SB2021111822 - Ubuntu update for thunderbird

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2021111822

SB2021111822 - Ubuntu update for thunderbird

Published: November 18, 2021

Security Bulletin ID SB2021111822
Severity
High
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 40% Medium 20% Low 40%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Security features bypass (CVE-ID: CVE-2021-38503)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to the iframe sandbox rules were not correctly applied to XSLT stylesheets. A remote attacker can load use an iframe to bypass restrictions such as executing scripts or navigating the top-level frame.


2) Use-after-free (CVE-ID: CVE-2021-38504)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when interacting with an HTML input element's file picker dialog with webkitdirectory set. A remote attacker can trick the victim to open a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


3) Insufficient UI Warning of Dangerous Operations (CVE-ID: CVE-2021-38506)

The vulnerability allows a remote attacker to perform spoofing attacks.

The vulnerability exists due to Firefox could have entered fullscreen mode without notification or warning to the user. A remote attacker can perform spoofing attacks on the browser UI.


4) Security features bypass (CVE-ID: CVE-2021-38507)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists in the Opportunistic Encryption feature of HTTP2, which allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on port 80. However, if a second encrypted port on the same IP address (e.g. port 8443) did not opt-in to opportunistic encryption; a network attacker could forward a connection from the browser from port 443 to port 8443, causing the browser to treat the content of port 8443 as same-origin with HTTP. As a result, a remote attacker can bypass Same-Origin-Policy on services hosted on other ports.


5) Improper Restriction of Rendered UI Layers or Frames (CVE-ID: CVE-2021-38509)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of an unusual sequence of attacker-controlled events. A remote attacker can display a Javascript alert() dialog with arbitrary (although unstyled) contents over top of arbitrary webpage of the attacker's choosing.


Remediation

Install update from vendor's website.

References