Description
When loading the shared library that provides the OTR protocol implementation, Thunderbird will initially attempt to open it using a filename that isn't distributed by Thunderbird. If a computer has already been infected with a malicious library of the alternative filename, and the malicious library has been copied to a directory that is contained in the search path for executable libraries, then Thunderbird will load the incorrect library. This vulnerability affects Thunderbird < 78.9.1.
Solution(s)
ubuntu-upgrade-thunderbird
References
Tuesday, June 29, 2021
Ubuntu: (Multiple Advisories) (CVE-2021-29949): Thunderbird vulnerabilities
Source Sites
Subscribe to an RSS Feed
Blog Archive
- August 2020 (560)
- September 2020 (1436)
- October 2020 (1159)
- November 2020 (1093)
- December 2020 (1314)
- January 2021 (1645)
- February 2021 (1414)
- March 2021 (1221)
- April 2021 (1028)
- May 2021 (986)
- June 2021 (528)
- July 2021 (622)
- August 2021 (748)
- September 2021 (728)
- October 2021 (1130)
- November 2021 (911)
- December 2021 (668)
- January 2022 (627)
- February 2022 (553)
- March 2022 (348)
- April 2022 (169)
- May 2022 (37)