Bug 1992423 (CVE-2021-29989)

Summary: CVE-2021-29989 Mozilla: Memory safety bugs fixed in Thunderbird 78.13
Product: [Other] Security Response Reporter: Doran Moppert <dmoppert>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: erack, jhorak, nobody, stransky, tpopela
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: thunderbird 78.13, firefox 78.13 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-08-16 13:28:41 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1990527, 1990528, 1990529, 1990530, 1990532, 1990533, 1990544, 1990545, 1990546, 1990547, 1990548, 1990549    
Bug Blocks: 1990542    

Description Doran Moppert 2021-08-11 03:58:29 UTC 
Mozilla developers Christoph Kerschbaumer, Simon Giesecke, Sandor Molnar, and Olli Pettay reported memory safety bugs present in Thunderbird 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.



External Reference:

https://www.mozilla.org/en-US/security/advisories/mfsa2021-35/#CVE-2021-29989
Comment 1 errata-xmlrpc 2021-08-16 09:29:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2021:3161 https://access.redhat.com/errata/RHSA-2021:3161
Comment 2 errata-xmlrpc 2021-08-16 09:40:35 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2021:3159 https://access.redhat.com/errata/RHSA-2021:3159
Comment 3 errata-xmlrpc 2021-08-16 09:42:50 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2021:3156 https://access.redhat.com/errata/RHSA-2021:3156
Comment 4 errata-xmlrpc 2021-08-16 10:01:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2021:3162 https://access.redhat.com/errata/RHSA-2021:3162
Comment 5 errata-xmlrpc 2021-08-16 10:06:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:3154 https://access.redhat.com/errata/RHSA-2021:3154
Comment 6 errata-xmlrpc 2021-08-16 10:11:33 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:3155 https://access.redhat.com/errata/RHSA-2021:3155
Comment 7 errata-xmlrpc 2021-08-16 10:19:56 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:3157 https://access.redhat.com/errata/RHSA-2021:3157
Comment 8 errata-xmlrpc 2021-08-16 10:37:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:3160 https://access.redhat.com/errata/RHSA-2021:3160
Comment 9 Product Security DevOps Team 2021-08-16 13:28:41 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-29989