正文

Mozilla Thunderbird 命令注入漏洞

admin
admin V管理员 /0 评论 /10 阅读
0306
此篇文章发布距今已超过1171天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

Mozilla Thunderbird 命令注入漏洞

  • CNNVD编号:CNNVD-202107-831
    • <!--
  • 危害等级: 中危-->
  • 危害等级: 中危
  • CVE编号: CVE-2021-29969
  • 漏洞类型: 命令注入
  • 发布时间: 2021-07-13
  • 威胁类型: 远程
  • 更新时间: 2021-09-01
  • 厂        商:
  • 漏洞来源:

漏洞简介

Mozilla Thunderbird是美国Mozilla基金会的一套从Mozilla Application Suite独立出来的电子邮件客户端软件。该软件支持IMAP、POP邮件协议以及HTML邮件格式。

Mozilla Thunderbird 存在命令注入漏洞,该漏洞源于Thunderbird处理在STARTTLS进程之前发送的IMAP服务器响应的方式中存在问题。攻击者可利用该漏洞在STARTTLS握手之前发送任意的IMAP命令,并在握手完成后执行。

漏洞公告

目前厂商已发布升级补丁以修复漏洞,详情请关注厂商主页:https://www.thunderbird.net/zh-CN/

参考网址

来源:MISC

链接:https://bugzilla.mozilla.org/show_bug.cgi?id=1682370

来源:MISC

链接:https://www.mozilla.org/security/advisories/mfsa2021-30/

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021071380

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021080217

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/163677/Red-Hat-Security-Advisory-2021-2881-01.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.2425

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.2502

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.2534

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021072621

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.2556

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.2941

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/164001/Ubuntu-Security-Notice-USN-5058-1.html

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021071903

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.2433

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021071425

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.2376

来源:nvd.nist.gov

链接:https://nvd.nist.gov/vuln/detail/CVE-2021-29969

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/163684/Red-Hat-Security-Advisory-2021-2914-01.html

来源:access.redhat.com

链接:https://access.redhat.com/security/cve/cve-2021-29969

受影响实体

    暂无


补丁

  • Mozilla Thunderbird 命令注入漏洞的修复措施
    <!--
    2021-7-13
    -->