Описание
When loading the shared library that provides the OTR protocol implementation, Thunderbird will initially attempt to open it using a filename that isn't distributed by Thunderbird. If a computer has already been infected with a malicious library of the alternative filename, and the malicious library has been copied to a directory that is contained in the search path for executable libraries, then Thunderbird will load the incorrect library. This vulnerability affects Thunderbird < 78.9.1.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1:78.11.0+build1-0ubuntu0.18.04.2 |
| devel | released | 1:78.11.0+build1-0ubuntu2 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| focal | released | 1:78.11.0+build1-0ubuntu0.20.04.2 |
| groovy | released | 1:78.11.0+build1-0ubuntu0.20.10.2 |
| hirsute | released | 1:78.11.0+build1-0ubuntu0.21.04.2 |
| impish | released | 1:78.11.0+build1-0ubuntu2 |
| jammy | released | 1:78.11.0+build1-0ubuntu2 |
| kinetic | released | 1:78.11.0+build1-0ubuntu2 |
Показывать по
EPSS
4.4 Medium
CVSS2
7.8 High
CVSS3
Связанные уязвимости
When loading the shared library that provides the OTR protocol implementation, Thunderbird will initially attempt to open it using a filename that isn't distributed by Thunderbird. If a computer has already been infected with a malicious library of the alternative filename, and the malicious library has been copied to a directory that is contained in the search path for executable libraries, then Thunderbird will load the incorrect library. This vulnerability affects Thunderbird < 78.9.1.
When loading the shared library that provides the OTR protocol implementation, Thunderbird will initially attempt to open it using a filename that isn't distributed by Thunderbird. If a computer has already been infected with a malicious library of the alternative filename, and the malicious library has been copied to a directory that is contained in the search path for executable libraries, then Thunderbird will load the incorrect library. This vulnerability affects Thunderbird < 78.9.1.
When loading the shared library that provides the OTR protocol impleme ...
When loading the shared library that provides the OTR protocol implementation, Thunderbird will initially attempt to open it using a filename that isn't distributed by Thunderbird. If a computer has already been infected with a malicious library of the alternative filename, and the malicious library has been copied to a directory that is contained in the search path for executable libraries, then Thunderbird will load the incorrect library. This vulnerability affects Thunderbird < 78.9.1.
EPSS
4.4 Medium
CVSS2
7.8 High
CVSS3