CVE-2021-29949

Published: Jun 24, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

When loading the shared library that provides the OTR protocol implementation, Thunderbird will initially attempt to open it using a filename that isn't distributed by Thunderbird. If a computer has already been infected with a malicious library of the alternative filename, and the malicious library has been copied to a directory that is contained in the search path for executable libraries, then Thunderbird will load the incorrect library. This vulnerability affects Thunderbird < 78.9.1.

Vendor	Product	Versions
Mozilla	Thunderbird	affected `unspecified - < 78.9.1`

References

https://www.mozilla.org/security/advisories/mfsa2021-13/

x_refsource_MISC

https://bugzilla.mozilla.org/show_bug.cgi?id=1682101

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-29949

Description

Affected Products

References