Mozilla has made an update available for download for its email client Thunderbird. The new version number is 78.10.0. A total of 9 security holes were closed. Check out the security flaws that have been resolved in the previous version 78.9.1.
Three of them were classified as “High”, five as “Moderate” and two as “Low”. You can read the individual descriptions here. In addition, improvements to the usability and design under Windows were made.
Security Vulnerabilities fixed in Thunderbird 78.10
- CVE-2021-23994: Out of bound write due to lazy initialization [details]
- CVE-2021-23995: Use-after-free in Responsive Design Mode [details]
- CVE-2021-23998: Secure Lock icon could have been spoofed [details]
- CVE-2021-23961: More internal network hosts could have been probed by a malicious webpage [details]
- CVE-2021-23999: Blob URLs may have been granted additional privileges [details]
- CVE-2021-24002: Arbitrary FTP command execution on FTP servers using an encoded URL [details]
- CVE-2021-29945: Incorrect size computation in WebAssembly JIT could lead to null-reads [details]
- CVE-2021-29946: Port blocking could be bypassed [details]
- CVE-2021-29948: Race condition when reading from disk while verifying signatures [details]
0 Comments