Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Mageia 8: MGASA-2021-0478 Moderate: Thunderbird Memory Issues

mageia
Calendar Grey October 13, 2021
Dist Mageia Esm H88
Revised Thunderbird versions tackle significant vulnerabilities, such as memory malfunctions and possible exploits.
Updated thunderbird packages fix security vulnerabilities: Due to a data race in the crossbeam-deque in the crossbeam crate, one or more tasks in the worker queue could have been ...

Summary

Updated thunderbird packages fix security vulnerabilities:
Due to a data race in the crossbeam-deque in the crossbeam crate, one or more tasks in the worker queue could have been be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this could have caused a double free and a memory leak (CVE-2021-32810).
During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash due to a use-after-free in MessageTask (CVE-2021-38496).
Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks (CVE-2021-38497).
During process shutdown, a document could have caused a use-after-free of a languages service object (nsLanguageAtomService), leading to memory corruption and a potentially exploitable crash (CVE-2021-38498).
Mozil...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=29535

- https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/

- https://www.thunderbird.net/en-US/thunderbird/91.2.0/releasenotes/

- https://www.cve.org/CVERecord?id=CVE-2021-32810

- https://www.cve.org/CVERecord?id=CVE-2021-38496

- https://www.cve.org/CVERecord?id=CVE-2021-38497

- https://www.cve.org/CVERecord?id=CVE-2021-38498

- https://www.cve.org/CVERecord?id=CVE-2021-38500

- https://www.cve.org/CVERecord?id=CVE-2021-38501

- https://www.cve.org/CVERecord?id=CVE-2021-38502

Topics%20covered

Topics Covered

security advisory memory corruption security patch Thunderbird MITM attack Mageia

Resolution

SRPMS

- 8/core/thunderbird-91.2.0-1.mga8

- 8/core/thunderbird-l10n-91.2.0-1.mga8

Severity
important
Lowest
Low
Medium
High
Critical

Publication date: 13 Oct 2021
URL: https://advisories.mageia.org/MGASA-2021-0478.html
Type: security
CVE: CVE-2021-32810, CVE-2021-38496, CVE-2021-38497, CVE-2021-38498, CVE-2021-38500, CVE-2021-38501, CVE-2021-38502

Topics%20covered

Topics Covered

security advisory memory corruption security patch Thunderbird MITM attack Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here