Use-after-free (CVE-ID: CVE-2022-22740)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in ChannelEventQueue::mOwner when releasing a network request handle. A remote attacker can trick the victim to open a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
33) Improper Restriction of Rendered UI Layers or Frames (CVE-ID: CVE-2022-22741)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error resizing a popup while requesting fullscreen access. A remote attacker can
trick the victim to open a specially crafted web page, and make the
browser unable to leave fullscreen mode.
34) Out-of-bounds write (CVE-ID: CVE-2022-22742)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input, when inserting text while in edit mode. A remote attacker can create a specially crafted website, trick the victim into opening it and insert specially crafted input in the edit mode, trigger out-of-bounds write and execute arbitrary code on the target system.
35) Improper Restriction of Rendered UI Layers or Frames (CVE-ID: CVE-2022-22743)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error when navigating from inside an iframe while requesting fullscreen access. A remote attacker can trick the victim to open a specially crafted web page, and make the browser unable to leave fullscreen mode.
Successful exploitation of the vulnerability may allow an attacker to perform spoofing attack.
36) Information disclosure (CVE-ID: CVE-2022-22745)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to Securitypolicyviolation events leak cross-origin information for frame-ancestors violations. A remote attacker can gain access to sensitive data.
37) Input validation error (CVE-ID: CVE-2022-22747)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of empty pkcs7 sequence, passed as part of the certificate data. A remote attacker can pass specially crafted certificate to the application and perform a denial of service (DoS) attack.
38) Spoofing attack (CVE-ID: CVE-2022-22748)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data. Malicious websites could have confused Firefox into showing the wrong origin when asking to launch a program and handling an external URL protocol.
39) Buffer overflow (CVE-ID: CVE-2022-22751)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
40) Cleartext transmission of sensitive information (CVE-ID: CVE-2021-38502)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to software ignores the configuration to require STARTTLS security for an SMTP connection. A remote attacker with ability to intercept network traffic can gain access to sensitive data.
41) Security features bypass (CVE-ID: CVE-2021-43528)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities.
42) Buffer overflow (CVE-ID: CVE-2021-44538)
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to a boundary error within the olm_session_describe() function in libolm. A remote attacker send specially crafted messages to the application that is using the affected library, trigger buffer overflow and perform a denial of service (DoS) attack
43) Insufficient UI Warning of Dangerous Operations (CVE-ID: CVE-2021-4126)
The vulnerability allows a remote attacker to perform spoofing attacks.
The vulnerability exists in the way Thunderbird handles signed email messages. When receiving an OpenPGP/MIME signed email message that contains an additional outer MIME message layer, for example a message footer added by a mailing list gateway, Thunderbird only considered the inner signed message for the signature validity. This gave the false impression that the additional contents were also covered by the digital signature.
44) Spoofing attack (CVE-ID: CVE-2021-43546)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data, when native cursor is zoomed. A remote attacker can perform cursor spoofing attack.
Remediation
Install update from vendor's website.