CVE-2021-43528
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Exploitability: 2.8 / Impact: 3.6
Source: NVD
Description
Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities. This vulnerability affects Thunderbird < 91.4.0.
Affected (4)
Products: Mozilla: Thunderbird · Debian: Debian Linux
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 91.4.0 |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 10.0 |
References (10)
Source: security@mozilla.org
Broken LinkIssue TrackingPermissions RequiredVendor Advisory
Source: security@mozilla.org
Mailing ListThird Party Advisory
Source: security@mozilla.org
Issue TrackingThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkIssue TrackingPermissions RequiredVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.