PT-2021-18558 · Mozilla+6 · Thunderbird+6

Tuan Vu Pham

Published

2021-04-08

Updated

2021-06-30

CVE-2021-29949

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 78.9.1

Description The issue arises when Thunderbird attempts to load a shared library for the OTR protocol implementation using a filename not distributed by Thunderbird. If a malicious library with the alternative filename is already present on the computer and is located in a directory within the search path for executable libraries, Thunderbird will load the incorrect library.

Recommendations For versions prior to 78.9.1, update to version 78.9.1 or later to resolve the issue.

Fix

Uncontrolled Search Path Element

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-427

Related Identifiers

ALT-PU-2021-1804

ALT-PU-2021-1886

ALT-PU-2021-1892

CESA-2021_1192

CESA-2021_1193

CVE-2021-29949

DLA-2632-1

DSA-4897-1

RHSA-2021:1190

RHSA-2021:1192

RHSA-2021:1193

RHSA-2021:1201

RHSA-2021_1192

RHSA-2021_1193

USN-4995-1

USN-4995-2

Affected Products

Alt Linux

Astra Linux

Centos

Linuxmint

Red Hat

Thunderbird

Ubuntu

PT-2021-18558 · Mozilla+6 · Thunderbird+6

CVE-2021-29949

Weakness Enumeration

Related Identifiers

Affected Products

References · 38