ArchLinux: 202106-22: thunderbird: arbitrary code execution
Summary
Mozilla developers reported memory safety bugs present in Firefox 88 and Thunderbird 78.10. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with enough effort some of these could have been exploited to run arbitrary code.
Resolution
Upgrade to 78.11.0-1.
# pacman -Syu "thunderbird>=78.11.0-1"
The problem has been fixed upstream in version 78.11.0.
References
https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/ https://www.mozilla.org/en-US/security/advisories/mfsa2021-26/ https://bugzilla.mozilla.org/buglist.cgi?bug_id=1602862%2C1703191%2C1703760%2C1704722%2C1706041 https://security.archlinux.org/CVE-2021-29967
Workaround
None.