PublicDateAtUSN: 2021-11-03 01:15:00 UTC
Candidate: CVE-2021-38495
PublicDate: 2021-11-03 01:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38495
 https://www.mozilla.org/en-US/security/advisories/mfsa2021-41/#CVE-2021-38495
 https://ubuntu.com/security/notices/USN-5248-1
Description:
 Mozilla developers reported memory safety bugs present in Thunderbird
 78.13.0. Some of these bugs showed evidence of memory corruption and we
 presume that with enough effort some of these could have been exploited to
 run arbitrary code. This vulnerability affects Thunderbird < 91.1 and
 Firefox ESR < 91.1.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]


Patches_thunderbird:
upstream_thunderbird: released (91.1)
trusty_thunderbird: ignored (out of standard support)
trusty/esm_thunderbird: DNE
xenial_thunderbird: ignored (out of standard support)
esm-infra/xenial_thunderbird: needs-triage
bionic_thunderbird: released (1:91.5.0+build1-0ubuntu0.18.04.1)
focal_thunderbird: released (1:91.5.0+build1-0ubuntu0.20.04.1)
hirsute_thunderbird: ignored (reached end-of-life)
impish_thunderbird: not-affected (1:91.1.2+build1-0ubuntu1)
jammy_thunderbird: not-affected (1:91.1.2+build1-0ubuntu1)
devel_thunderbird: not-affected (1:91.1.2+build1-0ubuntu1)