SB2022021661 - Anolis OS update for thunderbird (Anolis OS 8.5)
Published: February 16, 2022 Updated: March 28, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 31 secuirty vulnerabilities.
1) Security features bypass (CVE-ID: CVE-2021-4140)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to an error in iframe sandbox implementation when processing XSLT markup. A remote attacker can bypass iframe sandbox and execute arbitrary JavaScript code in context of arbitrary window.
2) Command Injection (CVE-ID: CVE-2021-29969)
The vulnerability allows a remote attacker to execute arbitrary commands.
The vulnerability exists in the way Thunderbird handles IMAP server responses sent prior to STARTTLS process. A remote attacker with ability to perform MitM attack can send arbitrary IMAP commands before the STARTTLS handshake and execute them after the handshake is complete.
This could have resulted in Thunderbird showing incorrect information, for example the attacker could have tricked Thunderbird to show folders that didn't exist on the IMAP server.
3) Use-after-free (CVE-ID: CVE-2021-29970)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in accessibility features when processing HTML content. A remote attacker can track the victim to open a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
4) Buffer overflow (CVE-ID: CVE-2021-29976)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
5) Out-of-bounds write (CVE-ID: CVE-2021-30547)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in ANGLE. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger out-of-bounds write and execute arbitrary code on the target system.
6) Race condition (CVE-ID: CVE-2021-32810)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a race condition in the "Stealer::steal", "Stealer::steal_batch" and "Stealer::steal_batch_and_pop" functions. A remote attacker can exploit the race and gain unauthorized access to sensitive information and execute arbitrary code on the system.
7) Buffer overflow (CVE-ID: CVE-2021-38493)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
8) Use-after-free (CVE-ID: CVE-2021-38496)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error during operations on MessageTasks. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
9) Origin validation error (CVE-ID: CVE-2021-38497)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error, which can cause a plain-text validation message to overlaid on another origin through the use of reportValidity() and window.open(). A remote attacker can perform a spoofing attack.
10) Use-after-free (CVE-ID: CVE-2021-38498)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the nsLanguageAtomService object. A remote attacker can trick the victim to open a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
11) Memory corruption (CVE-ID: CVE-2021-38500)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can trick the victim to visit a specially crafted web page, trigger a memory corruption and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
12) Buffer overflow (CVE-ID: CVE-2021-38501)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
13) Cleartext transmission of sensitive information (CVE-ID: CVE-2021-38502)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to software ignores the configuration to require STARTTLS security for an SMTP connection. A remote attacker with ability to intercept network traffic can gain access to sensitive data.
14) Use-after-free (CVE-ID: CVE-2022-22737)
The vulnerability allows a remote attacker to compromise the affected system.
15) Heap-based buffer overflow (CVE-ID: CVE-2022-22738)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in blendGaussianBlur when applying CSS filter. A remote attacker can trick the victim to open a specially crafted web page, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
16) Security features bypass (CVE-ID: CVE-2022-22739)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to missing throttling on external protocol launch dialog. A malicious websites can trick users into accepting launching a program to handle an external URL protocol.
17) Use-after-free (CVE-ID: CVE-2022-22740)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in ChannelEventQueue::mOwner when releasing a network request handle. A remote attacker can trick the victim to open a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
18) Improper Restriction of Rendered UI Layers or Frames (CVE-ID: CVE-2022-22741)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error resizing a popup while requesting fullscreen access. A remote attacker can
trick the victim to open a specially crafted web page, and make the
browser unable to leave fullscreen mode.
19) Out-of-bounds write (CVE-ID: CVE-2022-22742)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input, when inserting text while in edit mode. A remote attacker can create a specially crafted website, trick the victim into opening it and insert specially crafted input in the edit mode, trigger out-of-bounds write and execute arbitrary code on the target system.
20) Improper Restriction of Rendered UI Layers or Frames (CVE-ID: CVE-2022-22743)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error when navigating from inside an iframe while requesting fullscreen access. A remote attacker can trick the victim to open a specially crafted web page, and make the browser unable to leave fullscreen mode.
Successful exploitation of the vulnerability may allow an attacker to perform spoofing attack.
21) Information disclosure (CVE-ID: CVE-2022-22745)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to Securitypolicyviolation events leak cross-origin information for frame-ancestors violations. A remote attacker can gain access to sensitive data.
22) Input validation error (CVE-ID: CVE-2022-22747)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of empty pkcs7 sequence, passed as part of the certificate data. A remote attacker can pass specially crafted certificate to the application and perform a denial of service (DoS) attack.
23) Spoofing attack (CVE-ID: CVE-2022-22748)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data. Malicious websites could have confused Firefox into showing the wrong origin when asking to launch a program and handling an external URL protocol.
24) Buffer overflow (CVE-ID: CVE-2022-22751)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
25) Security restrictions bypass (CVE-ID: CVE-2022-22754)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists in the way Firefox handles extensions updates. A remote attacker can trick the victim to install a browser extension of a particular type and during auto-update bypass the prompt which grants the new version the new requested permissions. As a result an extension with limited permissions can be used to compromise the system.
26) Insufficient UI Warning of Dangerous Operations (CVE-ID: CVE-2022-22756)
The vulnerability allows a remote attacker execute arbitrary code.
The vulnerability exists due to browser fails to properly identify a malicious file during drag and drop operations. A remote attacker can trick the victim to drag and drop an image to their desktop or other folder and change the resulting object into an executable script which will be executed after the user clicked on it.
27) Sandbox restrictions bypass (CVE-ID: CVE-2022-22759)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to the way iframes are handled by the browser. If a document created a sandboxed iframe without allow-scripts,
and subsequently appended an element to the iframe's document that e.g.
had a JavaScript event handler - the event handler would have run
despite the iframe's sandbox.
28) Information disclosure (CVE-ID: CVE-2022-22760)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the way Firefox displays error messages in cross-origin responses, when importing resources using Web Workers. A remote attacker can distinguish the difference between application/javascript responses and non-script responses and learn information cross-origin.
29) Security features bypass (CVE-ID: CVE-2022-22761)
The vulnerability allows a remote attacker to perform unauthorized actions.
The vulnerability exists due to frame-ancestors Content Security Policy directive was not enforced for framed extension pages (pages with a moz-extension:// scheme). A remote attacker perform unauthorized actions.
30) Improper control of a resource through its lifetime (CVE-ID: CVE-2022-22763)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to an error when handling script execution during invalid object state. A remote attacker can cause a script to run late in the lifecycle, at a point after where it should not be possible.
31) Buffer overflow (CVE-ID: CVE-2022-22764)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install update from vendor's website.