Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2021-43528

Опубликовано: 08 дек. 2021
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS2: 4.3
CVSS3: 6.5

Описание

Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities. This vulnerability affects Thunderbird < 91.4.0.

РелизСтатусПримечание
bionic

released

1:91.5.0+build1-0ubuntu0.18.04.1
devel

released

1:91.4.0+build1-0ubuntu1
esm-infra/focal

DNE

focal

released

1:91.5.0+build1-0ubuntu0.20.04.1
hirsute

ignored

end of life
impish

released

1:91.5.0+build1-0ubuntu0.21.10.1
jammy

released

1:91.4.0+build1-0ubuntu1
kinetic

released

1:91.4.0+build1-0ubuntu1
lunar

released

1:91.4.0+build1-0ubuntu1
trusty

ignored

end of standard support

Показывать по

Ссылки на источники

EPSS

Процентиль: 75%
0.0086
Низкий

4.3 Medium

CVSS2

6.5 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2021-43528

CVSS3: 6.3
redhat
около 4 лет назад

Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities. This vulnerability affects Thunderbird < 91.4.0.

nvd логотип

CVE-2021-43528

CVSS3: 6.5
nvd
около 4 лет назад

Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities. This vulnerability affects Thunderbird < 91.4.0.

debian логотип

CVE-2021-43528

CVSS3: 6.5
debian
около 4 лет назад

Thunderbird unexpectedly enabled JavaScript in the composition area. T ...

github логотип

GHSA-q4gq-74cq-85g9

CVSS3: 6.5
github
около 4 лет назад

Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities. This vulnerability affects Thunderbird < 91.4.0.

fstec логотип

BDU:2022-02701

CVSS3: 6.5
fstec
около 4 лет назад

Уязвимость почтового клиента Thunderbird, связанная с небезопасным управлением привилегиями, позволяющая нарушителю обойти ограничения на выполнение JavaScript

EPSS

Процентиль: 75%
0.0086
Низкий

4.3 Medium

CVSS2

6.5 Medium

CVSS3